Re: 2 NICs in same network & ip aliasing

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Dec 03, 2002 at 06:34:00PM +0100, virdzek, roman wrote:
>  hi all,
> 
>  i have one little problem,and i can't find answer.
> 
> 				PC1
> 		
> 		     eth1	           eth2
> 		  10.0.0.1/8		10.0.0.2/8
> 			|		10.0.0.3/8 secondary
> 			|		    |
> 			|		    |
> 			|		    |
> 					    |
> 			switch	-------------
> 			   |
> 			   |
> 			   |	
> 		   	   eth1
> 			10.0.0.10/8
> 			   PC2
> 			(default route 10.0.0.2)
> 
> i have set arp_filter=1,
> and 2 ip tables , A and B
> 
> table A:
> 10.0.0.0/8 dev eth1 scope link
> table B:
> 10.0.0.0/8 dev eth2 scope link
> 
> and ip rule:
> ... from 10.0.0.1 lookup A
> ... from 10.0.0.2 lookup B
> .
> .
> 
> 
> ping PC2 -> 10.0.0.1  ...ok answer come from eth1
> ping PC2 -> 10.0.0.2  ...ok answer come from eth2
> 
> but
> ping PC2 -> 10.0.0.3(secondary) ... wrong answer come from eth1 !
> PC1 answer on arp question "who has 10.0.0.3", "10.0.0.3 is at eth1"
> 
> If I set arp_filter=0,
> and set hidden = 1 :
> ping PC2 -> 10.0.0.3(secondary) ... no answer
> 
> 
> what i make wrong?

Well, some people say this behaviour is correct wrt the rfc. I wont go into
that discussion.

After searching for a long time, I found this way to solve the problem:

1) make sure there are no wrong ARP replies:

echo 1 > /proc/sys/net/ipv4/conf/$DEVICE/arp_filter

2) make sure the packets are sent from the correct interface:

Turn advanced routing on in the kernel.
CONFIG_IP_ADVANCED_ROUTER=y

For every REAL interface (not alias), try:
(the variables should be clear, add entries to /etc/iproute2/rt_tables for
every device, to make configuration easier to read)

ip route add ${NET} dev ${DEVICE}  scope link  table ${DEVICE}
ip route add default via ${GATEWAY} dev ${DEVICE} table ${DEVICE}

ip rule add from ${ADDR} table ${DEVICE}



For every ALIAS do

ip rule add from ${IP} table ${TABLE}


This setup means that every packet is routed based on the source address.
I've used it for some time now, and it works just fine.

I hope this helps.


Greetings,

Ivo De Decker

P.S. Maybe this could be documented in the LARTC.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux