IP-Role Mapper Service Configuration

The IP-Role mapper service is quite easy to configure and its configuration may be modified "on the fly", that is, the service will reload the configuration file when it detects any modifications.

The configuration file is just an XML file containing a list of IP ranges enclosed in an <ipranges> element. Each of the IP ranges must have a begin and an end address specified in its attributes and must contain at least one <role> element. The begin and end address are included in the range and thus, a range having a begin address which is identical to the end address will specify an individual host.

Each individual IP range in the configuration file may apply either IPv4 or IPv6 addresses, that is, the begin and end address of each range must be of the same type. However, mixing IPv4 and IPv6 IP ranges in the same configuration file is allowed.

Here is an example of an IPv4 <iprange> element: 

    <iprange begin="192.168.123.123" end="192.168.123.231">
        <!-- Private network address range. -->
        <role>lan_users</role>
    </iprange>

Here is an example of an IPv6 <iprange> element: 

    <iprange begin="1020:3040:5060:0:1337:b007:c4fe:000d" end="1020:3040:5060:0:1337:b007:c4fe:f00d">
        <!-- Address range with multiple roles. -->
        <role>vip_user</role>
        <role>professor</role>
        <role>boffin</role>
    </iprange>

Standard XML comments, like the ones in the above examples, may be added anywhere in the configuration file. However, the IP role mapper service will not use them for anything. They will just be silently ignored.

Here is an IPv4 example of a complete configuration file: 

<?xml version="1.0" encoding="UTF-8"?>
<ipranges>
    <iprange begin="130.225.24.0" end="130.225.25.255">
        <!-- Inhouse non-NAT addresses -->
        <role>inhouse</role>
    </iprange>
    <iprange begin="130.225.26.33" end="130.225.26.33">
        <!-- External addresses for inhouse NAT addresses -->
        <role>inhouse</role>
    </iprange>
    <iprange begin="130.255.26.35" end="130.255.26.35">
        <!-- External addresses for VPN NAT addresses -->
        <role>inhouse</role>
    </iprange>
    <iprange begin="172.16.7.0" end="172.16.7.255">
        <!-- Inhouse VPN NAT addresses -->
        <role>inhouse</role>
    </iprange>
    <iprange begin="172.18.0.0" end="172.18.255.255">
        <!-- Inhouse NAT addresses -->
        <role>inhouse</role>
    </iprange>
</ipranges>

IPRoleMapperConfiguration (last edited 2010-11-22 12:03:03 by ThomasSkouHansen)