Two IP Addresses on one NIC; Routing Appropriate Traffic Through Each
The NW-Grid registration box, man4.nw-grid.ac.uk, happens to live at UoM. It needs to send email out to the world at large.
All outgoing mail from the campus network must go via the UoM mail relays — port 25 is blocked outbound. The relays accept email from machines DNS-registered within umist.ac.uk, man.ac.uk and manchester.ac.uk only. (Well, presumably mcc.ac.uk and a few others are still hanging around too.)
So we have an issue. Ask ITS nicely to reconfigure their mail relays? (That was Plan A.) Or use a second IP address with a different DNS-registration and use appropriate routing?
Two IP Addresses on One NIC
From the man page for ifconfig:
If your kernel supports alias interfaces, you can specify them with
eth0:0 for the first alias of eth0. You can use them to assign a
second address.
Any modern kernel supports such aliases out of the box, so given a second
IP address, 130.88.200.244, say, DNS-registered as, for example,
biruni.mc.man.ac.uk, we proceed thusly:
promp> ifconfig eth0:0 130.88.200.244 netmask 255.255.255.0
so that
prompt> ifconfig -a
.
.
eth0 Link encap:Ethernet HWaddr 00:14:4F:20:86:88
inet addr:130.88.200.156 Bcast:130.88.200.255 Mask:255.255.255.0
.
.
eth0:0 Link encap:Ethernet HWaddr 00:14:4F:20:86:88
inet addr:130.88.200.244 Bcast:130.88.255.255 Mask:255.255.255.0
.
.
Required Routing
We require all traffic to the UoM email relay, 130.88.200.242 (aka smtp.manchester.ac.uk), go through eth0:0 and all other traffic go through eth0, so we add a routing entry:
prompt> route add -host 130.88.200.92 dev eth0:0
so that
prompt> netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
130.88.200.92 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
#
# ...the above line is the new one --- but netstat gives no hint
# that eth0:0 exists; nor does route --- see below...
#
130.88.99.13 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
130.88.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 130.88.200.250 0.0.0.0 UG 0 0
Our New Route: Diagnostics and Testing
As stated above, neither netstat -rn nor route -n acknowledge the existence of our new IP alias, eth0:0, so how can we check that traffic is being routed as per our route add -host... command?
We should not have to resort to tcpdump. . .
Solution — install better utilities
root> apt-get install iproute
#
# ...get a more advanced set of tools
#
and then
root> ip route list
130.88.200.92 dev eth0 scope link src 130.88.200.244
#
# ...shows the source address this time...
#
130.88.0.0/16 dev eth0 proto kernel scope link src 130.88.198.58
130.88.200.0/24 dev eth0 proto kernel scope link src 130.88.200.244
default via 130.88.198.250 dev eth0
Thar she blows!
Problems Encountered
Of course, in truth there was a problem which arose owing to a "feature" of ifconfig.
An alias already existed on eth0 which we wished to shutdown before setting up our new one. ifconfig -a showed
eth0 Link encap:Ethernet HWaddr 00:12...
inet addr:130.88.200.156 Bcast:130.88.200.255 Mask:255.255.255.0
.
.
eth0:biru Link encap:Ethernet HWaddr 00:12:3F:32:AD:DB
inet addr:...
.
.
yet
prompt> ifconfig eth0:biru down
eth0:SIOCSIFFLAGS: Cannot assign requested address
It turns out that ifconfig list only the first four characters of
the true alias name — so what was our alias?
A quick fgrep -r biru of /etc/sysconfig/network provided the answer and
ifconfig eth0:birunimcmanacuk down
downed the beastie.