Multiple interfaces - routing problem

Multiple interfaces - routing problem

Post by camuel.. » Fri, 05 Nov 1999 04:00:00



Hi,

I have set up a Linux box containing 4 network adapters of which 2
contribute to the problem I'm goiing to explain. First comes the routing
table looking like this (999 is a placeholder, not a typo):

Kernel IP routing table
Destination   Gateway     Genmask         Flags MSSS Window irtt Iface
999.79.58.1   *           255.255.255.255 UH    0    0      0    eth0
999.79.58.0   *           255.255.255.192 U     0    0      0    eth1
192.168.2.0   *           255.255.255.0   U     0    0      0    eth3
192.168.1.0   *           255.255.255.0   U     0    0      0    eth2
loopback      *           255.0.0.0       U     0    0      0    lo
default       999.79.58.1 0.0.0.0         UG    0    0      0    eth2

This machine acts as a firewall sitting between us and our ISP.
999.79.58.0/26 is our "official" network and 999.79.58.1 is the router
towards the ISP.
From this machine I can ping the router=999.79.58.1 (going via eth0) and
any host in the network 999.79.58.x (going via eth1).
However I cannot ping the router (999.79.58.1) from any host in any
network (999.79.58.x, 192.168.2.x, 192.168.1.x) except from this machine
itself. Interfaces are configured as follows:

eth0      Link encap:Ethernet  HWaddr 00:90:27:B6:F7:CA
          inet addr:999.79.58.2  Bcast:999.79.58.255
Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22 errors:0 dropped:0 overruns:0 frame:0
          TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:5 Base address:0xd800

eth1      Link encap:Ethernet  HWaddr 00:90:27:B6:EA:E1
          inet addr:999.79.58.3  Bcast:999.79.58.63
Mask:255.255.255.192
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:34311 errors:3 dropped:0 overruns:0 frame:0
          TX packets:39672 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:9 Base address:0xdc00

eth2      Link encap:Ethernet  HWaddr 00:90:27:B6:F6:91
          inet addr:192.168.1.5  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11972 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11939 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:5 Base address:0xe000

eth3      Link encap:Ethernet  HWaddr 00:90:27:B6:F5:D7
          inet addr:192.168.2.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:33079 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26424 errors:0 dropped:0 overruns:0 carrier:0
          collisions:1 txqueuelen:100
          Interrupt:10 Base address:0xe400

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

I'm not a networking expert but I thought I had understood most of the
essentials of routing. If anybody has a clue what might be wrong in my
setup please give me a hint (or even better: the solution :-) )

Axel

Sent via Deja.com http://www.deja.com/
Before you buy.

 
 
 

Multiple interfaces - routing problem

Post by Tom Easte » Fri, 05 Nov 1999 04:00:00



> Hi,

> I have set up a Linux box containing 4 network adapters of which 2
> contribute to the problem I'm goiing to explain. First comes the routing
> table looking like this (999 is a placeholder, not a typo):

> Kernel IP routing table
> Destination   Gateway     Genmask         Flags MSSS Window irtt Iface
> 999.79.58.1   *           255.255.255.255 UH    0    0      0    eth0
> 999.79.58.0   *           255.255.255.192 U     0    0      0    eth1
> 192.168.2.0   *           255.255.255.0   U     0    0      0    eth3
> 192.168.1.0   *           255.255.255.0   U     0    0      0    eth2
> loopback      *           255.0.0.0       U     0    0      0    lo
> default       999.79.58.1 0.0.0.0         UG    0    0      0    eth2

Typo? I would have thought that the interface on this last route would
have been eth0.

- Show quoted text -

Quote:

> This machine acts as a firewall sitting between us and our ISP.
> 999.79.58.0/26 is our "official" network and 999.79.58.1 is the router
> towards the ISP.
> From this machine I can ping the router=999.79.58.1 (going via eth0) and
> any host in the network 999.79.58.x (going via eth1).
> However I cannot ping the router (999.79.58.1) from any host in any
> network (999.79.58.x, 192.168.2.x, 192.168.1.x) except from this machine
> itself. Interfaces are configured as follows:

> eth0      Link encap:Ethernet  HWaddr 00:90:27:B6:F7:CA
>           inet addr:999.79.58.2  Bcast:999.79.58.255
> Mask:255.255.255.255
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:22 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           Interrupt:5 Base address:0xd800

