LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-02-2014, 11:54 AM   #1
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,831

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Connecting through AT&T gateway not possible when using aliases


I recently changed our home network connection to AT&T (Uverse) and ran into a weird problem that I haven't been able to find a reason for.

Our previous provider gave us a "/29" block of IP addresses. Uverse had the same option. Prior to the switch, my firewall had multiple IP addresses aliased onto the "dirty" interface. During the installation, I jumped onto the firewall box, modified all the IP addresses set up on the "dirty" interface. When the installation was complete, I was unable to get out onto the 'net. During debugging, I decided to concentrate on getting one IP address working at a time so I disabled all the aliases leaving only the primary IP address on the external interface. Lo and behold... Internet connectivity. OK... time to the aliases back on the interface. Suddenly, no more connectivity. Remove the aliases and connectivity is back.

One thing I'm thinking might be the problem is that, when I issue `ifconfig', I noticed that the primary address and each of the aliases have the same MAC address. I also noticed that this is true for any internal system that has multiple IP addresses on an interface so it seems to be standard procedure for aliases under Linux. But I've not had any accessibility problems with those systems. Ever.

The AT&T equipment appears to be from Motorola Mobility and I've never used it before. My previous I'net connection provider installed a Netopia (and it's an old one) and I had no problems with aliases.

Can anyone provide some insight as to why the gateway would balk at seeing multiple IPs with the same MAC address?

Aside 1: I can always track down some old Ethernet cards that will never get used again (I still have, for some reason, a few old ISA 3Com cards laying around), steal their MAC addresses for some testing, and use these MAC addresses as part of the alias setup.

Aside 2: My previous use of the IP aliases was for handling several web sites (using address-based virtual hosts). I've switched those over to name-based vhosts but I'm still curious about why the aliases are causing the gateway to have a fit. (AT&T support was also somewhat mystified by this behavior.)

TIA...

--
Rick
 
Old 09-03-2014, 03:31 PM   #2
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,053

Rep: Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632
"Can anyone provide some insight as to why the gateway would balk at seeing multiple IPs with the same MAC address"

Arp would cause an issue, I'd more suspect an IPv6 issue but the most likely issue is some nat feature in the modem or similar named feature.

To get back to your issue. You have a box that you want 6 IP addresses on correct? Those 6 IP's are on a single nic alaised correct?

If it worked before then we'd have to suspect your setup was correct at one time.

General notes. http://www.tecmint.com/create-multip...ork-interface/

Last edited by jefro; 09-03-2014 at 03:32 PM.
 
Old 09-04-2014, 03:29 PM   #3
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,831

Original Poster
Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Quote:
Originally Posted by jefro View Post
If it worked before then we'd have to suspect your setup was correct at one time.
Yes... before Uverse.

Prior to our switch, I had 3 IP addresses on the external interface of the firewall, one per domain/web site. The firewall was looking at the traffic and would say "Oh! I'm supposed to forward web traffic coming in using this address to the internal IP address for that web server". (And so on for the other IP addresses.) It worked just fine. It did depend on address-based virtual hosts, though. (More on that in a sec...)

Unfortunately, based on some forum discussions I tracked down, it appears that the Uverse equipment will simply not deal with packets when it sees multiple IP addresses coming from the same MAC address. I'm not sure I follow the discussions all that well -- never had to peer that deeply inside my internet connection hardware before -- but it looks like I'm stuck with a configuration where I'm using only a single IP on the firewall's external interface. Not a problem... I'll just change the virtual host setup to named-based. Unfortunately, I'm finding that it's not working. This doesn't surprise me -- I haven't used named-based vhosts since the Apache 1.x days and a lot of things have changed -- but I'm now having to re-engineer my internal systems/services to fit into this new scheme. (Well... that was quite an aside and something for which I have an open question over in the "Server" forum.)

I really dislike not knowing why something's not working and was hoping that one of the experienced network folks might be able to explain why the aliases were causing the Uverse equipment so much trouble that it shut down traffic. If it's something IPv6-related, I'd really be surprised as I'm only using IPv4 on my Linux boxen.

So... if anyone's had experience with the Uverse equipment and can explain what's going on? I'm all ears... or eyes... whatever.

--
Rick
 
Old 09-05-2014, 02:29 PM   #4
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,053

Rep: Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632
Unfortunately Uverse support is non-existent. If you have business class then maybe they might assist. If they offer blocks of IP's in static form then they must have a way to associate it to the modem/gateway for use later in lan. I'll agree that you may be able to use host headers to fix it all but a lot of work.

I was wondering if you could place the modem in passthrough and then to a soho router to correct this.
 
Old 09-05-2014, 04:06 PM   #5
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,831

Original Poster
Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Quote:
Originally Posted by jefro View Post
Unfortunately Uverse support is non-existent. If you have business class then maybe they might assist.
So far I've had good luck with support. (Yes... I did get business-class Uverse) The guy I had on the line when we couldn't get any sort of connectivity initially (installer had the wrong IP addresses; that'll do it every time) was helpful and patient while I tried various things on my end. My second call to arrange getting reverse DNS lookups set up also went well. My main beef with their support is that there's no easy way to reach a technician that isn't reading from a script without spending at least a few minutes navigating through their voice response system. (Hate those.)

Quote:
If they offer blocks of IP's in static form then they must have a way to associate it to the modem/gateway for use later in lan. I'll agree that you may be able to use host headers to fix it all but a lot of work.
I've seen some discussions of how they seem to assume you'll be using the static addresses as part of a DMZ and it involved messing around with their "advanced" firewall built into the gateway. I was left with no documentation so I didn't even want to consider using that. Besides... I already have a working firewall.

Quote:
I was wondering if you could place the modem in passthrough and then to a soho router to correct this.
I believe that's what was done with the old Netopia mode/router that I was previously using. I seem to recall one of the discussions saying that you could not do that with the Uverse equipment.

I haven't had a chance to look around the 'net much to see if I can find any documentation about the gateway. There's always the chance that what I find will be generic and not include any of the tweaks that AT&T may have applied to restrict the use of functions they don't want you to use.

I'm still eager to hear any ideas, theories, and/or wild speculation as to why aliases cause the problems they do.


Later...

--
Rick
 
Old 09-05-2014, 09:44 PM   #6
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,053

Rep: Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632
Maybe someone else can jump in with an idea?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Aliases & Arrays hattori.hanzo Programming 3 10-20-2010 12:51 AM
postfix & virtual aliases ddaas Linux - Server 1 12-06-2009 12:42 PM
Not connecting to gateway Goblin82 Linux - Networking 17 03-06-2006 04:51 AM
sendmail: not possible to pipe mail to programs using ~/.forward && /etc/mail/aliases fhd Linux - Networking 1 01-09-2005 06:05 PM
sendmail & /etc/mail/aliases adam_boz Linux - Software 5 09-27-2002 12:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration