How to determine the IP adrreses on a server

[phall472]

Hello

I have a dedicated server running Debian Lenney, through a hosting service, which is supposed to have 8 static IP addresses.

I have one domain name. I would like to have two more domain names pointing to a different IP address.

However the hosting company tells me that all 8 IP addresses are in use now and I need to buy more.

I am a PHP Mysql programmer but I do not know Linux OS.

I need to know how to determine the 8 IP addresses and if they all are being used and for what they are being used for.

I have full root access.

Thank you

[BorderAmigos]

Assuming it's a Linux server, type "ip addr" at the shell. Also, ping or traceroute the domain name.

Can't see how one domain would be using 8 IP addresses. Who is your host?

[phall472]

Hello

Here is what I received from the instructions you gave me:

(root@T102)-(~) $ ip addr
-bash: ip: command not found

In my original post I said it is Debian Lenney Linux OS.

Any help is appreciated

[BorderAmigos]

aptitude install iproute

All my servers are Debian Lenny. IP command is part of the iproute package. You either don't have it installed or you are prevented from using it. If you are in a jailkit type shell you may not have access to it. If you have full access then install iproute.

[phall472]

Hello BorderAmigos

Yes It is a dedicated server and I have full Root acces.

I installed iproute and I googled how to run it.

I got the following:

(root@T102)-(~) $ ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNO WN qlen 1000
link/ether 00:21:85:1e:a2:84 brd ff:ff:ff:ff:ff:ff
inet ??.214.44.31/24 brd ??.214.44.255 scope global eth0
inet ??.214.44.32/24 brd ??.214.44.255 scope global secondary eth0:0
inet6 fe80::221:85ff:fe1e:a284/64 scope link
valid_lft forever preferred_lft forever
4: teql0: <NOARP> mtu 1500 qdisc noop state DOWN qlen 100
link/void
5: tunl0: <NOARP> mtu 1480 qdisc noop state DOWN
link/ipip 0.0.0.0 brd 0.0.0.0
6: gre0: <NOARP> mtu 1476 qdisc noop state DOWN
link/gre 0.0.0.0 brd 0.0.0.0
7: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
8: ip6tnl0: <NOARP> mtu 1460 qdisc noop state DOWN
link/tunnel6 :: brd ::

Can you tell me from this which IP are being used.

I can run other commands if you need more information. I have used ?? to block the first part of the IP addresses for security.

Thank you

[BorderAmigos]

The only IP addresses shown there are on these lines...

inet ??.214.44.31/24 brd ??.214.44.255 scope global eth0
inet ??.214.44.32/24 brd ??.214.44.255 scope global secondary eth0:0

Assuming you put the ?? for obfuscation. I'm not familiar with many of the other items shown in your setup and can't say how they effect IP usage.

[phall472]

Hello

Thank you for your help BorderAmigos.

Yes I placed the two question marks for security. (??.214.44.31/24)

inet ??.214.44.31/24 brd ??.214.44.255 scope global eth0
inet ??.214.44.32/24 brd ??.214.44.255 scope global secondary eth0:0

Does anyone else have any suggestions to determine the usage of the eight IP addresses.

[dbrumbaugh]

May I suggest that we start with knowing the IP addresses that are assigned to you. If you don't know, submit a support ticket to your host asking that question. Be sure to ask what IP's are usable of the assigned group.

Once you have that information, you need to put on your detective hat. Start with putting the IP's in a browser. You should be able to determine how they are being used and then by whom. There are many on-line tools that will help discover & define their usage. Port scan the IP; get a domain name and do a whois; what ever; let the snoop come out in you! I know you have it, cause you are an admitted programmer.

My guess is that your host has bound 2 IP's to your server as posted. One is called the lead IP and is likely the IP that you are using on your current website. The second is then used to interface to a VLAN within the data center that allows background routing of all other assigned IP's to this single IP on your server. (This cuts down on the cost of the network infrastructure for the data center)

Depending on how well the background networking is configured, it is possible that someone has hi-jacked your IP's. This may account for the hosting company's response to your initial IP question. If the IP's are really in use and you can show an example of abuse by another client of the hosting company, that should spur them to take action.

Hope this helps.

[phall472]

Hello dbrumbaugh

Thank you for your reply.

I have finally got some of the answers from my provider.

(1) They had only given me 4 IP not 8. They just gave me another 4 yesterday.

(2) They can't explain why I was told that all my IPs were used.


I will open another ticket for another question.

Thank you