PDA

View Full Version : Multiple IP Addresses, osx 10.4.8, Mac Book Pro


geordie_git
02-07-2007, 05:52 AM
Hi,

I've recently switched to a Mac from windows. One thing that I can't work out is how to assign multiple IP Addresses to the on board NIC.

I know this can't be done in the gui, therefore, I assume this must be possible at the back end somehow?

Thanks in advance!
Cheers
Graham

displaced
02-07-2007, 08:02 AM
It certainly can be done via the GUI!

I'm reciting this from memory (at work on a PC at the mo!) but it's something like:

- Go to System Preferences > Network.
- Choose 'Show network port configurations' (or something)
- Find the one for built-in Ethernet
- Click 'Duplicate'

You can now configure each instance with different settings, and you're done.

ElectricSheep
02-07-2007, 09:02 AM
If you just need to quickly assign an IP/subnet alias to an interface, you can do it with the ifconfig command in the Terminal.

sudo ifconfig <if> alias 198.0.2.77/24 where <if> is the interface you want to add an address to (en0, en1, etc)

geordie_git
02-07-2007, 10:03 AM
Hi There,

Thanks for the tips, I never knew that you could create duplicates!

A windows switcher handbook would be very handy!!

Cheers

Graham

geordie_git
02-07-2007, 11:02 AM
Hi,

I've added a number of IP Address via the gui, but it does not seem to work. I can't ping any of the new IP Addresses from the network utility. I've rebooted the Mac, but no change.

I've changed the order of the configurations as well, so they are in order.

Am I missing something else?

Cheers

Graham

yellow
02-07-2007, 11:04 AM
Are you trying to assign them so they are simultaneously available?
Or are you attempting to have multiple static IPs that you can switch between?

JDV
02-07-2007, 11:11 AM
I asked a rather similar question but have not yet received a response. Whether you situation is similar to mine, I don't know. I have multiple IPs assigned to a network card and they ARE visible on the other side of my router, but I can only ping the first IP internally. I'm still trying to figure out why. Yellow: At least in my case, I want the simultaneously available. And the ARE...but not inside my building. I'm perplexed.

Joe VanZandt

yellow
02-07-2007, 11:19 AM
Hmmm.. I've never encountered multiple IPs assigned to a single NIC all appearing simultaneously.

If you don't mind me asking.. what's the point of that?

JDV
02-07-2007, 11:25 AM
I want my website to be on a different IP from other functions on the server. Believe me, this actually works from the outside. I'm still puzzling out why it doesn't work internally.

Joe VanZandt

ElectricSheep
02-07-2007, 11:46 AM
The ability to have multiple IP addresses on the same physical interface is very useful if one wants to have multiple services running in jailed environments on the same physical machine. Each jailed environment can have its own IP address given to it. From the outside and from the standpoint of the service, it looks like a completely different host.

geordie_git
02-07-2007, 12:27 PM
The reason is to have access to multiple subnets, that are physically on the same network, but are in different IP Address subnets. It's a development environment. The IP Subnets are not physically separated.

This enables me to have several development environments working on the same network switch, but I need to be able to access them from the one network connection.

Therefore I need to be able to assign different IP Addresses to the one NIC, but for all of them to be usable at the same time.

I get around this problem at the moment, by using XP in Parallels, which works fine. However, as I can use the Remote Desktop Connector on the Mac, the only reason to fire up XP is to remote control the servers. If I can get multiple IP Addresses to work on the Mac, I won't need to start XP.

Makes me life easier (a bit!) if I can get this one sorted.

Cheers

Graham

ElectricSheep
02-07-2007, 04:01 PM
Try adding the addresses from the command line.

I've done it here with both wireless and wired interfaces, and they work just fine (ARP entries are correct on another machine on my LAN)

It sounds like an environment that might benefit from a VLAN implementation, but you'd need a managed switch infrastructure.

cwtnospam
02-07-2007, 04:53 PM
I saw this thread, and out of curiosity, I duplicated my "Built-in Ethernet" port in Network Port Configurations, and then edited the copy. I changed the ip address to configure manually and set a local address, subnet mask, and provided the router info. I'm apple to ping that address, as well as the DHCP provided address, both from my Dual G5, and from my wife's iMac. The only thing I don't know is, how would I specify which network port to use for a given application?

JDV
02-07-2007, 08:49 PM
I'm apple to ping that address,

That's got to be a variant on the Freudian slip, I think.

