Two IP Addresses on one NIC; Routing Appropriate Traffic Through Each
The NW-Grid registration box, man4.nw-grid.ac.uk, happens to live at UoM. It needs to send email out to the world at large.
All outgoing mail from the campus network must go via the UoM mail relays — port 25 is blocked outbound. The relays accept email from machines DNS-registered within umist.ac.uk, man.ac.uk and manchester.ac.uk only. (Well, presumably mcc.ac.uk and a few others are still hanging around too.)
So we have an issue. Ask ITS nicely to reconfigure their mail relays? (That was Plan A.) Or use a second IP address with a different DNS-registration and use appropriate routing?
Two IP Addresses on One NIC
From the man page for ifconfig:
If your kernel supports alias interfaces, you can specify them with eth0:0 for the first alias of eth0. You can use them to assign a second address.Any modern kernel supports such aliases out of the box, so given a second IP address, 130.88.200.244, say, DNS-registered as, for example, biruni.mc.man.ac.uk, we proceed thusly:
promp> ifconfig eth0:0 130.88.200.244 netmask 255.255.255.0so that
prompt> ifconfig -a . . eth0 Link encap:Ethernet HWaddr 00:14:4F:20:86:88 inet addr:130.88.200.156 Bcast:130.88.200.255 Mask:255.255.255.0 . . eth0:0 Link encap:Ethernet HWaddr 00:14:4F:20:86:88 inet addr:130.88.200.244 Bcast:130.88.255.255 Mask:255.255.255.0 . .
Required Routing
We require all traffic to the UoM email relay, 130.88.200.242 (aka smtp.manchester.ac.uk), go through eth0:0 and all other traffic go through eth0, so we add a routing entry:
prompt> route add -host 130.88.200.92 dev eth0:0so that
prompt> netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 130.88.200.92 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 # # ...the above line is the new one --- but netstat gives no hint # that eth0:0 exists; nor does route --- see below... # 130.88.99.13 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 130.88.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 130.88.200.250 0.0.0.0 UG 0 0
Our New Route: Diagnostics and Testing
As stated above, neither netstat -rn nor route -n acknowledge the existence of our new IP alias, eth0:0, so how can we check that traffic is being routed as per our route add -host... command?
We should not have to resort to tcpdump. . .
Solution — install better utilities
root> apt-get install iproute # # ...get a more advanced set of tools #and then
root> ip route list 130.88.200.92 dev eth0 scope link src 130.88.200.244 # # ...shows the source address this time... # 130.88.0.0/16 dev eth0 proto kernel scope link src 130.88.198.58 130.88.200.0/24 dev eth0 proto kernel scope link src 130.88.200.244 default via 130.88.198.250 dev eth0Thar she blows!
Problems Encountered
Of course, in truth there was a problem which arose owing to a "feature" of ifconfig.
An alias already existed on eth0 which we wished to shutdown before setting up our new one. ifconfig -a showed
eth0 Link encap:Ethernet HWaddr 00:12... inet addr:130.88.200.156 Bcast:130.88.200.255 Mask:255.255.255.0 . . eth0:biru Link encap:Ethernet HWaddr 00:12:3F:32:AD:DB inet addr:... . .yet
prompt> ifconfig eth0:biru down eth0:SIOCSIFFLAGS: Cannot assign requested addressIt turns out that ifconfig list only the first four characters of the true alias name — so what was our alias?
A quick fgrep -r biru of /etc/sysconfig/network provided the answer and
ifconfig eth0:birunimcmanacuk downdowned the beastie.