Weird network problem

Miskell, Craig Craig.Miskell at agresearch.co.nz
Thu Oct 18 19:34:22 UTC 2007 

> I have a little problem: a machine is configured with two ip 
> addrs on the same eth if, the other being an alias. When 
> connecting to the primary addr, even when pinging it, the 
> response seems to come from the alias addr; this of course 
> messes up the config of the firewall sitting between the 
> server and clients. How is it possible? Why is the kernel 
> answering on the alias? How can I force it to answer with the 
> correct address?
I think I've seen something similar, and it's all down to routing
tables.  Remember that routing is done at the IP level (layer 3) not TCP
(layer 4).  So, when the reply packet is sent, your local routing table
will be consulted to decide where to send it and over which interface,
REGARDLESS of the interface/address on which the incoming packet arrived
(the routing doesn't even *know* about the incoming packet at this
stage).

Check your routing table ("route -n", or "netstat -rn").  Things to
consider:
1) Which interface/network/gateway is your default route (0.0.0.0); this
may well be the chosen route if you've got a firewall in between, as
your clients will be on a different subnet to any of the IP addresses on
the server
2) If that doesn't help, check the Iface (interface) column,
particularly if both IP addresses are in the same subnet.  I'm not aware
of the rules the kernel uses to decide which route to use if there are
multiple for the same network; it's probably something simply like the
lowest IP address or lowest interface number or something.  

If you get stuck send me more details offline (ip addresses, network
diagrams etc); like I said, I've dealt with stuff like this before (to
my mental detriment ;-))

Craig Miskell
=======================================================================
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.
=======================================================================

More information about the redhat-sysadmin-list mailing list