> eth1      Link encap:Ethernet  HWaddr 00:90:27:B6:EA:E1
>           inet addr:999.79.58.3  Bcast:999.79.58.63
> Mask:255.255.255.192
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:34311 errors:3 dropped:0 overruns:0 frame:0
>           TX packets:39672 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           Interrupt:9 Base address:0xdc00

> eth2      Link encap:Ethernet  HWaddr 00:90:27:B6:F6:91
>           inet addr:192.168.1.5  Bcast:192.168.1.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:11972 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:11939 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           Interrupt:5 Base address:0xe000

> eth3      Link encap:Ethernet  HWaddr 00:90:27:B6:F5:D7
>           inet addr:192.168.2.1  Bcast:192.168.1.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:33079 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:26424 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:1 txqueuelen:100
>           Interrupt:10 Base address:0xe400

> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:3924  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0

> I'm not a networking expert but I thought I had understood most of the
> essentials of routing. If anybody has a clue what might be wrong in my
> setup please give me a hint (or even better: the solution :-) )

Have you enabled forwarding (echo 1 > /proc/sys/net/ipv4/ip_forward) and
set up masquerading rules?

Since your internal networks are in the address range reserved for
private networks (RFC-1918), it's doubtful that messages sent to these
networks from outside can be routed properly. You'll need to use some
form of NAT (Network Address Translation) and masquerading provides the
most convenient way to do that with Linux.

If you have set up masquerading, what do your rules look like?

-Tom
--
Tom Eastep               \    Opinions expressed here

Shoreline, Washington USA  \    those of my employer


 
 
 

Multiple interfaces - routing problem

Post by Josef Drexle » Fri, 05 Nov 1999 04:00:00



writes:
Quote:> Hi,

> I have set up a Linux box containing 4 network adapters of which 2
> contribute to the problem I'm goiing to explain. First comes the routing
> table looking like this (999 is a placeholder, not a typo):

> Kernel IP routing table
> Destination   Gateway     Genmask         Flags MSSS Window irtt Iface
> 999.79.58.1   *           255.255.255.255 UH    0    0      0    eth0

                                                                   ^^^^

Quote:> 999.79.58.0   *           255.255.255.192 U     0    0      0    eth1
> 192.168.2.0   *           255.255.255.0   U     0    0      0    eth3
> 192.168.1.0   *           255.255.255.0   U     0    0      0    eth2
> loopback      *           255.0.0.0       U     0    0      0    lo
> default       999.79.58.1 0.0.0.0         UG    0    0      0    eth2

                                                                   ^^^^

Shouldn't they both be the same device?

--
   Josef Drexler                 |    http://publish.uwo.ca/~jdrexler/
---------------------------------+----------------------------------------
 Please help Conserve Gravity    |  To email me, please change the country
 Walk with a light step.         |  code to .ca - Death to Spammers!

 
 
 

Multiple interfaces - routing problem

Post by M. Buchenried » Sat, 06 Nov 1999 04:00:00


[...]

Quote:>From this machine I can ping the router=999.79.58.1 (going via eth0) and
>any host in the network 999.79.58.x (going via eth1).
>However I cannot ping the router (999.79.58.1) from any host in any
>network (999.79.58.x, 192.168.2.x, 192.168.1.x) except from this machine
>itself. Interfaces are configured as follows:

[...]

Did you enable IP forwarding ?

Michael
--

          Lumber Cartel Unit #456 (TINLC) & Official Netscum
    Note: If you want me to send you email, don't munge your address.

 
 
 

Multiple interfaces - routing problem

Post by Wouter Gazenda » Sat, 06 Nov 1999 04:00:00


Hi,

I think the default route to the Net shouldn't go through eth2.
I presume eth0 is the NIC connected to the router.
Try

   route delete default gw 999.79.58.1 eth2

to remove the wrong route, and try

   route add default gw 999.79.58.1 eth0

The second line
999.79.58.0   *           255.255.255.192 U     0    0      0    eth1
doesnt look healthy if eth0 is the NIC to your ISP.

BTW Why do you have four NIC's?

msg me if the problems persist.

