Linux Advanced Routing and Traffic Control list
 help / color / mirror / Atom feed
From: Joe Nuts <joenuts@gmail.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Multiple network cards on same subnet problem
Date: Mon, 02 May 2005 21:18:18 +0000	[thread overview]
Message-ID: <cfc690b7050502141870310cb2@mail.gmail.com> (raw)
In-Reply-To: <427696B4.6030201@vulnscan.org>

Hi Bram, 
I have a similar setup, and what I find works for me is adding ip
'rules' for certain traffic to have specific default routes.
for instance :

# ip rule add from 192.168.5.220 lookup 10
# ip route add table 10 default src 192.168.5.220 dev eth0

# ip rule add from 192.168.5.221 lookup 11
# ip route add table 11 default src 192.168.5.221 dev eth1

# ip rule add from 192.168.5.222 lookup 12
# ip route add table 12 default src 192.168.5.222 dev eth2

I hope that helps.
-Joe

On 5/2/05, Bram Matthys (Syzop) <syzop@vulnscan.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> this might seem like a classical problem but I've trouble getting this
> working correctly:
> 
> # ifconfig  ### output stripped down:
> eth0      Link encap:Ethernet  HWaddr 00:50:FC:2B:EB:1B
>          inet addr:192.168.5.220  Bcast:192.168.5.255  Mask:255.255.255.0
> 
> eth1      Link encap:Ethernet  HWaddr 00:02:44:60:EC:58
>          inet addr:192.168.5.221  Bcast:192.168.5.255  Mask:255.255.255.0
> 
> eth2      Link encap:Ethernet  HWaddr 00:20:ED:33:2B:6B
>          inet addr:192.168.5.222  Bcast:192.168.5.255  Mask:255.255.255.0
> 
> # ip route
> 192.168.5.0/24 dev eth0  proto kernel  scope link  src 192.168.5.220
> 192.168.5.0/24 dev eth1  proto kernel  scope link  src 192.168.5.221
> 192.168.5.0/24 dev eth2  proto kernel  scope link  src 192.168.5.222
> default via 192.168.5.11 dev eth0
> 
> # cat /proc/sys/net/ipv4/conf/all/arp_filter
> 1
> (and just to be sure I set /conf/<every interface>/arp_filter to 1 as well)
> 
> So basically what I want is just a box with 3 network cards with 3
> different ips, no bonding/trunking, just simple.. :).
> 
> What I get is simply that eth0 is answering (with it's own HW addr) to
> arp requests for all ips (so including .221 and .222). Also, the other
> interfaces are not answering (so it's not like they all answer either,
> only eth0 does). The interfaces do receive the request however (when I
> look with tcpdump).
> The effect is obvious, when I list the arp table on the client machine:
>  192.168.5.220         00-50-fc-2b-eb-1b     dynamic
>  192.168.5.221         00-50-fc-2b-eb-1b     dynamic
>  192.168.5.222         00-50-fc-2b-eb-1b     dynamic
>                            ^ that's all eth0's hw addr :|
> 
> I've also tried all /proc/sys/net/ipv4/conf/all/arp_ignore settings
> (+flushing arp tables @ client of course), but none of them helped...
> I'm not even sure if those options have anything to do with what I'm
> trying to accomplish.
> 
> Actually, when adding the hw addr manually (arp -s 192.168.5.221
> 00-02-44-60-EC-58) pinging doesn't work either... while all interfaces
> receive the request (because naturally the switch didn't see the arp
> request/reply it gets broadcasted) none of them replies.
> 
> Some of these are irrelevant, but just to be sure:
> - - no iptables rules are present
> - - all default iptables actions are at ACCEPT
> - - IP Forwarding is disabled
> - - I've reset my switch
> - - I've flushed all arp tables on both the server and test client machine
> 
> This is Linux 2.4.30 (w/grsecurity).
> 
> Fast switching is off btw, checked that as well.
> 
> Did I miss a setting? A kernel compile option? Or is there a problem
> with arp_filter in 2.4.*? I hope I'm missing something obvious here ;).
> 
> Thanks,
> 
>        Bram.
> 
> - --
> Bram Matthys
> Software developer/IT consultant        syzop@vulnscan.org
> PGP key:                       www.vulnscan.org/pubkey.asc
> PGP fp: 8DD4 437E 9BA8 09AA 0A8D  1811 E1C3 D65F E6ED 2AA2
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
> 
> iD8DBQFCdpa04cPWX+btKqIRArOUAJ4iLOSclzAsw7JbFeK6tGq/4jTwxwCfVMqA
> VBYs/M0H0VVAQD9AutJ29mA> =/L4a
> -----END PGP SIGNATURE-----
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

  reply	other threads:[~2005-05-02 21:18 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-05-02 21:08 [LARTC] Multiple network cards on same subnet problem (arp_filter=1) Bram Matthys (Syzop)
2005-05-02 21:18 ` Joe Nuts [this message]
2005-05-02 21:42 ` [LARTC] Multiple network cards on same subnet problem Bram Matthys (Syzop)
2005-05-03  5:09 ` Taylor, Grant
2005-05-19 15:17 ` [LARTC] Multiple network cards on same subnet problem (arp_filter=1) Simon Haynes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cfc690b7050502141870310cb2@mail.gmail.com \
    --to=joenuts@gmail.com \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox