I need to get this working. I have a single interface eth0 with a primary adress of x.x.214.162 on a /30 block network. This interface is properly set up and works fine, however, I also have five aliased adresses on the same interface: eth0:1 @ x.x.6.230, eth0:2 @ x.x.6.235, eth0:3 @ x.x.6.240, eth0:4 @ x.x.6.245, and eth0:5 @ x.x.6.250. All of these adresses are on a /27 block network. After setting these adresses up I tested that they were functional ( at least to the local machine ) by pinging each adress all of which responded from the local machine. The next thing I did was I set a route statement to set the primary ( x.x.214.162 ) as the gateway for the x.x.6.224 network via this statement: route add -net x.x.6.224 netmask 255.255.255.224 gw x.x.214.162. I thought this was all I needed in order to be able to access the aliased adresses externaly from the machine. Unfortunatley this is not the case. I have ensured that ip forwarding is enabled and that the adresses are setup correctly. I have also atempted to use the same route statment with iproute2 via : ip route add 38.98.6.224/27dev eth0 proto kernel scope link src 38.99.214.162 and I am still unable to access the adresses externaly from the machine. I have even brought down iptables to test that there is no conflict there. Here are the configuration files. [root@landuconsulting ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static BROADCAST=38.99.214.163 IPADDR=38.99.214.162 NETMASK=255.255.255.252 NETWORK=38.99.214.160 HWADDR=00:16:35:6A:85:09 ONBOOT=yes TYPE=Ethernet [root@landuconsulting ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:1 DEVICE=eth0:1 BOOTPROTO=static BROADCAST=38.98.6.255 IPADDR=38.98.6.230 NETMASK=255.255.255.224 NETWORK=38.98.6.224 ONBOOT=yes TYPE=Ethernet [root@landuconsulting ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:2 DEVICE=eth0:2 BOOTPROTO=static BROADCAST=38.98.6.255 IPADDR=38.98.6.235 NETMASK=255.255.255.224 NETWORK=38.98.6.224 ONBOOT=yes TYPE=Ethernet [root@landuconsulting ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:3 DEVICE=eth0:3 BOOTPROTO=static BROADCAST=38.98.6.255 IPADDR=38.98.6.240 NETMASK=255.255.255.224 NETWORK=38.98.6.224 ONBOOT=yes TYPE=Ethernet [root@landuconsulting ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:4 DEVICE=eth0:4 BOOTPROTO=static BROADCAST=38.98.6.255 IPADDR=38.98.6.245 NETMASK=255.255.255.224 NETWORK=38.98.6.224 ONBOOT=yes TYPE=Ethernet [root@landuconsulting ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0:5 DEVICE=eth0:5 BOOTPROTO=static BROADCAST=38.98.6.255 IPADDR=38.98.6.250 NETMASK=255.255.255.224 NETWORK=38.98.6.224 ONBOOT=yes TYPE=Ethernet [root@landuconsulting ~]# cat /etc/sysctl.conf # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 1 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 [root@landuconsulting ~]# cat /etc/rc.local #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don''t # want to do the full Sys V style init stuff. touch /var/lock/subsys/local route add -net 38.98.6.224 netmask 255.255.255.224 gw 38.99.214.162 I''m pretty sure that I''m missing just some small detail but for some reason it evades my notice. Any assitance you can provide me with would be grately appreciated. Thank you for your time. Jd Geier _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Hello Jon-david Geier,
: After setting these adresses up I tested that they were
: functional ( at least to the local machine ) by pinging each
: adress all of which responded from the local machine.
If you can ping the addresses from the machine itself, then they
have been successfully added to the interface (eth0). You can
confirm this, of course by listing all of the addresses on eth0:
# ip address show dev eth0
This should show all of your addresses. Note that the term alias
for additional IP addresses on an interface is deprecated. The use
of the label (e.g., eth0:1, eth0:4) is simply a backwards-compatible
convenience for ifconfig. The iproute tools show a slightly more
accurate picture of the networking stack. (xref also, for some
possibly unexpected behaviour of the IP stack when an interface is
"down" [0] FAQ)
: The next thing I did was I set a
: route statement to set the primary ( x.x.214.162 ) as the gateway for the
: x.x.6.224 network via this statement: route add -net x.x.6.224 netmask
: 255.255.255.224 gw x.x.214.162.
This is probably not necessary. Let''s use your eth0:1 as an
example. When the network startup scripts bring up this IP, you''ll
see the address appear on the interface ("ip address show"), and you
should see a route to the network appear. Here''s roughly what I
would expect to see on your machine (different link layer address
for sure):
# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:30:1b:af:78:51 brd ff:ff:ff:ff:ff:ff
inet 38.99.214.162/30 brd 38.99.214.163 scope global eth0
inet 38.98.6.230/27 brd 38.98.6.255 scope global eth0:1
inet 38.98.6.235/27 brd 38.98.6.255 scope global secondary eth0:2
inet 38.98.6.240/27 brd 38.98.6.255 scope global secondary eth0:3
inet 38.98.6.245/27 brd 38.98.6.255 scope global secondary eth0:4
inet 38.98.6.250/27 brd 38.98.6.255 scope global secondary eth0:5
inet6 fe80::230:1bff:feaf:7851/64 scope link
valid_lft forever preferred_lft forever
# ip route show dev eth0
38.98.6.224/27 proto kernel scope link src 38.98.6.230
38.99.214.160/30 proto kernel scope link src 38.98.6.230
default via 38.99.214.161
Note the following potential pitfall. If you were to remove the IP
address 38.98.6.230 from eth0, all of the other ones would also be
removed [1].