Wouter


> Hi,

> I have set up a Linux box containing 4 network adapters of which 2
> contribute to the problem I'm goiing to explain. First comes the routing
> table looking like this (999 is a placeholder, not a typo):

> Kernel IP routing table
> Destination   Gateway     Genmask         Flags MSSS Window irtt Iface
> 999.79.58.1   *           255.255.255.255 UH    0    0      0    eth0
> 999.79.58.0   *           255.255.255.192 U     0    0      0    eth1
> 192.168.2.0   *           255.255.255.0   U     0    0      0    eth3
> 192.168.1.0   *           255.255.255.0   U     0    0      0    eth2
> loopback      *           255.0.0.0       U     0    0      0    lo
> default       999.79.58.1 0.0.0.0         UG    0    0      0    eth2

> This machine acts as a firewall sitting between us and our ISP.
> 999.79.58.0/26 is our "official" network and 999.79.58.1 is the router
> towards the ISP.
> From this machine I can ping the router=999.79.58.1 (going via eth0) and
> any host in the network 999.79.58.x (going via eth1).
> However I cannot ping the router (999.79.58.1) from any host in any
> network (999.79.58.x, 192.168.2.x, 192.168.1.x) except from this machine
> itself. Interfaces are configured as follows:

> eth0      Link encap:Ethernet  HWaddr 00:90:27:B6:F7:CA
>           inet addr:999.79.58.2  Bcast:999.79.58.255
> Mask:255.255.255.255
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:22 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           Interrupt:5 Base address:0xd800

> eth1      Link encap:Ethernet  HWaddr 00:90:27:B6:EA:E1
>           inet addr:999.79.58.3  Bcast:999.79.58.63
> Mask:255.255.255.192
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:34311 errors:3 dropped:0 overruns:0 frame:0
>           TX packets:39672 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           Interrupt:9 Base address:0xdc00

> eth2      Link encap:Ethernet  HWaddr 00:90:27:B6:F6:91
>           inet addr:192.168.1.5  Bcast:192.168.1.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:11972 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:11939 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           Interrupt:5 Base address:0xe000

> eth3      Link encap:Ethernet  HWaddr 00:90:27:B6:F5:D7
>           inet addr:192.168.2.1  Bcast:192.168.1.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:33079 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:26424 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:1 txqueuelen:100
>           Interrupt:10 Base address:0xe400

> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:3924  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0

> I'm not a networking expert but I thought I had understood most of the
> essentials of routing. If anybody has a clue what might be wrong in my
> setup please give me a hint (or even better: the solution :-) )

> Axel

> Sent via Deja.com http://www.deja.com/
> Before you buy.

 
 
 

Multiple interfaces - routing problem

Post by Steve Cowle » Sat, 06 Nov 1999 04:00:00


See below


> Hi,

> I have set up a Linux box containing 4 network adapters of which 2
> contribute to the problem I'm goiing to explain. First comes the routing
> table looking like this (999 is a placeholder, not a typo):

> Kernel IP routing table
> Destination   Gateway     Genmask         Flags MSSS Window irtt Iface
> 999.79.58.1   *           255.255.255.255 UH    0    0      0    eth0

If you have a router at the .1 address on this network, why is this route here and
pointing towards eth0. eth0 (in its current config) can only talk to itself.

Quote:> 999.79.58.0   *           255.255.255.192 U     0    0      0    eth1

Looks good.

Quote:> 192.168.2.0   *           255.255.255.0   U     0    0      0    eth3

Looks good.

Quote:> 192.168.1.0   *           255.255.255.0   U     0    0      0    eth2

Looks good.

Quote:> loopback      *           255.0.0.0       U     0    0      0    lo

Looks good.

Quote:> default       999.79.58.1 0.0.0.0         UG    0    0      0    eth2

NOT good. Currently, eth1 is the only interface that can talk to any IP's located on the
999.79.58.0 network. This route should access the default route (999.79.58.1) through
eth1, not eth2. eth1 has the proper netmask.

Quote:

> This machine acts as a firewall sitting between us and our ISP.
> 999.79.58.0/26 is our "official" network and 999.79.58.1 is the router
> towards the ISP.

When you say "router", do you have a router on the 999.79.58.0/26 network that is
connected to your ISP and also to the linux box's eth0 or eth1 interface? or are you
implying the external interface of the linux box is the router?

From the inforamtion you supplied in your post, I'm interpreting the following:
network address =  999.79.58.0
netmask = 255.255.255.192 or /26
broadcast = 999.79.58.63
addressable IP's = 999.79.58.1  thru 999.79.58.62
Router address = 999.79.58.1

Quote:> From this machine I can ping the router=999.79.58.1 (going via eth0) and
> any host in the network 999.79.58.x (going via eth1).
> However I cannot ping the router (999.79.58.1) from any host in any
> network (999.79.58.x, 192.168.2.x, 192.168.1.x) except from this machine
> itself. Interfaces are configured as follows:

> eth0      Link encap:Ethernet  HWaddr 00:90:27:B6:F7:CA
>           inet addr:999.79.58.2  Bcast:999.79.58.255
> Mask:255.255.255.255
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:22 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           Interrupt:5 Base address:0xd800

This one (eth0) is all messed up. Look at the broadcast address and netmask. The way it is
currently configured, it can only talk to itself. /32 netmask. In fact, why is this
interface even needed? It is on the same network as eth1. If your goal is to bind multiple
address to a singe NIC, take a look at /usr/src/linux/Documentation/networking/alias.txt
and bind this address to eth1. I guess a network design diagram (ASCII art) would help me
underastand your goal of using this interface.

