[CentOS] Help with routing question.

Wed Feb 18 17:51:25 UTC 2015
Antonio S. Martins Jr. <asmartins at uem.br>

Hi James,

   Simply remove the GATEWAY line from the eth0:192 interface config :D

   Then you'll had only one default gateway. And the source IP to all unknown address
will be the routeable one.

   Att.,

       Antonio.

----- "James B. Byrne" <byrnejb at harte-lyne.ca> escreveu:

> De: "James B. Byrne" <byrnejb at harte-lyne.ca>
> Para: centos at centos.org
> Enviadas: Quarta-feira, 18 de Fevereiro de 2015 15:39:16 (GMT-0300) Auto-Detected
> Assunto: [CentOS] Help with routing question.
>
> CentOS-6.6
> 
> We have a host that has multiple IPv4 addresses aliased to eth0.  
> The
> primary address is 216.185.71.x and the alias is 192.168.6.x.
> 
> This host connects to devices on both netblocks without problems. 
> Only default routing is used and it looks like this:
> 
> #ip route
> 192.168.6.0/24 dev eth0  proto kernel  scope link  src 192.168.6.x
> 216.185.71.0/24 dev eth0  proto kernel  scope link  src 216.185.71.x
> 169.254.0.0/16 dev eth0  scope link  metric 1002
> default via 192.168.6.1 dev eth0  src 192.168.6.x
> default via 216.185.71.1 dev eth0
> 
> 
> When the system connects to internal systems via ssh it uses the src
> 216.185.71.x for devices on that netblock and 192.168.6.x for devices
> on the other.
> 
> The problem is that when we try to establish an ssh connection
> off-site to another netblock altogether the host uses 192.168.6.x as
> the source and the destination gets the public side IP address of our
> gateway router as the point of origin due to masquerading.
> 
> I have solved this by explicitly binding ssh to the public ipv4 when
> connecting using the --bind=216.185.71.x parameter.  But I have two
> questions I would like to find answers for
> 
> 1. Why is ssh using the private IP in preference to the public IP
> when
> connecting to off-site addresses?
> 
> 2. How does one configure the routing table on network startup to
> specifically detail the route particular addresses are supposed to
> take?
> 
> 
> For diagnosis here are the ifcfg scripts used for both interfaces:
> 
> DEVICE="eth0"
> BOOTPROTO="static"
> BROADCAST="216.185.71.255"
> DNS1="216.185.71.33"
> GATEWAY="216.185.71.1"
> HWADDR="38:60:77:D5:AC:D8"
> IPADDR="216.185.71.x"
> IPV6INIT="yes"
> IPV6_AUTOCONF="yes"
> NETMASK="255.255.255.0"
> NM_CONTROLLED="no"
> ONBOOT="yes"
> TYPE="Ethernet"
> UUID="0202e615-ce93-4fe1-833a-c11259afb850"
> 
> 
> DEVICE="eth0:192"
> BOOTPROTO="static"
> BROADCAST="192.168.6.255"
> GATEWAY="192.168.6.1"
> IPADDR="192.168.6.x"
> NETMASK="255.255.255.0"
> NM_CONTROLLED="no"
> ONPARENT="yes"
> TYPE="Ethernet"
> 
> 
> -- 
> ***          E-Mail is NOT a SECURE channel          ***
> James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
> Harte & Lyne Limited          http://www.harte-lyne.ca
> 9 Brockley Drive              vox: +1 905 561 1241
> Hamilton, Ontario             fax: +1 905 561 0757
> Canada  L8E 3C3
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
> -- 
> Esta mensagem foi verificada pelo sistema de antivirus e
>  acredita-se estar livre de perigo.

-- 
Antonio da Silva Martins Jr. 
Analista de Suporte
NPD - Núcleo de Processamento de Dados
UEM - Universidade Estadual de Maringá
email: asmartins at uem.br 
fone: +55 (44) 3011-4015 / 3011-4411
inoc-dba: 263076*100                     

     "Real Programmers don’t need comments — the code is obvious."

-- 
Esta mensagem foi verificada pelo sistema de antivirus e
 acredita-se estar livre de perigo.