LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Changing IP's/routing issue (https://www.linuxquestions.org/questions/linux-networking-3/changing-ips-routing-issue-4175432717/)

maco21 10-17-2012 12:09 PM
Changing IP's/routing issue
 
Hi,

Ok, ill try explain the situation as clearly as possible.

I've taken over looking after some server's for a company and there's some routing issues I'm looking at caused by incorrect IP's being assigned.

The main firewall has eth0, eth1, eth2 and a few tun interfaces.
eth1 is used for public facing IP's. The other two interfaces *should* be assigned private 192.168.X.X addresses.

However, previous engineers assigned 192.166.X.X to these private interfaces and of course these are public IP's.

There is a server which sits behind the firewall which also has 192.166.X.X assigned and it's gateway also uses the firewall's eth2 assigned 192.166.X.X address. To complicate things even more, this server hosts 3 VM's which also have the 192.166.X.X addresses.

My task is to change all these wrong IP's to correct local addresses, ideally remotely without losing connection.

My connection to the firewall is via a tun interface created from an external source. I have added IP aliases to all the interfaces with the wrong IP's, e.g eth0:1.. on all the machines behind the firewall and brought the aliases up.

I then did the same on the firewall by creating an alias for the wrong address on eth2

I've then checked the route command and verified the default gateway is set correct on the server behind the firewall which is now correct.

This has all been done, however the VM's and VM host is still not routing correctly. I think this is because the firewall rules need refreshing to see the new interface IP's (it uses shorewall which references the interface names mainly rather than specific IP's and uses masq/SNAT).

I'm going to do a shorewall safe restart tomorrow in the hope that everything will just start to work with these new IP's and I won't get locked out.

It would be handy if anyone has any further advice, any suggestions on a better way of doing this, or if there's anything I've missed?

Also, I'm not sure how to remove the main incorrect eth0,eth2 interfaces without bringing down the aliases. Is there any easy way to swap them?


All times are GMT -5. The time now is 08:36 PM.