https://community.splunk.com/t5/Security/Configure-Splunk-instance-with-2-IP-addresses/m-p/24691#M815 <P>I haven't solved it yet.I will try SPLUNK_BINDIP=* tomorrow, but for the security reason, 2 domains with separate sub-network cannot connect together, so if iam in 192.168.194.0, searchhead is resolved to 192.168.194.80. And i can't open the splunk web page on <A href="http://178.17.0.80:">http://178.17.0.80:</A><YOURPORT> from inside 192.168.194.0.<BR /> The thing i want is to connect splunk web page with the hostname, no matter what source it's from.</YOURPORT></P> Tue, 06 Nov 2012 18:43:15 GMT sieutruc 2012-11-06T18:43:15Z https://community.splunk.com/t5/Security/Configure-Splunk-instance-with-2-IP-addresses/m-p/24689#M813 <P>Hello Splunkers,</P> <P>I have a Splunk server configured with 2 interfaces (178.17.0.80, 192.168.194.80, hostname=searchhead).In splunklaunch.conf, i bind Splunk's IP to 178.17.0.80. <BR /> I can connect to Splunk inside network 178.17.0.0, but not in network 192.168.194.0. This Splunk machine has name server configured from DNS server of each network to make sure the hostname "searchhead" be resolved to the correct ip address. <BR /> So my question is how to connect to Splunk web from 2 networks that uses only common hostname "searchhead" ?</P> Tue, 06 Nov 2012 13:08:03 GMT https://community.splunk.com/t5/Security/Configure-Splunk-instance-with-2-IP-addresses/m-p/24689#M813 sieutruc 2012-11-06T13:08:03Z https://community.splunk.com/t5/Security/Configure-Splunk-instance-with-2-IP-addresses/m-p/24690#M814 <P>hi sieutruc</P> <P>sounds more like a routing problem, if you bind splunk to IP 178.17.0.80 you must have a network route to reach it from inside 192.168.194.0.</P> <P>are you able to do the following:</P> <UL> <LI>'ping searchhead' from inside 192.168.194.0, it resolves to the correct IP and you get an answer?</LI> <LI>are you able to open the splunk web page on <CODE><A href="http://178.17.0.80:&lt;yourport&gt;" target="test_blank">http://178.17.0.80:&lt;yourport&gt;</A>;</CODE> from inside 192.168.194.0?</LI> </UL> <P>update:<BR /> why don't you unset the SPLUNK_BINDIP option so it binds to '*' ?</P> <PRE><CODE> SPLUNK_BINDIP=&lt;ip address&gt; * If unset, Splunk makes no specific request operating system when binding to ports/opening a listening socket. This means it effectively binds to '*' or an unspecified bind. The exact result of this is contolled by operating system behavior and configuration. </CODE></PRE> <P>cheers,</P> <P>MuS</P> Tue, 06 Nov 2012 13:39:40 GMT https://community.splunk.com/t5/Security/Configure-Splunk-instance-with-2-IP-addresses/m-p/24690#M814 MuS 2012-11-06T13:39:40Z https://community.splunk.com/t5/Security/Configure-Splunk-instance-with-2-IP-addresses/m-p/24691#M815 <P>I haven't solved it yet.I will try SPLUNK_BINDIP=* tomorrow, but for the security reason, 2 domains with separate sub-network cannot connect together, so if iam in 192.168.194.0, searchhead is resolved to 192.168.194.80. And i can't open the splunk web page on <A href="http://178.17.0.80:">http://178.17.0.80:</A><YOURPORT> from inside 192.168.194.0.<BR /> The thing i want is to connect splunk web page with the hostname, no matter what source it's from.</YOURPORT></P> Tue, 06 Nov 2012 18:43:15 GMT https://community.splunk.com/t5/Security/Configure-Splunk-instance-with-2-IP-addresses/m-p/24691#M815 sieutruc 2012-11-06T18:43:15Z https://community.splunk.com/t5/Security/Configure-Splunk-instance-with-2-IP-addresses/m-p/24692#M816 <P>Alternatively you could use use port fowarding using iptables or netsh depending on platform.<BR /> <CODE></CODE><PRE><CODE><BR /> #Linux<BR /> iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 8000 -j DNAT --to 192.168.194.80:8000<BR /> iptables -A FORWARD -p tcp -d 192.168.194.80 --dport 8000 -j ACCEPT<BR /> </CODE></PRE><BR /> <CODE></CODE><PRE><CODE><BR /> #Windows<BR /> netsh interface portproxy add v4tov4 listenport=8000 listenaddress=192.168.194.80 connectport=8000 connectaddress=178.17.0.80<BR /> </CODE></PRE></P> <P><A href="http://technet.microsoft.com/en-us/library/cc731068(v=ws.10).aspx#BKMK_1">Netsh_PortProxy</A></P> <P><A href="http://www.linuxmanpages.com/man8/iptables.8.php">iptables</A></P> <P>Hope this helps or gets you started. <BR /> Cheers,</P> Wed, 07 Nov 2012 03:18:35 GMT https://community.splunk.com/t5/Security/Configure-Splunk-instance-with-2-IP-addresses/m-p/24692#M816 bmacias84 2012-11-07T03:18:35Z