[Cialug] Interface Aliases
L. V. Lammert
lvl at omnitec.net
Thu May 31 18:01:33 CDT 2012
> In even vaguely recent kernels (like 2.4.0+) there is no longer a
> distinction between "alias" and "primary" IPs; there shouldn't be any
> routing issues so long as you provided reasonable settings when you
> added the address.
>
An "alias" to me is eth0:1, .. ifconfig eth0:1 (as in the config).
> Is it possible there's some other device on the network with the same
> address -- maybe because your users didn't unplug the old bits correctly
> or somesuch?
>
No, these are on the external side.
> Are the services listening on *? Sometimes services are bound to a
> specific address, rather than listening on any address.
>
Good point, ..
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
> Is there a firewall that might be configured with the first IP address
> in the rules? You can list all iptables (or at least all in the default
> table)
>
Bingo! IPTABLES is pulling the base IP from the interface, so it is only
using that for routing.
Thanks!
Lee
-------------- next part --------------
On May 31, 2012, at 3:21 PM, L. V. Lammert wrote:
> Setting to switchover a remote server to a new network, .. I thought "why
> not add an alias with an IP on the OLD network so the usrs can just switch
> the cable back to the old DSL modem if something goes wonky". Never tried
> it, .. added it, and I can ping it, but none of the services bound to the
> primary IP are visible on the alias (e.g. ssh).
>
> Is this even possible? I know there are some wonky routing/subnet issues
> with aliases, ..
In even vaguely recent kernels (like 2.4.0+) there is no longer a distinction between "alias" and "primary" IPs; there shouldn't be any routing issues so long as you provided reasonable settings when you added the address.
Is it possible there's some other device on the network with the same address -- maybe because your users didn't unplug the old bits correctly or somesuch?
Are the services listening on *? Sometimes services are bound to a specific address, rather than listening on any address. You can check with:
netstat -a -n -p tcp | grep LISTEN
it should say something like:
tcp4 0 0 *.22 *.* LISTEN
and not:
tcp4 0 0 192.168.1.1.22 *.* LISTEN
Is there a firewall that might be configured with the first IP address in the rules? You can list all iptables (or at least all in the default table) with:
iptables -v -n -L
and it should be pretty obvious if any of the entries contains a relevant IP address (grep may help if you've got lots of rules).
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2746 bytes
Desc: not available
URL: <http://cialug.org/pipermail/cialug/attachments/20120531/63d6df1f/attachment.bin>
-------------- next part --------------
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list