Force certain services to use specific network interface?

[PhillyMJS]

Ok, the explanation is lengthy, so bear with me here…
I’ve got Tiger Server running at home on an old G4 with an extra Ethernet card. The built-in 10/100 is used for the WAN connection. The additional card is 10/100/1000, so I use that to connect to my LAN.

I’ve got DSL with multiple static IPs. I have a 5-port switch connected to the DSL modem to split the WAN connection. One cable goes from the switch to the WAN port on the server, and the other goes to the WAN port of a Linksys router which does nothing but act as the gateway for all the machines on the LAN.

The server does DNS and DHCP, and mail. It is an OD master, and my accounts are mobile homes. The server also provides Software Update service.

I have the WAN connection on my server listed first, followed by the LAN connection, because I want the server to use the WAN for pulling down software updates and other things (Yes, I know it’s all ultimately using the same bandwidth, but I like to keep things separated). I noticed that my mobile homes were syncing much more slowly than they should over gigabit, and when I investigated I discovered that the clients were in fact connecting to the server via the 10/100 WAN connection. I solved that by changing the home directories to use the server’s LAN IP address instead of the server’s DNS name.

The Software Update service, on the other hand, isn’t so easy to fix. No matter what I do, the clients insist on connecting via the WAN interface on the server– even if I specify the LAN IP address of the server as the Software Update server. If I block the SUS port on the WAN interface via the firewall, SU on the client machines stops working.

If I reorder the network interfaces so the LAN is first, all the server’s outbound traffic goes through the Linksys. Is there a way to get this to work the way I want it (i.e. all traffic outbound from the server uses the server’s WAN interface, but all traffic inbound from the LAN clients uses the server’s LAN interface)?

If anyone can’t wrap their mind around what I’ve described above, let me know and I’ll whip up a quick diagram of my network and post a link to it.

TIA,

~Philly

[fherbert]

Why not do away with the linksys router and make the os x server be the LAN gateway?

[arekdreyer]

If you are pointing to your internal IP addresses for network home directory, you can’t sync when your not at home, right?

[PhillyMJS]

[QUOTE][u]Quote by: arekdreyer[/u][p]If you are pointing to your internal IP addresses for network home directory, you can’t sync when your not at home, right?[/p][/QUOTE]
Correct.

[PhillyMJS]

I may have found a solution to this problem. I was horsing around in Terminal and looked through /usr/share/swupd/html.

I noticed the index.sucatalog files, and loaded one into my browser. No matter what I do, the updates are always listed with “myserver.mydomain.org” in the URL– the external name.

I did a quick find and replace on the file via perl: “perl -i -pe ‘s/mydomain.org/mydomain.lan/g’ index.sucatalog”

Voila! The client machines now pull their software updates across my internal network, they don’t “go out and come back in” via the WAN connection. I have only done a couple updates, but the speed is much faster and there have been no ill effects. Having said that, YMMV- duplicate my efforts at your own risk. 🙂

Note: I originally stopped the Software Update service before doing the find-replace, then restarted it. That was no good, the file was refreshed back to using mydomain.org as soon as I started the service again.

I guess the way to force the behavior I want would be to grep ‘mydomain.org’ from the index.sucatalog file every so often, and run the find-replace one-liner when needed.

Hopefully this is something that will be able to be set in Server Admin in a future version of OS X Server.

~Philly

[Author]

Posts