[Freeipa-users] ipa-server-install + NATTED interface question
Will Sheldon
mail at willsheldon.com
Mon Mar 31 19:13:30 UTC 2014
I had this issue as well.
It would be good to add a `curl icanhazip.com` check to the script to allow for 1:1 nat in places like AWS.
I successfully worked around the issue by allocating the external IP to an internal sub interface during the install:
so run:
ifconfig eth0:0 192.168.10.10 netmask 255.255.255.0 up
then try the install again.
Kind regards,
Will Sheldon
On Monday, March 31, 2014 at 11:59 AM, The Dude wrote:
> Hi all; avid user of both FreeIPA and IPA for a few years now. I have a unique situation that I hope someone can provide some insight, or help with. I am presented a private, and public (floating) IP after RX a VM from my IaaS provider. The 'public' IP is NATted, and not visible from w/in the VM, but is reachable outside of the VM.
>
> In other words, if you were to do an 'ip a': eth0 would return the private IP.
>
> 11.11.11.11 (private)
> 192.168.10.10 (public)
>
>
> Because the installer only sees the 11.11.11.11 address, it bombs saying that I can't use that public IP (being obfuscated by NAT). So, my question is: if I have to use the private IP for installs, what configs should I edit to make Apache/TC respond to the public IP as requests come into it?
>
> I have already modified the conf/server.xml file, and added an 'address' filed/property.
> Apache might need some mods, I headed over to the httpd.conf file and didn't see anything out of the ordinary (except there are 0 VirtualServer entries..)
>
> Ideas?
>
> Michael J. McConachie | keys.fedoraproject.org (http://keys.fedoraproject.org) | PubKey: 0xEDE583C4
> NOTE: The information included and/or attached in this electronic mail transmission may contain confidential or privileged information and is intended solely for the addressee(s). Any unauthorized disclosure, reproduction, distribution or the taking of action in reliance on the contents of the information are strictly prohibited. If you have received the message in error, please notify the sender by reply transmission and delete the message without copying, disclosing or forwarding.
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com (mailto:Freeipa-users at redhat.com)
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140331/81727de8/attachment.htm>
More information about the Freeipa-users
mailing list