Results 1 to 10 of 10

Thread: IP usage

  1. #1
    Join Date
    Mar 2007
    Posts
    48

    IP usage

    How do you prevent people from using different IPs on a machine that has a couple VPS clients on it.

    If client A has xxx.xxx.xxx.100-xxx.xxx.xxx.103 and client B has xxx.xxx.xxx.104-xxx.xxx.xxx.105. How do you prevent client B from using client A's IPs? Can't he easily modify the config file for his ethernet device to use an IP that hasn't been assigned to him but is assiged to someone else on the same machine?

  2. #2
    There will be a IP conflict and changes cannot be made.

  3. #3
    Hello,

    We should also need to check sysctl.conf file in /etc. If this file is in /etc directory, then remove it and after that do the command

    touch sysctl.conf and restart the networking services and see, if its ant helps.

  4. #4
    Join Date
    May 2009
    Location
    SLASH ROOT
    Posts
    853
    May I know the type of network your host provides?

    If the IP's can be subnetted and routed through separate VLANs, you can ensure the IP security.

    say, Client A will have a subnet 1.x.x.x/yy routed through a separate VLAN and Client B will have a subnet 2.x.x.x/zz routed through another.

    But do check with your host if their n/w configuration allows that.

  5. #5
    Join Date
    Mar 2007
    Location
    United Kingdom
    Posts
    181
    The virtualisation software should provide for this scenario, but of course depends what you run.
    UK, Chicago, & Singapore Fully Managed Cloud VPS
    UK & Arizona Jelastic Java, PHP & Ruby PaaS

    Comprehensive SLAs, backups, full SSD, rebootless kernel updates.
    Experienced managed hosting provider since 2001. True 24x7 Support & Server Management

  6. #6
    You have to check it through virtual software as it will provide this thing and will be a solution for you but still it depends!

    Thank you!

  7. #7
    Join Date
    Feb 2004
    Location
    Bay Area, CA
    Posts
    521
    I am confused by these replies... they don't seem to make any sense to me at all (except for whrss) based on the original question so I'll offer some insight

    Most virtualization technologies should have a way to create virtual networks and tag VLANs on the physical uplink. In VMware ESX and XenServer you can do this. This way you can assign a single subnet (such as a /29 or /30) to a VLAN and then setup the VPS to run only on that VLAN.

    In the scenario where you don't control the subnets and routing it is harder to do this. You would need some sort of transparent firewall appliance or device in front of the physical server where you could prevent ARP / lockdown ARP for specific MAC addresses (assuming the VMs have unique MAC addresses on their virtual network cards). Some layer 3 switches might also let you do something like MAC to IP lockdown (static ARP?)

    If this is a server provided to you by a provider and you are not managing the infrastructure though then it is hard to do this. In this case it would probably make more sense to try and get multiple smaller subnets from your provider instead of assigning customers individual IPs on the same subnet. This helps with 'user error' at least and makes it easier to implement VLANs in the future.
    Last edited by eger; 07-14-2009 at 12:40 PM.

  8. #8
    Join Date
    Mar 2007
    Posts
    48
    Thanks whrss and eger. Thats exactly what i was looking for.

    I'll be running my own network with XenServer.

    Are there advantages to running a client on each subnet vs MAC to IP lockdown? If so, what are they?

  9. #9
    Quote Originally Posted by Rakesh231182 View Post
    Hello,

    We should also need to check sysctl.conf file in /etc. If this file is in /etc directory, then remove it and after that do the command

    touch sysctl.conf and restart the networking services and see, if its ant helps.
    Are you for real? Why don`t you just delete the whole /etc dir and see how it goes! God!

    Separate Vlans and subnetting is what you need.

  10. #10
    Join Date
    Feb 2004
    Location
    Bay Area, CA
    Posts
    521
    Quote Originally Posted by hyeteck View Post
    Thanks whrss and eger. Thats exactly what i was looking for.

    I'll be running my own network with XenServer.

    Are there advantages to running a client on each subnet vs MAC to IP lockdown? If so, what are they?
    Subnetting and VLANs have advantages to being more easily managed (if a customer were to move servers or equipment around it is MUCH easier to move a subnet from one VLAN/port to another than if that subnet were shared). It can also help with client problems such as broadcast storms and other inter-subnet related traffic. If it were all on a shared subnet this might affect everyone. If each client was on their own subnet a broadcast storm is less likely to affect others.

    It can also help user error. For example, if a customer has their own subnet and tried to use an IP out of their subnet, it would not work since the subnet mask would be incorrect and the gateway wouldn't be in the subnet. If you ever need to shut off a customer or null route their space for an abuse issue it is easier to null route a small subnet or remove the subnet from an interface that to create statements for individual IP addresses.

Similar Threads

  1. CPU Usage on VPS
    By sachinonline6 in forum VPS Hosting
    Replies: 7
    Last Post: 10-07-2008, 09:03 AM
  2. want ask about VPS and ram usage
    By Same11 in forum VPS Hosting
    Replies: 5
    Last Post: 05-08-2008, 12:49 PM
  3. Server Load/CPU Usage/Memory Usage
    By -YaYa- in forum Running a Web Hosting Business
    Replies: 18
    Last Post: 02-11-2006, 12:43 AM
  4. Httpd 99% usage Sql 99% Sshd 99% usage
    By Energizer Bunny in forum Hosting Security and Technology
    Replies: 17
    Last Post: 10-15-2005, 04:20 AM
  5. server load, cpu usage, memory usage
    By Nullified in forum Programming Discussion
    Replies: 4
    Last Post: 12-31-2004, 08:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •