Jobst Schmalenbach
2013-Aug-20 03:41 UTC
[CentOS] Two external interfaces, one with "default" route and ping problem
Hi I have two different IP addresses (in a block of /29), one is on port 0 and the other is on port 2 of a Ciso 888. I am doing this so I can have two different certs with two different ip addresses. I have tried: 1) one machine, two real interfaces, two cables (eth0 and eth2) 2) one machine, one real interface eth0 and one virtual interface eth0:1, one network cable Using number 2) I can ping the two different ip addresses, no problem. The only problem here is that iptables does not work (I cannot create rules for eth0:1 - and yes I know about the security implications). I have a problem with number number 1) I can ping the first ip address and I get a return, but I cannot get a return when I ping the second ip address. I can see traffic coming into the second interface but it does not return. Now one of the interfaces needs the "default" route applied (is this correct??), which is eth0. I assume this is a routing problem? What do I need to do to get this to work? Jobst -- Student to Teacher: Sir, what's an oxymoron? .... Teacher to Student: "Microsoft Works". | |0| | Jobst Schmalenbach, jobst at barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
Clint Dilks
2013-Aug-20 03:59 UTC
[CentOS] Two external interfaces, one with "default" route and ping problem
Hi, Two IP addresses within the same subnet is generally something that should be avoided if at all possible. See http://serverfault.com/questions/336021/two-network-interfaces-and-two-ip-addresses-on-the-same-subnet-in-linuxfor some information that may help. On Tue, Aug 20, 2013 at 3:41 PM, Jobst Schmalenbach <jobst at barrett.com.au>wrote:> > Hi > > I have two different IP addresses (in a block of /29), one is on port 0 > and the other is on port 2 of a Ciso 888. > I am doing this so I can have two different certs with two different ip > addresses. > > I have tried: > > 1) one machine, two real interfaces, two cables (eth0 and eth2) > 2) one machine, one real interface eth0 and one virtual interface eth0:1, > one network cable > > > Using number 2) > I can ping the two different ip addresses, no problem. The only problem > here is that iptables does not work (I cannot create rules for eth0:1 - and > yes I know about the security implications). > > > I have a problem with number number 1) > > I can ping the first ip address and I get a return, but I cannot get a > return when I ping the second ip address. > I can see traffic coming into the second interface but it does not return. > Now one of the interfaces needs the "default" route applied (is this > correct??), which is eth0. > > I assume this is a routing problem? > What do I need to do to get this to work? > > > > Jobst > > > > > > > > -- > Student to Teacher: Sir, what's an oxymoron? .... Teacher to Student: > "Microsoft Works". > > | |0| | Jobst Schmalenbach, jobst at barrett.com.au, General Manager > | | |0| Barrett Consulting Group P/L & The Meditation Room P/L > |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
Les Mikesell
2013-Aug-20 04:34 UTC
[CentOS] Two external interfaces, one with "default" route and ping problem
On Mon, Aug 19, 2013 at 10:41 PM, Jobst Schmalenbach <jobst at barrett.com.au> wrote:> > Hi > > I have two different IP addresses (in a block of /29), one is on port 0 and the other is on port 2 of a Ciso 888. > I am doing this so I can have two different certs with two different ip addresses. > > I have tried: > > 1) one machine, two real interfaces, two cables (eth0 and eth2) > 2) one machine, one real interface eth0 and one virtual interface eth0:1, one network cable > > > Using number 2) > I can ping the two different ip addresses, no problem. The only problem here is that iptables does not work (I cannot create rules for eth0:1 - and yes I know about the security implications).Why do you need different rules for eth0:1? Can't you specify the IP addresses? -- Les Mikesell lesmikesell at gmail.com