Packet "Mixing" Between Multiple NICs on Host

From: Jonathan B. Horen (horen_at_mail.iucc.ac.il)
Date: 03/30/04

  • Next message: ems_at_australia.edu: "Re: hardware list for Fedora" 
    Date: Tue, 30 Mar 2004 12:34:35 +0200
To: fedora-list@redhat.com

    Shalom!

    In, perhaps, a misguided desire for elegance, I moved our DNS server from an
    aged and infirm host onto our existing file/mail server (Dell PowerEdge/2450
    w/dual PIII/866 CPUs and 2GB RAM, running Fedora Core 1 w/all updates). Since
    the DNS server sat on a different subnet, I added a second NIC to the
    file/mail server and created the appropriate files in
    /etc/sysconfig/network-scripts (ifcfg-eth1 and route-eth{0,1}).

    "route -n" shows:

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    128.139.197.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
    128.139.206.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
    127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
    0.0.0.0 128.139.197.16 0.0.0.0 UG 0 0 0 eth1
    0.0.0.0 128.139.206.1 0.0.0.0 UG 1 0 0 eth0

    The problem is that although packets received from the two subnets arrive
    through the corresponding device, *packets sent to a host on a subnet other
    than 128.139.197.0 exit through eth1.*

    Running "ping 128.139.206.12" from a host on the 128.139.206.0 subnet shows
    that packets exit via eth1, rather than via eth0:

    root@efes network-scripts# tcpdump -i eth1 host horen.tau.ac.il
    tcpdump: listening on eth1
    11:54:38.192269 efes.iucc.ac.il > horen.tau.ac.il: icmp: echo reply
    11:54:39.202538 efes.iucc.ac.il > horen.tau.ac.il: icmp: echo reply
    11:54:40.212855 efes.iucc.ac.il > horen.tau.ac.il: icmp: echo reply

    I understand that this is because the metric for eth1 is "0", while the metric
    for eth1 is "1". If I understand correctly, changing the metric for eth0 to
    "0" would mean that every packet would be sent to *both* interfaces, giving me
    a 50% packet loss.

    Is there a way to configure routing on this server so that a packet's
    source-address is "honored" by the system when responding?

    worst-case, I'll cobble together a separate DNS server from an unused PIII/500...

    TIA! 

    -- 
JONATHAN B. HOREN                            UNIX SYSTEMS ADMINISTRATOR
E: horen@mail.iucc.ac.il            Inter-University Computation Center
T: +972-(0)3-640-5203                               Tel-Aviv University
F: +972-(0)3-640-9118                           Ramat-Aviv 69978 Israel
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: ems_at_australia.edu: "Re: hardware list for Fedora"

    Relevant Pages