Helio Alexandre Lopes Loureiro
2002-Dec-09 19:19 UTC
Weird behavior in a router with more than 2 IPs in a interface
Hi list, I''m asking here because it is last resource. I already tried a lot of configurations and I really don''t know how to solve this problem. I installed a Linux box (Debian 3.0, kernel 2.4.19) with 4 network interfaces: eth0 with 192.168/24 address (intranet); eth1 with 10/24 address (DMZ); eth2 with 200/24 address (link 1 - default); eth3 with 200/24 address too (link 2 - ADSL - just for non specific traffic). Everything was working properly, including source routing rules and SNAT/DNAT translations. So I started the 2d phase, migrating servers from link eth2 to DMZ on link eth1. No problems during some days, but now I seeing a lot of weird behaviors. Interface eth2 has 4/5 address for while. Some of them are reachable, some not, i.e., I just can ping some address while some others not. Using tcpdump, I can see icmp packets arriving, but no response from the server. Resetting switch works for some time, allowing all IP to be reachable, but after a time (minutes, hours or, even, days) some IPs just stops. I already tried to get firewall down, but it didn''t solve the problem, so I''m believing the problem is with layer 2 and internal routing. My iproute rules follows below: ip route add default via 200.1.7.1 table dmznet ip rule add from 192.168.0.0/24 table dmznet ip route add 192.168.0.0/24 via 192.168.0.254 table dmznet ip rule add from 200.1.7.0/26 table dmznet ip addr add 200.2.8.3/26 dev eth2 ip addr add 200.2.8.4/26 dev eth2 ip addr add 200.2.8.5/26 dev eth2 ip addr add 200.2.8.15/26 dev eth2 ip rule add from 192.168.0.0/24 to 200.2.8.0/26 table dmznet ip route add 200.2.8.0/26 via 200.2.8.20 table dmznet ip route add 10.0.0.0/24 via 10.0.0.254 table dmznet ip rule add from 10.0.0.11/32 table dmznet Looking with tcpdump, I can see this: cramulhao:~# tcpdump -i any not port 22 and host 200.2.2.68 -n tcpdump: listening on any 17:18:51.305577 200.2.2.68 > 200.2.8.20: icmp: echo request (DF) 17:18:51.305735 200.2.8.20 > 200.2.2.68: icmp: echo reply 17:18:56.933199 200.2.2.68 > 200.2.8.3: icmp: echo request (DF) 17:19:08.595382 200.2.2.68 > 200.2.8.4: icmp: echo request (DF) 17:19:23.298808 200.2.2.68 > 200.2.8.5: icmp: echo request (DF) 17:19:23.298954 200.2.8.5 > 200.2.2.68: icmp: echo reply As anyone can see, IPs ending with 3 and 4 are not responding. Have anyone a clue about what is happening? Thanks and BR''s -- Hélio Alexandre Lopes Loureiro [helio.loureiro@edb.ericsson.se] Regional Software Supply & Integration South America Tel.: + 55 11 6224-1795 Public Key ID: FB5972D1@http://search.keyserver.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Martin A. Brown
2002-Dec-09 19:28 UTC
Re: Weird behavior in a router with more than 2 IPs in a interface
Helio, <snip> : some address while some others not. Using tcpdump, I can see icmp : packets arriving, but no response from the server. Resetting switch : works for some time, allowing all IP to be reachable, but after a time : (minutes, hours or, even, days) some IPs just stops. <snip> Stop right there! Have you checked to make sure your linux box is not answering ARP queries on the wrong interfaces? (ARP flux) You probably need to use Julian''s "hidden" patch to 2.4.x. Strangely, it''s part of the 2.2.14+ kernels, but is not included by default in the 2.4.x kernels--but Julian supplies a patch. http://www.ssi.bg/~ja/#hidden http://www.ssi.bg/~ja/hidden.txt Once you are patched and running the new kernel, you''ll want to do the following: # echo 1 > /proc/sys/net/ipv4/conf/all/hidden # echo 1 > /proc/sys/net/ipv4/conf/eth2/hidden # echo 1 > /proc/sys/net/ipv4/conf/eth3/hidden My guess is that your switch is probably seeing a particular ethernet address move from one port to another port.... In order to verify this, you should be able to tcpdump on each interface (eth2 and eth3) looking for ARP. Good luck, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/