[CentOS] IPv4 192.168.71.1 'leaks out onto WAN.

James B. Byrne

byrnejb at harte-lyne.ca
Fri Jun 7 19:03:05 UTC 2013


Arch = x86_64
OS = CentOS-6.4 (centos) with all updates applied to date.

On our gateway host eth0 is the WAN access and eth1 is the LAN. I wish
to activate the address 192.185.71.1 on eth1.  The ifcfg-eth1:192071
file contains this:

NAME=""
BOOTPROTO=none
MACADDR=""
IPV6INIT=no
DEVICE=eth1:192071
NETMASK=255.255.255.0
MTU=""
BROADCAST=192.168.71.255
ONPARENT=no
IPADDR=192.168.71.1
NETWORK=192.168.71.0
ONBOOT=no

When I try ifup to activate the address then I see this:

# ifup eth1:192071
Error, some other host already uses address 192.168.71.1.

I investigated what that host could be using nmap -v -APn
192.168.71.1/32 and discovered that my gateway host is allowing
192.168.71.0 out through eth0 onto the WAN (and presumably anything
else that it originates).

Presently we masquerade 192.168.0.0/16 in a NAT POSTROUTING chain
which handles the internal hosts seeking addresses on the WAN. 
However, I am unsure of how to handle the gateway itself.  Is this
situation best handled by a permanent route reflecting 192.168 to eth1
only?  Or, is it handled better by an addition to the OUTPUT chain in
the NAT IPTable?  Or, is the best method something else entirely of
which I am unaware?

Any suggestions?

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3




More information about the CentOS mailing list