Satellite web server questions
We currently have satellite deployed and was working. Due to changes in security policy the server had to be moved from where it sat on the network. I am basically just trying to see if I can get my sat server to work on 2 separate networks via one URL(if this can be done).
Previously we had one interface and it served both networks. We will call network1=10.0.0.0/24 for inside and network2=192.168.0.0/24 for outside traffic. We also previously had and SSL certificate for the sat servers url for sat.abc.com, then also subject alternative names for the cert to include the ip address of the sat server.
Due to the move I have added a new 2nd interface to serve the 2nd network. I also added the static route for that traffic. So from one of my outside servers I can ping the new sat servers 2nd interface that was dedicated for outside traffic.
DNS is used to ensure the name used in /etc/sysconfig/rhn/up2date to point to the sat server. Here is the line:
serverURL=https://sat.abc.com/XMLRPC
Since the sat server has now been split how can I get both sets of hosts to start pulling updates again? Can I just add another DNS entry for the 2nd interface to point to say sat2? Then reference that as the new server name in dns? So I will update the config to say "serverURL=https://sat2.abc.com/XMLRPC". Can I just add additional subject alternative names to the SSL cert for the new interface ip address and name that it will correspond to in dns like sat2.abc.com?
Will I need to update the webserver if its listening for all inbound traffic over port 443?
$ netstat -aunt | grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
Sorry its so long. I tried to be thorough.
Responses
I suspect that if each of your network segments had a dedicated DNS server you could actually use the same hostname to refer to both interfaces. However, this is bound to create an overly complicated configuration. You could also do as you suggested and create a different name for the 2nd interface but you would need to create a subject alternative name for this new hostname in your certificate.
Are you completely unable to route traffic between networks?
If you can't route between networks you could probably create a static route, for the primary IP of the server, for clients connected to the secondary interface which sets its gateway to the secondary interface of the Satellite server. Then traffic that hits that secondary interface could be forwarded directly to the primary interface (assuming forwarding is enabled in your kernel).
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
