Re: Issue with ip aliases and routing

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Jon-david Geier,

 : After setting these adresses up I tested that they were 
 : functional ( at least to the local machine ) by pinging each 
 : adress all of which responded from the local machine.

If you can ping the addresses from the machine itself, then they 
have been successfully added to the interface (eth0).  You can 
confirm this, of course by listing all of the addresses on eth0:

  # ip address show dev eth0

This should show all of your addresses.  Note that the term alias 
for additional IP addresses on an interface is deprecated.  The use 
of the label (e.g., eth0:1, eth0:4) is simply a backwards-compatible 
convenience for ifconfig.  The iproute tools show a slightly more 
accurate picture of the networking stack.  (xref also, for some 
possibly unexpected behaviour of the IP stack when an interface is 
"down" [0] FAQ)

 : The next thing I did was I set a
 : route statement to set the primary ( x.x.214.162 ) as the gateway for the
 : x.x.6.224 network via this statement: route add -net x.x.6.224 netmask
 : 255.255.255.224 gw x.x.214.162.

This is probably not necessary.  Let's use your eth0:1 as an 
example.  When the network startup scripts bring up this IP, you'll 
see the address appear on the interface ("ip address show"), and you 
should see a route to the network appear.  Here's roughly what I 
would expect to see on your machine (different link layer address 
for sure):

  # ip addr show dev eth0
  2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
      link/ether 00:30:1b:af:78:51 brd ff:ff:ff:ff:ff:ff
      inet 38.99.214.162/30 brd 38.99.214.163 scope global eth0
      inet 38.98.6.230/27 brd 38.98.6.255 scope global eth0:1
      inet 38.98.6.235/27 brd 38.98.6.255 scope global secondary eth0:2
      inet 38.98.6.240/27 brd 38.98.6.255 scope global secondary eth0:3
      inet 38.98.6.245/27 brd 38.98.6.255 scope global secondary eth0:4
      inet 38.98.6.250/27 brd 38.98.6.255 scope global secondary eth0:5
      inet6 fe80::230:1bff:feaf:7851/64 scope link 
         valid_lft forever preferred_lft forever
  
  # ip route show dev eth0
  38.98.6.224/27  proto kernel  scope link  src 38.98.6.230
  38.99.214.160/30  proto kernel  scope link  src 38.98.6.230
  default via 38.99.214.161

Note the following potential pitfall.  If you were to remove the IP 
address 38.98.6.230 from eth0, all of the other ones would also be 
removed [1].

 : I thought this was all I needed in order to be able to access the 
 : aliased adresses externaly from the machine. Unfortunatley this 
 : is not the case. I have ensured that ip forwarding is enabled and 
 : that the adresses are setup correctly.
 
Is the machine a router?  If "landuconsulting" is not a router, then 
you do not need (nor want) IP forwarding enabled.
 
 : I have also atempted to use the same route statment with iproute2 
 : via : ip route add 38.98.6.224/27 dev eth0 proto kernel scope 
 : link src 38.99.214.162 and I am still unable to access the 
 : adresses externaly from the machine.

So, you are testing to see if you can reach 38.98.214.162 and 
38.98.6.230 (and friends) from a remote location?  Are you sure the 
upstream route exists?  Here's how to use tcpdump to test on 
landuconsulting:

  # tcpdump -nn -i eth0 net 38.98.6.224/27 or arp

Now, generate your inbound traffic to any of your additional 
addresses.  Watch for ARP requests.  Is your machine answering them?  
It is quite possible that your upstream router does not have a route 
to 38.98.6.224/27 to your local Ethernet.  That's something you need 
to fix on the upstream router, not on the host you are configuring 
with many IP addresses.

 : I have even brought down iptables to test that there is no 
 : conflict there. Here are the configuration files.

[ config files snipped, summary retained ]

eth0   38.99.214.162
eth0:1 38.98.6.230
eth0:2 38.98.6.235
eth0:3 38.98.6.240
eth0:4 38.98.6.245
eth0:5 38.98.6.250

[ snipped sysctl.conf; nothing unusual-looking there ]

 : [root@landuconsulting ~]# cat /etc/rc.local
 : # !/bin/sh
 : # 
 : #  This script will be executed *after* all the other init scripts.
 : #  You can put your own initialization stuff in here if you don't
 : #  want to do the full Sys V style init stuff.
 : 
 : touch /var/lock/subsys/local
 : route add -net 38.98.6.224 netmask 255.255.255.224 gw 38.99.214.162

Yank this line.  It is not required.

 : I'm pretty sure that I'm missing just some small detail but for 
 : some reason it evades my notice. Any assitance you can provide me 
 : with would be grately appreciated. Thank you for your time.

Good luck,

-Martin


 [0] http://linux-net.osdl.org/index.php/IPv4
 [1] http://linux-ip.net/html/tools-ip-address.html#tools-ip-address-del

-- 
Martin A. Brown
http://linux-ip.net/
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux