1

I have a web server with multiple IP addresses that needs to connect to a database server. The DB server is behind a firewall that's controlled by an IP address whitelist. (If it matters, it's an Oracle server.) Is there a way to specify the IP address used by the web server in the OracleConnection, so that only one IP needs to be added to the whitelist?

I see there are a few similar questions about specifying outgoing IP addresses (such as this one and a couple linked from there), but none that specifically mention database connections.

Community
  • 1
  • 1
Andy
  • 856
  • 9
  • 26
  • Why the close vote? Why is this off-topic? – Andy May 17 '11 at 22:27
  • don't worry, in this case the "close" vote (if it gets enough votes) is not to delete the question, but to move it to serverfault, where you'll get access to a wider range of networking professionals. – Jeffrey Kemp May 18 '11 at 05:16
  • @Jeffrey Kemp: That's what I wanted to know. I assume by the votes that a programmatic solution is unlikely, and therefore ServerFault is a better place to ask about this? – Andy May 18 '11 at 13:43

3 Answers3

2

The database side doesn't come into play (much).

On my simple network, I have a modem/router that gets an internet IP address from my ISP and has a different IP address for the local network. I have configured it to forward requests made on port 80 (the port used for HTTP requests) to a particular IP address on my local network.

IP addresses can by allocated dynamically (DHCP) or statically. Because I want my HTTP requests to go to a particular machine, I need that machine to always have the same IP address. One way to do that is have the machine request a static IP address when it connects to the network. Another is to have the router dynamically allocate an IP address but to always use a specific one for a specific MAC address. I've gone the latter route. Which you choose to do and how you do it depend on your situation (eg OS and network setup).

In your situation you want the local network addresses to be static for both the database server and the web server. That's really a networking issue.

The only time that programming may come into play is if you have multiple network ports. Take my laptop. It has a WiFi card and an Ethernet port. Each of those has a unique MAC address (actually every network device in the world has a unique MAC address). I can connect either or both of those ports to a single network or to two different networks.

If I connect both devices to the same network, they must have different IP addresses because an IP address needs to be unique to a network so the network knows where to send the messages. If I connect them to two different networks, then they might get the same IP address. [The Internet is one big network, but local area networks (LANs) are independent.]

If your machine has multiple network connections, you may need to direct a particular connection to a certain network (so I might always want my db connections to use the eth0 port and other things to use and eth1 port).

Gary Myers
  • 34,963
  • 3
  • 49
  • 74
  • Actually, there is a way that two network cards will be assigned the same IP address to respond to on the exact same network. This can happen whether the cards are on the same or different servers. This feature is used by machines in a clustered environment, typically for fail over scenarios. – NotMe May 18 '11 at 21:48
1

Generally speaking for a web server, you have one or more externally addressable IPs, but only one internal one.

The internal address is what is connected to your internal network for communicating with things like database servers. The external ones are used when outside clients connect or for outbound communications..

NotMe
  • 87,343
  • 27
  • 171
  • 245
  • I've seen a problem in another application on another server (Win 2008; this one happens to be Win 2003) wherein it seems to use a different IP address each time the server is restarted or something. Should I expect the internal IP address to always be the same? – Andy May 17 '11 at 22:19
  • This is not an answer. Just like to point out that our HP Proliant server has two ethernet ports and therefore two ip addresses that is accessible from the intranet. I'm not sure which ip address it uses to connect to databases and such but I guess it can use either. From how I understand it, if one connection fails, it will try the other - a different IP address. – Mel May 18 '11 at 05:55
  • @Andy: the main reason an IP address changes is if it is DHCP'd versus hard assigned. A server really shouldn't be DHCP'd for a variety of reasons. If the IPs are hard assigned, then the other reason is if both IPs point to the internal network. At which point the server is going to pick the primary one based on driver settings, TEAMing in use, and a variety of other options that may be set. – NotMe May 18 '11 at 21:43
  • @Mel: Actually, it depends on how your connections are configured. Depending on the chips used by the ports and drivers in use they could be load balanced (called TEAMing), or failover, or it could be pretty much random which one a particular packet goes out of. The system administrator would know. – NotMe May 18 '11 at 21:45
  • Thanks for the explanation. I have much to learn about what goes on "under the hood" in a connection, I see. I was hoping there would be a programmatic solution (e.g. a property I can set) but now I can see why that isn't exactly feasible. – Andy May 18 '11 at 21:57
0

I would assume that the "multiple IP addresses" are in the DMZ (external network) , and that the database server is in a different (internal) network, no? You should not have this problem.

cdonner
  • 37,019
  • 22
  • 105
  • 153
  • I'm not following you completely. The database server has a machine-level firewall, but it's in the same internal network as the web server. I added one of the IP addresses to the whitelist, but watching the logs on the DB server, we saw that the web server was connecting with one of the other IP addresses. I want to know if I can specify which IP address to connect with, and if not, can I be sure that it will always use that IP address. Does that help? Thanks. – Andy May 17 '11 at 22:25