I assure you, it works perfectly well in my setup when the machine is either on the same subnet OR is external to our router. My problem is that our INTERNAL network (10.0.0.x) machines can't see it, even though they can see the initial address and all other machines on our external network and the whole rest of the internet. That's what has me bedeviled. I can't see why they can't see it!

Joe VanZandt

cwtnospam
02-07-2007, 08:59 PM
My problem is that our INTERNAL network (10.0.0.x) machines can't see it,
I'm thinking your problem is with the internal router, but I don't know how I'd fix it, other than restart the router.

My question is, how do you assign, for example, a web server to one ip address, and an ftp server to another? Or do they each answer to whomever calls, and leave that up to DNS entries?

JDV
02-07-2007, 09:11 PM
Well, you just set the webserver up to be on the address you assign it (and list in the DNS servers) and it listens on port 80 on that address. Our FTP server is on a different IP on the same machine. They behave like two different network cards. Of course, this doesn't have heavy traffic or that might be a problem, but more moderate loads, the hardware has no problems.

I'm also thinking it must be router related, but haven't figured out exactly how yet. I'm open to good ideas!

Joe VanZandt

cwtnospam
02-07-2007, 09:14 PM
Well, you just set the webserver up to be on the address you assign it (and list in the DNS servers) and it listens on port 80 on that address.
I knew it was a bad example when I posted it! What I'm really asking is how do I browse from one address in Safari and from the other in Camino?

JDV
02-07-2007, 09:29 PM
As I am doing this on a server, that particular question has never occurred to me. If I think of a good answer, I'll post it.

Joe VanZandt

ElectricSheep
02-07-2007, 10:55 PM
Sounds like it could be a routing issue. What kind of router are you employing, and how is it configured?

geordie_git
02-08-2007, 03:14 AM
Hi,

Well, instead of using duplicate, I used 'new' instead and that seems to work fine!

I don't know why the duplicate would not play ball.

Thanks for your help.

Cheers

Graham

:D

ElectricSheep
02-08-2007, 12:06 PM
My guess is that the reason you are having trouble, JDV, is that the router only knows about two networks: 10.0.0.0/8 (private network), and 0.0.0.0/0 (everything else).

You've taken the 10.0.0.0/8 supernet and subnetted into into smaller networks. But, the router doesn't know about those subnets. It only knows about the supernet.

Machines on the outside can reach the hosts on the inside because those hosts, even though you put them on their own subnets, are still a member of the 10.0.0.0/8 supernet. So, the router takes the external request and forwards it to the internal network, where it is received by the appropriate host.

Machines on the inside that are on the same subnet can find each other because they use Address Resolution Protocol rather than going through the router. They send out a broadcast on their own subnet looking for the destination host. The host replies with a "Here-I-Am!" message, and they can see each other.

Machines on the inside that are on different subnets cannot see each other because they are trying to go through the router. But, the router doesn't know how to distinguish between all of the different subnets you have created. As far as the router is concerned, it only knows about the 10.0.0.0/8 supernet. The only sensible way to route traffic to 10.0.0.0/8 is from the WAN interface to the LAN interface, not from the LAN interface to itself.

JDV
02-08-2007, 03:40 PM
Actually, that isn't QUITE the circumstance. We have a set of IPs from our ISP which our main Cisco router handles; then there is a LinkSys (I think) router that creates the private network and provides connection to the main router. Your explanation may still be accurate, however, I'm going to have to think about it.

But here is an oddity. When I create a port using the configuration utility, ifconfig uses a broadcast IP identical to the actual IP; however, the original IP on en0 has a broadcast of xxx.yyy.zzz.255. Now, I can CREATE that using IFCONFIG and change that broadcast IP, but only if I first delete the port and create it manually. When I do THAT, believe it or not, it disappears from the outside world. So, I have to re-create the port....which changes the broadcast IP. I'm missing something here.

Nonetheless, I've decided to make the point moot. I'm still curious about the issue, but this machine has a second ethernet card in it connected to the internal network. I created site with the IP of 10.0.0.xxx which links to exactly the same site, and I am simply adding the 10.0.0.xxx address with the desired canonical name to the hosts file on the individual machines in our building. Thus, everyone can see it...just not in quite the same way.

The is is an inelegant solution, but it seems to work satisfactorily in this particular case. I do have a feeling that broadcast IP is implicated in this failure, because the internal machines see the first en0 IP with the .255 broadcast IP without problems, but not the second and third IPs on that card, but the OUTSIDE world sees them without complaining.

I've killed a lot more brain cells on this than it was worth. I knew I could go the other route from the beginning...it just seemed like the wrong thing to need to do.

Joe VanZandt