Honest Abe |
05-12-2018 08:24 AM |
confining kerberos to a single network interface
Hi LQ,
I am trying to set up a kerberos server in a visualised environment just for practice. I am following the steps from here
I was doing some background study on Kerberos and found a link where it was recommended to enable kerberos on a server with a single NIC.
Now my VMs have multiple NICs. Is there any way I can confine kerberos to listen to a specific NIC (ens4)?
My NICs -
Code:
[root@Cent-Pro ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:34:a2:77 brd ff:ff:ff:ff:ff:ff
inet 10.10.100.3/24 brd 10.10.100.255 scope global ens4
valid_lft forever preferred_lft forever
inet6 fe80::eebd:2f4f:40e7:8afd/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:08:31:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.103/24 brd 192.168.122.255 scope global dynamic eth1
valid_lft 2561sec preferred_lft 2561sec
inet6 fe80::6eaf:c96a:9f7d:f778/64 scope link
valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:1b:8f:ac brd ff:ff:ff:ff:ff:ff
inet 192.168.124.1/24 brd 192.168.124.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:1b:8f:ac brd ff:ff:ff:ff:ff:ff
[root@Cent-Pro ~]# nmcli con show
NAME UUID TYPE DEVICE
Wired connection 1 7cc55106-d5fa-390d-8fd4-9751acad75c1 802-3-ethernet eth1
ens4 f2afb056-ad47-4aa5-81df-2c3c4b11fe55 802-3-ethernet ens4
virbr0 06e8f8a5-e5d8-4a49-a809-2072bfa22237 bridge virbr0
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet --
I understand that I may be able to achieve this by putting ens4 on a specific firewall zone and opening the port only for that zone. Would this be possible ?
I have searched already in LQ, but didn't get any results. It'd be great if somebody could point me to right direction.
|