by Shalom!
In, perhaps, a misguided desire for elegance, I moved our DNS server from an
aged and infirm host onto our existing file/mail server (Dell PowerEdge/2450
w/dual PIII/866 CPUs and 2GB RAM, running Fedora Core 1 w/all updates). Since
the DNS server sat on a different subnet, I added a second NIC to the
file/mail server and created the appropriate files in
/etc/sysconfig/network-scripts (ifcfg-eth1 and route-eth{0,1}).
"route -n" shows:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
128.139.197.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
128.139.206.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 128.139.197.16 0.0.0.0 UG 0 0 0 eth1
0.0.0.0 128.139.206.1 0.0.0.0 UG 1 0 0 eth0
The problem is that although packets received from the two subnets arrive
through the corresponding device, *packets sent to a host on a subnet other
than 128.139.197.0 exit through eth1.*
Running "ping 128.139.206.12" from a host on the 128.139.206.0 subnet shows
that packets exit via eth1, rather than via eth0:
tcpdump: listening on eth1
11:54:38.192269 efes.iucc.ac.il > horen.tau.ac.il: icmp: echo reply
11:54:39.202538 efes.iucc.ac.il > horen.tau.ac.il: icmp: echo reply
11:54:40.212855 efes.iucc.ac.il > horen.tau.ac.il: icmp: echo reply
I understand that this is because the metric for eth1 is "0", while the metric
for eth1 is "1". If I understand correctly, changing the metric for eth0 to
"0" would mean that every packet would be sent to *both* interfaces, giving me
a 50% packet loss.
Is there a way to configure routing on this server so that a packet's
source-address is "honored" by the system when responding?
worst-case, I'll cobble together a separate DNS server from an unused PIII/500...
TIA!
--
JONATHAN B. HOREN UNIX SYSTEMS ADMINISTRATOR
T: +972-(0)3-640-5203 Tel-Aviv University
F: +972-(0)3-640-9118 Ramat-Aviv 69978 Israel