I honestly can't think of a way to describe this setup in only a subject so I hope you guys get this...

Here is my setup.

A Linux box with two physical ethernet interfaces. eth0 serves the LAN, eth1 provides connection to the Internet. It serves as the router using iptables

The box also has some other interfaces - Linux Hamachi (ham0), OpenVPN (tun0), and poptop (ppp0, created on demand)

I have recently taken on a position as a tester for a Linux-based server project. One thing i need to do for this is test some various configurations involving Apache and so on. (read on)

The environment that they use is capable of running entirely within a chroot jail. I am able to successfully chroot into the environment and run many binaries, and it's the next best thing to a virtual machine. ;-)

Here is the problem however. I have an apache listening on port 80, on my main setup. Therefore, obviously the Apache within the testing environment won't be able to use port 80 of eth0. Right now this apache listens to port 80 on all interfaces.

I was thinking of using IP aliasing to solve this, by giving eth0 a second IP address and then configuring the Apache within the chroot to only bind to that IP.

There is one problem.

The host Apache would then have to be told NOT to listen on that IP alias, right?... And this is a problem because I do want the primary Apache listening on ALL interfaces (eth0, eth1, ham0, ppp0, tun0, etc) EXCEPT the IP alias. This is even more complicated by the fact that pptpd creates the ppp0 interface on demand, so configuring apache with a listen directive for that interface won't work!

And on top of that my external Internet IP may change, meaning I'd have to be updating apache's conf files an awful lot!

And Apache isn't the only service we may need to test. Also may have to work with some other solutions - ProFTPd, MySQL, Bind, etc.

I could theoretically write some messy scripts to accomplish this - to monitor ifconfig's output for changes and rewrite the listen directives then SIGHUP apache.. But this seems to be a mess, and it may not even work for all daemons. Depends on how they work. It's already annoying that the listen directives are based on IP and cannot be given simply an interface name.....

I really don't want to just break down and setup a virtual machine for this setup - it seems to me there has to be a way to make this work. A VM would require a disk image, more memory than doing it with chroot, and so on. My server does have limited resources so running this in chroot would be excellent. But I have never seen any documented methods for telling a daemon to listen on "all but this interface."

I hope I got the idea of what I'm trying to do across... and hope that someone might have some useful advice?

Thanks

fm

One obvious question is, why not have apache listen on a different port?
"Listen 81" in your httpd.conf for it to listen on port number 81.

That would work for Apache but not for all other services.

Let's assume I configure this as expected. One service I may need to run for testing purposes is Bind, which is on port 53 and isn't really useful without it there.

Suppose I set this up so my Linux box's main IP is 192.168.0.1 and I want to give it the virtual IP 192.168.0.2 to host these test services. What I'd then do is want to put a Bind on 192.168.0.2, and another Bind on 192.168.0.1, my internet's IP, the VPN (because my VPN clients use my local bind for DNS resolution) and so on.

Then some other machine on my network would be configured to use 192.168.0.2 as its DNS server.

So I could put Apache on another port for testing purposes but beyond that not much else will work.

Any more ideas?

fm