IP Aliasing, Virtual Memory, fuser and strobe Commands

How do I get multiple IP addresses on a single network card?


How do I get multiple IP addresses on a single network card?

This can be done using a technique known as “IP Aliasing.” This is standard in kernel versions 2.0.x and 2.2.x, and available in 2.4.x. You can also configure it as a loadable module (ip_ alias). How does it work? Well, it’s actually quite simple.

If you’ve compiled IP aliasing as a module, you will need to run:

#  /sbin/modprobe ip_alias

Next, determine the other IPs you need configured. For this example, we will use my home network. In this case, my master machine IP is 192.168. 0.1, and the aliased IPs on that same machine are, 192.168.0. 100, and (Note, these are all private IP addresses.) Basically, there is a very simple trick to bringing up new IP addresses — use a different Ethernet adapter/device name as shown in Figure One.

Figure One: IP Aliasing

#  /sbin/ifconfig eth0
# /sbin/ifconfig eth0:0
# /sbin/ifconfig eth0:1
# /sbin/ifconfig eth0:2

Figure Two: Adding Routes

#  /sbin/route add -net dev eth0
# /sbin/route add -host dev eth0
# /sbin/route add -host dev eth0:0
# /sbin/route add -host dev eth0:1
# /sbin/route add -host dev eth0:2

Your machine is now serving requests for all four IPs. It does this by creating virtual Ethernet devices for handling these requests. Now this is the manual way of doing things, and for the sake of completeness, adding routes is also a very sensible idea. This is shown in Figure Two. On top of this, you should add your default gateway as usual:

#  /sbin/route add default  gw

This can be also done in the configuration files. For example, in Debian, this would be done by adding a new interface in /etc/network/interfaces for each IP you wish to alias. I’ve done this for just one of the devices:

iface eth0:0 inet static

Alternatively, on a Red Hat system, this may be done by running netconfig at the command prompt or by editing /etc/sysconfig/networking-scripts/ ifcfg-eth0 directly (or ifcfg-<whatever device you wish to alias>):


Different distributions have similar methodologies for adding extra devices. Consult your manual or distribution provider’s homepage for more information. Failing all else, it is equally possible to simply do this manually at the command line or via rc.local during the boot sequence using the manual method described above.

IP Aliasing is immensely useful. It can be applied to business-level situations, such as hosting multiple SSL servers on a single machine, or for something as trivial as changing your hostmask when visiting IRC. While the above example is purely for a local network, the exact same methods may be used when configuring a device for real Internet addresses.


I keep running out of virtual memory! Is there any way to add more virtual memory on the fly without repartitioning?

First off, it should be noted that if your system is getting so loaded that you’re running out of virtual memory, you should probably consider buying some actual RAM. The performance implications of relying on virtual memory are horrific. Alternatively, if it is because of a futz a long time ago in not allocating sufficient virtual memory, there is a way out — using a loopback file to allocate some space from a currently mounted disk. To do this, you will need to ensure that you have the loopback filesystem support compiled into the kernel.

To describe how it works, lets look at it in comparison to a normal device. In a normal situation, a device will be associated with a physical partition or drive with a single device entry. The beauty of loopback is that it provides a device that specifically associates itself with a single file. There are countless ways to use this to one’s advantage. For example, a whole userspace environment could be created within a loopback file. From there, the whole userspace could be moved from host to host by simply transferring a single file. However, in this case, we will be focusing on the creation of a loopback device for the purposes of creating more swap space. First, we need to create the loop device:

#   mknod /dev/loop0 b 7 0

This will create a block (buffered) special file with major number 7, minor number 0. Now, we create the file that you will use to allocate yourself more swap memory. dd is the best program for this task.

# dd if=/dev/zero of=swapfile  bs=1024 count=65536

This will return:

65536+0 records in
65536+0 records out

You now have a 64 MB file full of zeros. Create the file as large as you would like. It’s a good idea to have about twice as much swap as physical memory.

From here, we now need to associate this file with /dev/loop0. This is done with the losetup utility.

#  losetup/dev/loop0/swapfile

Now the device may be treated just as any other form of disk space. Since we want to turn it into swapspace, we need to use mkswap:

#  mkswap swapfile

which returns:

Setting up swapspace version 0, size = 67104768 bytes

From here, the system simply needs to start using the memory. The easiest way to do this is simply by typing:

#  swapon /dev/loop0

This will be immediately evidenced while running free. Presto! You now have another 64 MB of swapspace. Linux can have up to eight separate swapspaces. Adding swapspace like this is a bit of a hack, and in reality should only be done during times of intense CPU and memory utilization, as a last resort. That said, there are a number of people who simply prefer to mount their swap in this manner.


I seem to have an application that has a port open on my Linux machine. How can I find out what process owns that open socket?

If you have open sockets on your computer and you don’t know what they’re for, you have a problem. It may be as simple as forgetting that you were running a copy of ORBit. However, it can also be something sinister; some cracker might have installed a malicious ssh-esque daemon for allowing them entry to your computer. Either way, it’s best to be certain about what is running on your computer.

First of all, it’s a good idea to do a quick sweep of your host machine. My personal tool of choice is strobe (although nmap is also very effective):

# strobe

Strobe will try to open every socket sequentially, in a bid to find out which have applications running on them and which are waiting to receive incoming connections.

Figure Three: Strobe Return                   80 http              www     www-http World Wide Web HTTP
www World Wide Web HTTP [TXL]

For example, say you get a return along the lines of Figure Three and you don’t recall running a Web server on port 80. Perhaps this is something worth checking into. To that end, let’s see what process is working with port 80. There are a few ways of doing this. lsof and fuser are amongst the more popular. fuser‘s explicit purpose is to identify processes using files or sockets. It’s very useful for figuring out which user has a file open and is stopping you from being able to unmount, so that you may ruthlessly smite them. But that’s a different story. lsof, which stands for “list of open files,” does exactly that — lists the files and sockets currently in use by the system.

Figure Four: Running fuser

#  fuser -v 

80/tcp root 12509 f apache
root 12510 f apache
root 12511 f apache

So, to solve our problem, let’s give fuser a try, as in Figure Four. Basically, it is process 12509..12511 being run by root. We can safely see that this is apache. Similarly, lsof, with an adequate amount of grepping, will provide us with a similar output:

#  lsof -i -n -P | grep 80  | grep LISTEN

But what does this enable us to do? It lets us identify what is on a socket. Also, when you have other processes with files open, lsof and fuser again prove their worth by showing you users and processes that you need to tweak to be able to access a file, unmount a filesystem, etc. Its uses are endless.

Quentin Cregan is a tech consultant and sometime student from Australia. He can be reached at qc@sensed.com.

Comments are closed.