homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

Assigning IP's to second interface

 1:45 pm on Aug 15, 2005 (gmt 0)

I've got a block of IP's I want to assign to a second ethernet port on my webserver. The IP's are all from different C-classes, have different gateway's etc. In addition, the IP's assigned to my my primary ethernet port go through my host's firewall, this second block on the second port do not go through the firewall.

I've set them up using in the same fashion as I did my first set of IP's. However I can't access them externally.

I can ping them from the machine itself. I can also ping them from another machine on the same network as the first port (the one going through the firewall). I can't however ping them externally.

That to me says my ISP has something misconfigured since I can only get at the IP's within his network. He's claiming that I've got a misconfiguration with my default gateway (he was vague, I think he's saying traffic on the second port isn't coming and going in the right fashion).

Any thoughts on what I might be doing wrong? Is there a trick to this if there are different default gateways for different IP's on different ports?



 3:15 pm on Aug 15, 2005 (gmt 0)

It can be tricky when you have two different interfaces that are both connecting to the Internet via different routers. When you ping the second interface from the Internet, the machine is probably responding to the ping via the first interface, but with a different IP address, the response would be invalid. If I'm right, that would explain why local pings work.

The key is the routing table, but you first need to decide exactly which IP's/subnets the second interface will communicate with.


 9:50 pm on Aug 15, 2005 (gmt 0)

What's happening is similar to what the above comment is saying, the packet comes in the right interface, then is sent out the wrong interface.

The problem is going to be that a stateful firewall on the "wrong" interface will see the packet coming back, but didn't see the first packet going in, so it's going to block the response packet as not being in it's connection table.

The basic problem is that the response packets are leaving from the wrong interface. Without more details about at least what operating system you are running (uname -a would be helpful), and preferably what services you plan to run on the new IPs (http via apache?), we aren't going to be able to offer specific advice about the best way fix the issue.


 3:07 pm on Aug 16, 2005 (gmt 0)

I believe the above is the problem, but don't know where to fix it :). Running Mandrake linux 10.2. 2.6.11-6mdksmp kernel, apache2.

(thanks for the help!)


 4:17 pm on Aug 16, 2005 (gmt 0)

What's the purpose of the second interface?


 8:45 pm on Aug 16, 2005 (gmt 0)

Got assigned a 2nd block of IP's that don't go through the ISP's firewall. THe first block on the other port do go through the ISP's firewall. Two seperate physical routes, thus I need two nic's.

And unfortunately I can't get all the IP's outside the firewall or inside. I've got to take the half and half.


 2:01 am on Aug 19, 2005 (gmt 0)

I have a machine that is multihomed with two different routers for each interface. I set up separate tables for routes from each IP address, to make sure packets go back out the interface they came in on.

# table 1 has rules for X.Y.151.5 (eth0)
ip route add X.Y.151.0/24 dev eth0 src X.Y.151.5 table 1
ip route add default via X.Y.151.254 table 1
ip route add dev lo table 1
ip rule add from X.Y.151.5 table 1

# table 2 has rules for X.Y.131.5 (eth1)
ip route add X.Y.131.0/24 dev eth1 src X.Y.131.5 table 2
ip route add default via X.Y.131.254 table 2
ip route add dev lo table 2
ip rule add from X.Y.131.5 table 2

And for default routes - where the connection is initiated from my server - I do load balancing across the two interfaces.

# for default routes, do load balancing
ip route replace default scope global nexthop via X.Y.151.254 dev eth0 weight 1 nexthop via X.Y.131.254 dev eth1 weight 1


 3:51 am on Aug 31, 2005 (gmt 0)

Yeah, Danny's got it.

For more details, see [lartc.org...]

The key is the "src" argument, which specifies to only use that route for packets from that source.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved