Re: IP Aliasing on slink/2.2.12

To: Damon Muller <dm-debian-user@empire.net.au>
Cc: Debian User List <debian-user@lists.debian.org>
Subject: Re: IP Aliasing on slink/2.2.12
From: George Bonser <grep@shorelink.com>
Date: Sun, 7 Nov 1999 00:00:16 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.991106234715.21367E-100000@calvin.captech.com>
Reply-to: grep@oriole.sbay.org
In-reply-to: <[🔎] 19991106165941.B24445@empire.net.au>

On Sat, 6 Nov 1999, Damon Muller wrote:

> There are no firewall rules, IPChains rules, or anything unusual like
> that running on the box.

It might be the ip spoofing that debian sets up with rp_filter. It causes
more problems than it solves.  If you are running a recent potato, try
editing /etc/init.d/networking and look for something like:

case "$1" in
    start)
        spoofprotect
        ifup -a
        ;;

Now comment out the line that says spoofprotect like so:

case "$1" in
    start)
#       spoofprotect
        ifup -a
        ;;

Now add manual ipfwadm or ipchains rules to do any spoof protection you
might need (do not allow packets to arrive on an external interface that
claim a source address of an internal address). Sometimes debian is too
clever by half. In this case, the blanket rp_filter stuff breaks a good
number of configurations.

If that does not fix the problem, try using the new iproute package with
its ip tools to set up the alias instead of using ifconfig. You can do
something like this:

ip addr add <ip-address>/<CIDR-mask> dev <interface>

EXAMPLE: ip addr add 192.168.1.1/24 dev eth0

You can check that it exists with:

ip addr list

If it complains about not being able to talk to the kernel, you likely
need dev netlink support compiled in ... check the networking options of
the kernel config.

The tools found in the iproute package are replacing the old net tools but
their documentation is ... uhm ..... sparse.

> 
> dpkg -l netbase gives the following:
> 
> ii  netbase         3.12-2         Basic TCP/IP networking binaries
> 
> I should note that this machine's primary eth0 IP address works file (I'm
> using SSH to connect to it as I speak).
> 
> This has got me stumped! We want to replace our RedHat server with a
> Debian one, as it's a lot easier for me to admin a Debian box. But
> unless I can work this out, I'm up sh*t creek!
> 
> Any thoughts would be appreciated!
> 
> cheers,
> 
> damon
> 
> -- 
> Damon Muller (dm-sig6@empire.net.au) /  It's not a sense of humor.
> * Criminologist                     /  It's a sense of irony
> * Webmeister                       /  disguised as one.
> * Linux Geek                      /     - Bruce Sterling 
> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> 
> 
> 

George Bonser

"When someone annoys you, it takes 32 muscles to frown, but it only
takes 4 muscles to extend your arm and smack them in the head."

Reply to:

References:
- IP Aliasing on slink/2.2.12
  - From: Damon Muller <dm-debian-user@empire.net.au>

Prev by Date: Re: Question about dselect
Next by Date: Re: Lynx and .deb
Previous by thread: Re: IP Aliasing on slink/2.2.12
Next by thread: Re: gz file??
Index(es):
- Date
- Thread