Hi
I have two different IP addresses (in a block of /29), one is on port 0 and the other is on port 2 of a Ciso 888. I am doing this so I can have two different certs with two different ip addresses.
I have tried:
1) one machine, two real interfaces, two cables (eth0 and eth2) 2) one machine, one real interface eth0 and one virtual interface eth0:1, one network cable
Using number 2) I can ping the two different ip addresses, no problem. The only problem here is that iptables does not work (I cannot create rules for eth0:1 - and yes I know about the security implications).
I have a problem with number number 1)
I can ping the first ip address and I get a return, but I cannot get a return when I ping the second ip address. I can see traffic coming into the second interface but it does not return. Now one of the interfaces needs the "default" route applied (is this correct??), which is eth0.
I assume this is a routing problem? What do I need to do to get this to work?
Jobst
Hi,
Two IP addresses within the same subnet is generally something that should be avoided if at all possible.
See http://serverfault.com/questions/336021/two-network-interfaces-and-two-ip-ad... some information that may help.
On Tue, Aug 20, 2013 at 3:41 PM, Jobst Schmalenbach jobst@barrett.com.auwrote:
Hi
I have two different IP addresses (in a block of /29), one is on port 0 and the other is on port 2 of a Ciso 888. I am doing this so I can have two different certs with two different ip addresses.
I have tried:
- one machine, two real interfaces, two cables (eth0 and eth2)
- one machine, one real interface eth0 and one virtual interface eth0:1,
one network cable
Using number 2) I can ping the two different ip addresses, no problem. The only problem here is that iptables does not work (I cannot create rules for eth0:1 - and yes I know about the security implications).
I have a problem with number number 1)
I can ping the first ip address and I get a return, but I cannot get a return when I ping the second ip address. I can see traffic coming into the second interface but it does not return. Now one of the interfaces needs the "default" route applied (is this correct??), which is eth0.
I assume this is a routing problem? What do I need to do to get this to work?
Jobst
-- Student to Teacher: Sir, what's an oxymoron? .... Teacher to Student: "Microsoft Works".
| |0| | Jobst Schmalenbach, jobst@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, Aug 19, 2013 at 10:41 PM, Jobst Schmalenbach jobst@barrett.com.au wrote:
Hi
I have two different IP addresses (in a block of /29), one is on port 0 and the other is on port 2 of a Ciso 888. I am doing this so I can have two different certs with two different ip addresses.
I have tried:
- one machine, two real interfaces, two cables (eth0 and eth2)
- one machine, one real interface eth0 and one virtual interface eth0:1, one network cable
Using number 2) I can ping the two different ip addresses, no problem. The only problem here is that iptables does not work (I cannot create rules for eth0:1 - and yes I know about the security implications).
Why do you need different rules for eth0:1? Can't you specify the IP addresses?
hi.
sorry for the late reply ... been busy.
When I first started this "project" I read while doing research that it is not a good idea to use eth0:1 using iptables ... but after you wrote the below I did some more RTFm and came to the conclusion there is not anything wrong doing this when done right.
So I made a new chain name and directed all traffic with the IP address through that chain letting only mail (inc ssl etc) traffic pass - thanks its working now.
Jobst
On Mon, Aug 19, 2013 at 11:34:37PM -0500, Les Mikesell (lesmikesell@gmail.com) wrote:
On Mon, Aug 19, 2013 at 10:41 PM, Jobst Schmalenbach jobst@barrett.com.au wrote:
Hi
I have two different IP addresses (in a block of /29), one is on port 0 and the other is on port 2 of a Ciso 888. I am doing this so I can have two different certs with two different ip addresses.
I have tried:
- one machine, two real interfaces, two cables (eth0 and eth2)
- one machine, one real interface eth0 and one virtual interface eth0:1, one network cable
Using number 2) I can ping the two different ip addresses, no problem. The only problem here is that iptables does not work (I cannot create rules for eth0:1 - and yes I know about the security implications).
Why do you need different rules for eth0:1? Can't you specify the IP addresses?
-- Les Mikesell lesmikesell@gmail.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Clint Dilks -
Jobst Schmalenbach -
Les Mikesell