1. Remote Administration Daemon Client User's Guide
  2. Introduction to the Remote Administration Daemon
  3. Configuring RAD Transports
  4. Configuring the RAD Transport to Specify a Particular IP Address

Configuring the RAD Transport to Specify a Particular IP Address

The RAD daemon uses the TCP, TLS, and GSS transports to listen and service incoming connections. By default, these transports permit you to configure a port on which the daemon listens for any address on the particular system.

In addition, the RAD daemon permits you to use the addr option to fine-tune a RAD transport configuration to bind to a specific IP address and to specify whether the connection from the client comes over a public or a private network interface. The IP address can be a host name or a network address.

When the RAD daemon binds to a specific address, you can separate traffic on public and private networking interfaces. For example, you might want to support different settings such as certificate and pam_service.

You can configure this behavior by modifying the existing rad:remote SMF service.

For example, you can use the addr option to distinguish between connections coming over private and public network interfaces and configure specific certificate and pam_service settings for each interface.

Example 1-1 Using the addr Option to Specify IP Addresses for the TCP Transport

The following command shows you how to configure the tcp transport to use the 192.168.18.18, 192.168.18.48, and host1.example.com IP addresses:

# svccfg -s rad:remote setprop https_port/addr = host: {192.168.18.18 192.168.18.48 host1.example.com}
# svcadm refresh rad:remote
# svcadm restart rad:remote

The following commands configure an additional RAD transport in the rad:remote SMF instance to listen on addresses 10.0.0.10 and that of system1 on port 9999: 

# svccfg -s rad:remote
svc:/system/rad:remote> addpg tls_port xport_tls
svc:/system/rad:remote> select tls_port
svc:/system/rad:remote> setprop tls_port/addr=host: (10.0.0.10 system1)
svc:/system/rad:remote> setprop tls_port/port=9999
svc:/system/rad:remote> setprop tls_port/pam_service=rad-tls
svc:/system/rad:remote> setprop tls_port/certificate=/etc/certs/localhost/host.crt
svc:/system/rad:remote> setprop tls_port/privatekey=/etc/certs/localhost/host.key
svc:/system/rad:remote> setprop tls_port/proto=rad
# svcadm refresh rad:remote
# svcam restart rad:remote