Configuring IP aliases cleanly on Debian

I like using different IP addresses for different services on my internal network. Thanks to RFC1918 this is no problem at all, as there are several network ranges dedicated for private networks. Using a firewall with that supports NAT (something people didn’t think of yet when writing the RFC) gives a maximum amount of flexibility when moving services around between servers and keeping things simple.

Setting up network interfaces with multiple interfaces is not really supported by Debian’s ifupdown tools. Yes you can do this easily by adding the necessary calls to the ip utility to your network interface definitions, but this is ugly and error-prone. That’s why I came up with the attached script, which adds support for the keyword aliases to your /etc/network/interfaces configuration so you can define additional IP addresses like this:

iface eth0 inet static

Bringing up or down the interface will automatically add or remove the aliases. Please note that aliases added this way should always be on the same network as the primary address of the interface. To have multiple addresses on the same physical interfaces you need to use vlan’s or alias devices.

To install the script on you Debian host, simply save the script attached to this post as a file called aliases in your current directory and execute the following commands as root:

chmod 755 aliases
chown root.root aliases
cp aliases /etc/network/if-up.d
ln -s ../if-up.d/aliases /etc/network/if-down.d

And add your aliases to your devices in /etc/network/interfaces

Welcome to my relaunched Blog

Welcome to the relaunched version of my personal blog. After little over 18 months of inactivity I have decided to start all over. The key reason for this is that I am in the middle of a complete overhaul of my network and server infrastructure. After over 6 years of organic growth and adjustments things just need a cleanup. During this I expect to have to sort out a lot of stuff to make things working that I plan to write about here, so this place will probably be mainly technical in the beginning. I do expect to start writing about non-technical stuff too here (in due time) when I feel sharing my opinion about something may make a difference.

The old blog that I started more than 5 years ago on this address has moved here, just in case there is still something of use for anyone there. I do expect to go through that in due time, move still relevant articles/information over to this one (obviously in an updated fresh post) and drop the old (no longer supported) application.

Even though there are a lot of fantastic (even free) services for hosting your private blog, mail and other infrastructure "in the cloud", I have consciously decided to continue hosting and operating my blog, other web services and e-mail myself. The key reason for this is that it just gives you a lot more flexibility and I still think it’s fun to be busy with this stuff (bear in mind, I am no longer allowed to play with stuff that much during my day job). Another important reason for this decision is that I do not want to become dependent on things I cannot control or press the reset button for myself. I once read a great summary on Chris Brogan’ blog of what happens if Google decides to block your account. Yes this is definitely an incident, but I am just not sure what Google and all free providers competing with them are up to (you may call me paranoid, that’s fine though it will make me think you are naive). In the end they will have to make money somehow and if they fail, simply close down services or turn the service in a paid or ‘fremium‘ variant, leaving you little choice how to proceed.

For this blog I have decided to use Pebble, a java blogging system, running on a Glassfish v3 Open Source Edition application server as it suited my needs. The hosting server is a VM running Debian Linux on VMWare ESXi (the free version) This is all still an experiment and in its early stages (hence the default layout and theme, that will change soon, don’t worry).

More later… feel free to comment!