Hello:
I have a machine running CentOS 5.2
I added two IP addresses to eth0 by copying /etc/sysconfig/network-scripts/ifcfg-eth0 to /etc/sysconfig/network-scripts/ifcfg-eth0:0 /etc/sysconfig/network-scripts/ifcfg-eth0:1
and changing the relevant IP info.
I am now seeing outbound connections failing at my firewall from services like NTP, etc. since they are now using a source address from one of the added IP addresses instead of the original eth0 IP which is allow through the firewall.
I don't want to have to keep maintaining 3 copies of each firewall rule to accommodate the new IP addresses.
Is there a way to tell the machine to use the eth0 IP address as the source address for connections?
Here is the original ifcfg-eth0 file:
# nVidia Corporation MCP55 Ethernet DEVICE=eth0 BOOTPROTO=none BROADCAST=206.123.70.63 HWADDR=00:30:48:7A:B4:FE IPADDR=206.123.70.50 NETMASK=255.255.255.240 NETWORK=206.123.70.48 ONBOOT=yes GATEWAY=206.123.70.49 TYPE=Ethernet
Here is ifcfg-eth0:0 # nVidia Corporation MCP55 Ethernet DEVICE=eth0:0 BOOTPROTO=none BROADCAST=72.249.130.47 HWADDR=00:30:48:7A:B4:FE IPADDR=72.249.130.42 NETMASK=255.255.255.248 NETWORK=72.249.130.40 ONBOOT=yes GATEWAY=72.249.130.41 TYPE=Ethernet
Here is ifcfg-eth0:1 # nVidia Corporation MCP55 Ethernet DEVICE=eth0:0 BOOTPROTO=none BROADCAST=72.249.130.47 HWADDR=00:30:48:7A:B4:FE IPADDR=72.249.130.43 NETMASK=255.255.255.248 NETWORK=72.249.130.40 ONBOOT=yes GATEWAY=72.249.130.41 TYPE=Ethernet
Any ideas why this is happening?
Thanks, Neil
-- Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details.
On Mon, Aug 4, 2008 at 13:00, Neil Aggarwal neil@jammconsulting.com wrote:
Any ideas why this is happening?
Because you have two different default gateways. In that case, Linux will "rotate" between them, using one or the other for each outgoing packet.
If you want all your outgoing traffic to go through one gateway only (from what you write, that is probably what you want), only remove the GATEWAY= line from the :0 and :1 files and restart the network with "service network restart".
HTH, Filipe
Filipe:
I removed the GATEWAY line from the :0 and :1 files and now everything seems to be working perfectly.
I don't understand how that works since the IP addresses from :0 and :1 are on a different subnet than the one for eth0 and they have a different gateway. I guess I don't understand the finer points of networking.
The solution worked and I am thankful for that.
Thanks, Neil
-- Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details.
Because you have two different default gateways. In that case, Linux will "rotate" between them, using one or the other for each outgoing packet.
On Mon, Aug 4, 2008 at 15:31, Neil Aggarwal neil@jammconsulting.com wrote:
I don't understand how that works since the IP addresses from :0 and :1 are on a different subnet than the one for eth0 and they have a different gateway. I guess I don't understand the finer points of networking.
The point is that, when you have multiple gateways, the system will choose one for you for each outgoing packet.
If the packet is not yet part of an established connection (i.e. if it is an outgoing connection that is being opened), when the gateway is chosen, so will the outgoing address, and this will cause you to experience what you have experienced.
Administrators should *always* avoid using multiple default gateways unless they really know what they are doing (and even in that case I would recommend against it).
The solution worked and I am thankful for that.
Great to know I could help!
Filipe
Neil Aggarwal wrote:
Any ideas why this is happening?
Try looking at this? http://www.clintoneast.com/articles/multihomed.php
In general I try to make sure my systems only have 1 default gateway, makes life a lot easier. Leave the multi homing to the routers(or my preference layer 3 switches).
nate
On Mon, Aug 04, 2008, nate wrote:
Neil Aggarwal wrote:
Any ideas why this is happening?
Try looking at this? http://www.clintoneast.com/articles/multihomed.php
In general I try to make sure my systems only have 1 default gateway, makes life a lot easier. Leave the multi homing to the routers(or my preference layer 3 switches).
It's worth noting that some software allows one to specify the outgoing IP (e.g. using inet_interfaces in postfix or sourceaddress with innd).
This can be very useful if one has a role IP, say news.example.com, and wants to be sure that outgoing connections originate with a specific IP address so your news partners don't have to mess with their incoming configuration files.
I did see some ``interesting'' issues on an private LAN where a server had multiple IP addresses on the private interface. NFS mounts were failing to the primary IP, and after doing some tcp sniffing, I found that the return UDP packets were originating from one of the aliased IP addresses (this was SuSE 9.0 Pro). I fixed the problem by forcing NFS to use tcp conneections rather than beat my head against the wall trying to figure out why this was happening.
Bill
On Mon, Aug 04, 2008, Bill Campbell wrote:
On Mon, Aug 04, 2008, nate wrote:
Neil Aggarwal wrote:
Any ideas why this is happening?
Try looking at this? http://www.clintoneast.com/articles/multihomed.php
In general I try to make sure my systems only have 1 default gateway, makes life a lot easier. Leave the multi homing to the routers(or my preference layer 3 switches).
It's worth noting that some software allows one to specify the outgoing IP (e.g. using inet_interfaces in postfix or sourceaddress with innd).
Whoops. That is smtp_bind_address for postfix, not inet_interfaces.
Bill
Bill Campbell wrote:
It's worth noting that some software allows one to specify the outgoing IP (e.g. using inet_interfaces in postfix or sourceaddress with innd).
That certainly makes sense when you have multiple IPs that are routed by the same default gateway(most often in the same subnet, but it appears that the OP had two different subnets from the same ISP that could use the same gateway, I had a similar setup once but the subnets were adjacent (two /28s right next to each other, as the ISP wasn't willing to allocate a /27)).
Certainly not a situation I like to have to deal with(two different subnets going to the same gateway), too complicated.
nate
-
Bill Campbell -
Filipe Brandenburger -
nate -
Neil Aggarwal