Routing question

bscott at ntisys.com bscott at ntisys.com
Fri May 9 13:32:05 EDT 2003


On Fri, 9 May 2003, at 11:39am, pll at lanminds.com wrote:
> I've got a system with 2 NICs in it on 2 separate subnets. 

  Distro?  Release?  Kernel version?  :)

> (Yes Ben, both networks have active routers on them for gateways :)

  *GRIN*

>    # netstat -rn
>    Kernel IP routing table
>    Destination  Gateway     Genmask         Flags   MSS Window  irtt Iface
>    10.241.35.0  0.0.0.0     255.255.255.0   U        40 0          0 eth0
>    10.241.37.0  0.0.0.0     255.255.255.0   U        40 0          0 eth3
>    127.0.0.0    0.0.0.0     255.0.0.0       U        40 0          0 lo
>    0.0.0.0      10.241.35.1 0.0.0.0         UG       40 0          0 eth0

  I assume, from the format of your config file contents, that you are
running Red Hat or a derivative.

  It looks like, when "eth3" comes up, the "/sbin/ifup" script is seeing
that a default route already exists, and thus does not attempt to process
the "GATEWAY=" statement in the "ifcfg-eth3" config file.  I know RHL 6.2
and 7.3 do not do this, but it is quite possible it has been added in what
you are running.

> With this configuration, everything *should* route out eth3, however, I
> can't seem to get this to work properly.

  Everything for which the system does not have a more specific route, yes.  
In particular, traffic for the 10.241.35.0/24 network should go out the eth0
interface.

> One NIC responds, but not the other.  In this case, eth0 reponds to pings
> from off these subnets (i.e. if I ping from 168.159.31.9), but not eth3.

  Is "rp_filter" on?  That can cause problems in asymmetric routing
situations (which you've got).  Turn if off.  If this is a Red Hat box, see
the "/etc/sysctl.conf" file.  The generic method is:

	echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter

  Also, beware of source address filters on your gateways.  If your network
admin has configured your routes to only accept traffic from the subnet to
which they are directly connected, you will have problems.

> If I add a second default route for the .37 subnet ... I then get no
> response from either NIC.

  Weird.  Have you tried putting a sniffer on the wire and seeing what is
actually happening?

  Check the output of "arp -n".  Does the system have ARP entries for the
two gateways?

  You *can* ping each interface from the respective directly-connected
subnet on each interface, correct?

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |






More information about the gnhlug-discuss mailing list