All of lore.kernel.org
 help / color / mirror / Atom feed
From: Joe Nuts <joenuts@gmail.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Multiple network cards on same subnet problem
Date: Mon, 02 May 2005 21:18:18 +0000	[thread overview]
Message-ID: <cfc690b7050502141870310cb2@mail.gmail.com> (raw)
In-Reply-To: <427696B4.6030201@vulnscan.org>

Hi Bram, 
I have a similar setup, and what I find works for me is adding ip
'rules' for certain traffic to have specific default routes.
for instance :

# ip rule add from 192.168.5.220 lookup 10
# ip route add table 10 default src 192.168.5.220 dev eth0

# ip rule add from 192.168.5.221 lookup 11
# ip route add table 11 default src 192.168.5.221 dev eth1

# ip rule add from 192.168.5.222 lookup 12
# ip route add table 12 default src 192.168.5.222 dev eth2

I hope that helps.
-Joe

On 5/2/05, Bram Matthys (Syzop) <syzop@vulnscan.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> this might seem like a classical problem but I've trouble getting this
> working correctly:
> 
> # ifconfig  ### output stripped down:
> eth0      Link encap:Ethernet  HWaddr 00:50:FC:2B:EB:1B
>          inet addr:192.168.5.220  Bcast:192.168.5.255  Mask:255.255.255.0
> 
> eth1      Link encap:Ethernet  HWaddr 00:02:44:60:EC:58
>          inet addr:192.168.5.221  Bcast:192.168.5.255  Mask:255.255.255.0
> 
> eth2      Link encap:Ethernet  HWaddr 00:20:ED:33:2B:6B
>          inet addr:192.168.5.222  Bcast:192.168.5.255  Mask:255.255.255.0
> 
> # ip route
> 192.168.5.0/24 dev eth0  proto kernel  scope link  src 192.168.5.220
> 192.168.5.0/24 dev eth1  proto kernel  scope link  src 192.168.5.221
> 192.168.5.0/24 dev eth2  proto kernel  scope link  src 192.168.5.222
> default via 192.168.5.11 dev eth0
> 
> # cat /proc/sys/net/ipv4/conf/all/arp_filter
> 1
> (and just to be sure I set /conf/<every interface>/arp_filter to 1 as well)
> 
> So basically what I want is just a box with 3 network cards with 3
> different ips, no bonding/trunking, just simple.. :).
> 
> What I get is simply that eth0 is answering (with it's own HW addr) to
> arp requests for all ips (so including .221 and .222). Also, the other
> interfaces are not answering (so it's not like they all answer either,
> only eth0 does). The interfaces do receive the request however (when I
> look with tcpdump).
> The effect is obvious, when I list the arp table on the client machine:
>  192.168.5.220         00-50-fc-2b-eb-1b     dynamic
>  192.168.5.221         00-50-fc-2b-eb-1b     dynamic
>  192.168.5.222         00-50-fc-2b-eb-1b     dynamic
>                            ^ that's all eth0's hw addr :|
> 
> I've also tried all /proc/sys/net/ipv4/conf/all/arp_ignore settings
> (+flushing arp tables @ client of course), but none of them helped...
> I'm not even sure if those options have anything to do with what I'm
> trying to accomplish.
> 
> Actually, when adding the hw addr manually (arp -s 192.168.5.221
> 00-02-44-60-EC-58) pinging doesn't work either... while all interfaces
> receive the request (because naturally the switch didn't see the arp
> request/reply it gets broadcasted) none of them replies.
> 
> Some of these are irrelevant, but just to be sure:
> - - no iptables rules are present
> - - all default iptables actions are at ACCEPT
> - - IP Forwarding is disabled
> - - I've reset my switch
> - - I've flushed all arp tables on both the server and test client machine
> 
> This is Linux 2.4.30 (w/grsecurity).
> 
> Fast switching is off btw, checked that as well.
> 
> Did I miss a setting? A kernel compile option? Or is there a problem
> with arp_filter in 2.4.*? I hope I'm missing something obvious here ;).
> 
> Thanks,
> 
>        Bram.
> 
> - --
> Bram Matthys
> Software developer/IT consultant        syzop@vulnscan.org
> PGP key:                       www.vulnscan.org/pubkey.asc
> PGP fp: 8DD4 437E 9BA8 09AA 0A8D  1811 E1C3 D65F E6ED 2AA2
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
> 
> iD8DBQFCdpa04cPWX+btKqIRArOUAJ4iLOSclzAsw7JbFeK6tGq/4jTwxwCfVMqA
> VBYs/M0H0VVAQD9AutJ29mA> =/L4a
> -----END PGP SIGNATURE-----
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

  reply	other threads:[~2005-05-02 21:18 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-05-02 21:08 [LARTC] Multiple network cards on same subnet problem (arp_filter=1) Bram Matthys (Syzop)
2005-05-02 21:18 ` Joe Nuts [this message]
2005-05-02 21:42 ` [LARTC] Multiple network cards on same subnet problem Bram Matthys (Syzop)
2005-05-03  5:09 ` Taylor, Grant
2005-05-19 15:17 ` [LARTC] Multiple network cards on same subnet problem (arp_filter=1) Simon Haynes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cfc690b7050502141870310cb2@mail.gmail.com \
    --to=joenuts@gmail.com \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.