: I thought this was all I needed in order to be able to access the
: aliased adresses externaly from the machine. Unfortunatley this
: is not the case. I have ensured that ip forwarding is enabled and
: that the adresses are setup correctly.
Is the machine a router? If "landuconsulting" is not a router, then
you do not need (nor want) IP forwarding enabled.
: I have also atempted to use the same route statment with iproute2
: via : ip route add 38.98.6.224/27 dev eth0 proto kernel scope
: link src 38.99.214.162 and I am still unable to access the
: adresses externaly from the machine.
So, you are testing to see if you can reach 38.98.214.162 and
38.98.6.230 (and friends) from a remote location? Are you sure the
upstream route exists? Here''s how to use tcpdump to test on
landuconsulting:
# tcpdump -nn -i eth0 net 38.98.6.224/27 or arp
Now, generate your inbound traffic to any of your additional
addresses. Watch for ARP requests. Is your machine answering them?
It is quite possible that your upstream router does not have a route
to 38.98.6.224/27 to your local Ethernet. That''s something you need
to fix on the upstream router, not on the host you are configuring
with many IP addresses.
: I have even brought down iptables to test that there is no
: conflict there. Here are the configuration files.
[ config files snipped, summary retained ]
eth0 38.99.214.162
eth0:1 38.98.6.230
eth0:2 38.98.6.235
eth0:3 38.98.6.240
eth0:4 38.98.6.245
eth0:5 38.98.6.250
[ snipped sysctl.conf; nothing unusual-looking there ]
: [root@landuconsulting ~]# cat /etc/rc.local
: # !/bin/sh
: #
: # This script will be executed *after* all the other init scripts.
: # You can put your own initialization stuff in here if you don''t
: # want to do the full Sys V style init stuff.
:
: touch /var/lock/subsys/local
: route add -net 38.98.6.224 netmask 255.255.255.224 gw 38.99.214.162
Yank this line. It is not required.
: I''m pretty sure that I''m missing just some small detail but
for
: some reason it evades my notice. Any assitance you can provide me
: with would be grately appreciated. Thank you for your time.
Good luck,
-Martin
[0] http://linux-net.osdl.org/index.php/IPv4
[1] http://linux-ip.net/html/tools-ip-address.html#tools-ip-address-del
--
Martin A. Brown
http://linux-ip.net/
Hello Jon-david Geier,
If you can ping the addresses from the machine itself, then they
have been successfully added to the interface (eth0). You can
confirm this, of course by listing all of the addresses on eth0:
# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:30:1b:af:78:51 brd ff:ff:ff:ff:ff:ff
inet 38.99.214.162/30 brd 38.99.214.163 scope global eth0
inet 38.98.6.230/27 brd 38.98.6.255 scope global eth0:1
inet 38.98.6.235/27 brd 38.98.6.255 scope global secondary eth0:2
inet 38.98.6.240/27 brd 38.98.6.255 scope global secondary eth0:3
inet 38.98.6.245/27 brd 38.98.6.255 scope global secondary eth0:4
inet 38.98.6.250/27 brd 38.98.6.255 scope global secondary eth0:5
inet6 fe80::230:1bff:feaf:7851/64 scope link
valid_lft forever preferred_lft forever
//cool thats what mine looks like there
# ip route show dev eth0
38.98.6.224/27 proto kernel scope link src 38.98.6.230
38.99.214.160/30 proto kernel scope link src 38.98.6.230
default via 38.99.214.161
// mine looks different here
//[root@landuconsulting ~]# ip route show dev eth0
//38.99.214.160/30 proto kernel scope link src 38.99.214.162
//38.98.6.224/27 proto kernel scope link src 38.98.6.230
//169.254.0.0/16 scope link
//default via 38.99.214.161
//should I remove this line "38.99.214.160/30 proto kernel scope link
src
38.99.214.162"
//and replace it with this line:"38.99.214.160/30 proto kernel scope link
src 38.98.6.230"
Note the following potential pitfall. If you were to remove the IP
address 38.98.6.230 from eth0, all of the other ones would also be
removed [1].
//noted
Is the machine a router? If "landuconsulting" is not a router, then
you do not need (nor want) IP forwarding enabled.
//removed ip_forwarding
So, you are testing to see if you can reach 38.98.214.162 and
38.98.6.230 (and friends) from a remote location? Are you sure the
upstream route exists? Here''s how to use tcpdump to test on
landuconsulting:
# tcpdump -nn -i eth0 net 38.98.6.224/27 or arp
Now, generate your inbound traffic to any of your additional
addresses. Watch for ARP requests. Is your machine answering them?
//nope
It is quite possible that your upstream router does not have a route
to 38.98.6.224/27 to your local Ethernet.
//I''m calling them in 30 to verify.
That''s something you need
to fix on the upstream router, not on the host you are configuring
with many IP addresses.
Good luck,
-Martin
Thank you Martin.
JD
[0] http://linux-net.osdl.org/index.php/IPv4
[1] http://linux-ip.net/html/tools-ip-address.html#tools-ip-address-del
--
Martin A. Brown
http://linux-ip.net/
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Hello, Please let me know if there is any thing equivalent to access control list for linux routers thank you