Configuring the RAD Transport to Specify a Particular IP Address
The RAD daemon uses the TCP, TLS, and GSS transports to listen and service incoming connections. By default, these transports permit you to configure a port on which the daemon listens for any address on the particular system.
In addition, the RAD daemon permits you to use the addr
option to fine-tune a RAD transport configuration to bind to a specific IP address and to specify whether the connection from the client comes over a public or a private network interface. The IP address can be a host name or a network address.
When the RAD daemon binds to a specific address, you can separate traffic on public and private networking interfaces. For example, you might want to support different settings such as certificate and pam_service.
You can configure this behavior by modifying the existing rad:remote SMF service.
For example, you can use the addr option to distinguish between connections coming over private and public network interfaces and configure specific certificate and pam_service settings for each interface.
Example 1-1 Using the addr Option to Specify IP Addresses for the TCP Transport
The following command shows you how to configure the tcp transport to use the 192.168.18.18, 192.168.18.48, and host1.example.com IP addresses:
# svccfg -s rad:remote setprop https_port/addr = host: {192.168.18.18 192.168.18.48 host1.example.com} # svcadm refresh rad:remote # svcadm restart rad:remote
The following commands configure an additional RAD transport in the rad:remote
SMF instance to listen on addresses 10.0.0.10
and that of system1
on port 9999
:
# svccfg -s rad:remote svc:/system/rad:remote> addpg tls_port xport_tls svc:/system/rad:remote> select tls_port svc:/system/rad:remote> setprop tls_port/addr=host: (10.0.0.10 system1) svc:/system/rad:remote> setprop tls_port/port=9999 svc:/system/rad:remote> setprop tls_port/pam_service=rad-tls svc:/system/rad:remote> setprop tls_port/certificate=/etc/certs/localhost/host.crt svc:/system/rad:remote> setprop tls_port/privatekey=/etc/certs/localhost/host.key svc:/system/rad:remote> setprop tls_port/proto=rad # svcadm refresh rad:remote # svcam restart rad:remote