Weird IP Aliasing Problem
Hi All,
I have a weird problem with my network (I posted about this setup a
couple of weeks ago). Things are working, but I have one remaining
weird issue to fix up. Here's the network diagram:
|
|
|
--------- isps router 202.45.126.225
|
|
| 202.45.126.238
--------- fw/ethernet-bridge
| 202.45.126.238
|
|
--------- 202.45.126.224/28 LAN
|
|
[eth0] | 202.45.126.237
--------- fw/router
| |
[eth2] | | [eth1]
202.45.126.234 | | 10.0.0.0/24 LAN
OK, here's the thing. My fw/router (237) needs to listen on eth0 for
traffic destined for 234 or 237. I found that just using Iptables and
the kernel routing table to say "all traffic for 234 that arrives on
eth0 goes straight through to eth2" didn't work because eth0 would just
ignore traffic for 234. So I figured I have to alias 234 to eth0:0 ---
so I did, but that screwed my routing, my fw/router now thinks it's 234
instead of looking at the routing table to find that 234 is at the end
of eth2. So I removed the aliased interface and like magic, packets are forwarding through properly and everything works.
I wasn't comfortable with this because it didn't make sense. After a
couple of hours, packets suddenly stopped forwarding through. Bringing
the aliased interface up and down started things off again. I'm
guessing it's got something to do with ARP cache but I'm not sure.
I checked the ARP cache on 238 and it has the 237 MAC address for 237
and 234. I guess I need to make this a permanent ARP entry somehow ---
does this make sense to people or I am going crazy? There must be a
smarter, cleaner way of doing this though because the other machines on
the 224/28 LAN would all need this static ARP entry... that's bad :(
I tried adding an ARP entry manually on 238, but it didn't work... eep!
Only aliasing, pinging, then unaliasing seems to do the job.
Please reply, the guy who owns 234 is getting grumpy :)
Regards,
Lucas
Reply to: