Multiple IPs on same nic AND routing
 

Hi
I have a VM running CentOS 6.5. It needs to have two IP addresses in the same subnet. Configuring the two IP addresses is no problem, but being able to ping them both from a different subnet is. I think I know what is going wrong. When a packet for 192.168.1.1 on eth0 comes in, it will also leave on eth0 because of the default gateway. But when a packet comes in on 192.168.1.2 on eth1, it will leave over eth0. So the client that was pinging 192.168.1.2 will receive a reply from a different Mac address and will deny it.

Is my assumption correct? Is there a way to make this possible? Should I do this with 1 nic and multiple IPs or two nic with one IP each?

Gabrie

Unless you have a compelling reason the best way of doing this is to use 1 NIC and have both IP addresses presented on it.

Even with 1 nic (eth0 and eth0:0) I didn't get a reply on the eth0:0 interface. Or maybe routing / default gateway is set incorrectly. Would you have a good guide for that? Especially gw / routing settings?

CentOS/RHEL 6 defaults to strict reverse path filtering. With that setting, the system checks whether the source address of the received packet is reachable through the interface it came in on. If it isn't, then the packet is dropped.

You can change to loose reverse path filtering, which will check if the source address is reachable on any of the interfaces. If so, the packet is accepted. This is the setting recommended for asymmetric routing.

To change temporarily, do:

For a permanent change, edit the /etc/sysctl.conf and change the net.ipv4.conf.default.rp_filter setting to 2.

There is an article about the settings at https://access.redhat.com/solutions/53031. You can also find other articles by searching for "centos rp_filter".

Thank you, going to play with that. Found a VMware KB article about it, but it was suggesting to set it to 0. So maybe that info is not correct. Will follow your guidelines. Thx !

The advantage of 2 is that it provides better protection from IP spoofing than turning it off completely. Also, 2 gives you the same behavior as the default in CentOS/RHEL 5.

Very strange.... I tried the rp_filter settings and noticed I had no default route. After adding:
route add -net default gw 192.168.1.254 dev eth0

It worked. So I rebooted the system to see if it would work without the rp_filter. After the system rebooted it was unpingable and after adding the default route now suddenly both were pingable. Strange thing is that I have set a default gateway in /etc/sysconfig/network:
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=vascel01.xxxxxx.lan
GATEWAY=192.168.1.254

I have no clue why this doesn't stick after a reboot. I have no gateway set in the ifcfg-eth0 / ifcfg-eth0:0.

Created /etc/sysconfig/network-scripts/route-eth0:
192.168.1.0/24 via 192.168.1.1 dev eth0
default 192.168.1.254 dev eth0


But that doesn't seem to stick either....

Route add is not permanent. Neither is IP route add.

As you pointed out, /etc/sysconfig/network-scripts/route-ifname is the correct place for static routes. What do you mean it's not sticking after a reboot? That file is static, so what you put in there stays in there.

Do you have the Network Manager installed? That will wreak havoc with network configuration.