[Freeipa-users] ipa-server-install + NATTED interface question

[The Dude]

Hi Will,

Hilarious. It's always after you hit 'enter' when sending emails to distro lists that you realize what you should have done. (I did what you mentioned below moments after sending out the email to the list.)

None the less, I wanted to say THANK YOU for responding. Hopefully, it will help others out there.

Have a great day,

Mike



Date: Mon, 31 Mar 2014 12:13:30 -0700
From: mail at willsheldon.com
To: michael.mcconachie at hotmail.com
CC: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] ipa-server-install + NATTED interface question


                
                    

                I had this issue as well.
It would be good to add a `curl icanhazip.com` check to the script to allow for 1:1 nat in places like AWS.
I successfully worked around the issue by allocating the external IP to an internal sub interface during the install:
so run:
ifconfig eth0:0 192.168.10.10 netmask 255.255.255.0 up 
then try the install again.

                

Kind regards,



Will Sheldon


                 
                On Monday, March 31, 2014 at 11:59 AM, The Dude wrote:
                
                    


Hi all; avid user of both FreeIPA and IPA for a few years now. I have a unique situation that I hope someone can provide some insight, or help with. I am presented a private, and public (floating) IP after RX a VM from my IaaS provider. The 'public' IP is NATted, and not visible from w/in the VM, but is reachable outside of the VM.

In other words, if you were to do an 'ip a': eth0 would return the private IP.

11.11.11.11 (private)192.168.10.10 (public)


Because the installer only sees the 11.11.11.11 address, it bombs saying that I can't use that public IP (being obfuscated by NAT). So, my question is: if I have to use the private IP for installs, what configs should I edit to make Apache/TC respond to the public IP as requests come into it?

I have already modified the conf/server.xml file, and added an 'address' filed/property.Apache might need some mods, I headed over to the httpd.conf file and didn't see anything out of the ordinary (except there are 0 VirtualServer entries..)

Ideas?

Michael J. McConachie | keys.fedoraproject.org | PubKey: 0xEDE583C4
NOTE: The information included and/or attached in this electronic mail transmission may contain confidential or privileged information and is intended solely for the addressee(s). Any unauthorized disclosure, reproduction, distribution or the taking of action in reliance on the contents of the information are strictly prohibited. If you have received the message in error, please notify the sender by reply transmission and delete the message without copying, disclosing or forwarding.
 		 	   		  
_______________________________________________Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
                 
                 
                 
                 
                
                 
                
                    

                 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140331/5af922f1/attachment.htm>