Quote:> eth1      Link encap:Ethernet  HWaddr 00:90:27:B6:EA:E1
>           inet addr:999.79.58.3  Bcast:999.79.58.63
> Mask:255.255.255.192
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:34311 errors:3 dropped:0 overruns:0 frame:0
>           TX packets:39672 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           Interrupt:9 Base address:0xdc00

Looks correct.

Quote:> eth2      Link encap:Ethernet  HWaddr 00:90:27:B6:F6:91
>           inet addr:192.168.1.5  Bcast:192.168.1.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:11972 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:11939 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           Interrupt:5 Base address:0xe000

Looks correct.

Quote:> eth3      Link encap:Ethernet  HWaddr 00:90:27:B6:F5:D7
>           inet addr:192.168.2.1  Bcast:192.168.1.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:33079 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:26424 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:1 txqueuelen:100
>           Interrupt:10 Base address:0xe400

Looks correct.

Quote:> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           UP LOOPBACK RUNNING  MTU:3924  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0

> I'm not a networking expert but I thought I had understood most of the
> essentials of routing. If anybody has a clue what might be wrong in my
> setup please give me a hint (or even better: the solution :-) )

If I am properly understanding your post (there is a router at the .1 address), a better
solution would be to use only 3 interfaces. One for each network. Basically, configure
eth0 (using current eth1 info), eth1 (using current eth2 info) and eth2 (using current
eth3 info) and change your default route entry to use eth0. Eth3 is not needed. This
should work. Well... it should work, if you have enabled ip_forwarding and ip_masq also as
the other posters of this thread have mentioned

netstat should reveal something similar to the following info if you were to use just 3
interfaces as mentioned above.
999.79.58.0   *           255.255.255.192 U     0    0      0    eth0
192.168.2.0   *           255.255.255.0   U     0    0      0    eth1
192.168.1.0   *           255.255.255.0   U     0    0      0    eth2
loopback      *           255.0.0.0       U     0    0      0    lo
default       999.79.58.1 0.0.0.0         UG    0    0      0    eth0

Quote:> Axel

> Sent via Deja.com http://www.deja.com/
> Before you buy.

Good luck!!!
Steve Cowles
SWCowles at gte dot net
 
 
 

1. Multiple default routes on multiple interfaces

I have two DSL lines from the same provider on two different static IPs
and two interfaces for my linux box.  I am not particularly worried
about load-balancing here.  I just want failover between the two lines,
with next-hop detection if possible.  The idea is that I don't need
heavy-weight applications like OSPF or BGP (since it's the same
provider), nor any fancy routers; just something that determines if
line 1 is down, switch the default route to line 2 (automatically:  I
know I can do it by hand, or even write a shell script).

For those who will ask, I did try a switch to bring everything to a
single interface and single IP on the linux box.  But when line 1 is
down, the default route and IP for line 1 won't work over line 2.
Initially, I thought it was an arp issue, but it wouldn't resolve after
several minutes, nor after arp -d.  The IPs are contiguous /29 networks
(which I have successfully combined into a /28), but it does not
failover properly.  In the "single interface" scenario, I would have to
assign a new default route *and* IP (and even source routing,
probably...).

I understand that iproute2 will/should allow multiple default routes,
but then it will round-robin based on destination (this is how I used
to setup Cisco behaviour and how I believe Solaris handles it).  But
what is the failure detection?  Link loss?  Next-hop down?  Anyone have
an easy solution to what should be relatively common?

2. kill -9

3. multiple interface/unused interface problems!

4. ssh client source

5. Interface problem with multiple alias interfaces in same subnet

6. A video for your Linux desktop?

7. Configuring Routing Table with Multiple Interfaces

8. Xterm font problem

9. Multiple VPN-Interfaces and intelligent routing

10. Routing Issue with Multiple PPP interfaces

11. Multiple Interface Routing

12. Multiple default routes - sorting by interface priority

13. Routing and multiple TCP/IP interfaces