[CentOS] IPv4 192.168.71.1 'leaks out onto WAN.
James B. Byrne
byrnejb at harte-lyne.caFri Jun 7 19:03:05 UTC 2013
- Previous message: [CentOS] Can someone explain this?
- Next message: [CentOS] IPv4 192.168.71.1 'leaks out onto WAN.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Arch = x86_64 OS = CentOS-6.4 (centos) with all updates applied to date. On our gateway host eth0 is the WAN access and eth1 is the LAN. I wish to activate the address 192.185.71.1 on eth1. The ifcfg-eth1:192071 file contains this: NAME="" BOOTPROTO=none MACADDR="" IPV6INIT=no DEVICE=eth1:192071 NETMASK=255.255.255.0 MTU="" BROADCAST=192.168.71.255 ONPARENT=no IPADDR=192.168.71.1 NETWORK=192.168.71.0 ONBOOT=no When I try ifup to activate the address then I see this: # ifup eth1:192071 Error, some other host already uses address 192.168.71.1. I investigated what that host could be using nmap -v -APn 192.168.71.1/32 and discovered that my gateway host is allowing 192.168.71.0 out through eth0 onto the WAN (and presumably anything else that it originates). Presently we masquerade 192.168.0.0/16 in a NAT POSTROUTING chain which handles the internal hosts seeking addresses on the WAN. However, I am unsure of how to handle the gateway itself. Is this situation best handled by a permanent route reflecting 192.168 to eth1 only? Or, is it handled better by an addition to the OUTPUT chain in the NAT IPTable? Or, is the best method something else entirely of which I am unaware? Any suggestions? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
- Previous message: [CentOS] Can someone explain this?
- Next message: [CentOS] IPv4 192.168.71.1 'leaks out onto WAN.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list