Our firewall (debian) currently has 4 public ip addresses (eth0 1.2.3.4, eth0:0 1.2.3.5, eth0:1 1.2.3.8, eth0:2 1.2.3.9) and 3 internal subnets (eth1 10.1.x.x, eth1:0 10.2.x.x, eth2 10.7.x.x). We are experiencing the following two problems which I believe have the same root cause. 1) The firewall cannot access beyond the isp gateway (1.2.3.1). 2) From externally, we can ping eth0 with no trouble, however, pinging the eth0:0, eth0:1 and eth0:2 interfaces have results similar to the following:
Code:
PING 1.2.3.8 (1.2.3.8) 56(84) bytes of data.
64 bytes from 1.2.3.8: icmp_seq=2 ttl=57 time=59.0 ms
64 bytes from 1.2.3.8: icmp_seq=2 ttl=57 time=63.0 ms (DUP!)
64 bytes from 1.2.3.8: icmp_seq=13 ttl=57 time=59.3 ms
64 bytes from 1.2.3.8: icmp_seq=13 ttl=57 time=63.0 ms (DUP!)
64 bytes from 1.2.3.8: icmp_seq=24 ttl=57 time=62.0 ms
64 bytes from 1.2.3.8: icmp_seq=24 ttl=57 time=65.6 ms (DUP!)
I get the feeling that I'm missing something obvious, especially since all traffic on the internal subnets can access externally as normal. Any thoughts or ideas of things to check would be most appreciated. Thanks in advance.
/etc/network/interfaces
Code:
# The loopback network interface
auto lo
iface lo inet loopback
# EXTERNAL INTERFACE
auto eth0
iface eth0 inet static
address 1.2.3.4
broadcast 1.2.3.255
netmask 255.255.252.0
gateway 1.2.3.1
auto eth0:0
iface eth0:0 inet static
address 1.2.3.5
broadcast 1.2.3.255
netmask 255.255.252.0
gateway 1.2.3.1
auto eth0:1
iface eth0:1 inet static
address 1.2.3.8
broadcast 1.2.3.255
netmask 255.255.252.0
gateway 1.2.3.1
auto eth0:2
iface eth0:2 inet static
address 1.2.3.9
broadcast 1.2.3.255
netmask 255.255.252.0
gateway 1.2.3.1
# INTERNAL INTERFACE
auto eth1
iface eth1 inet static
address 10.1.1.1
netmask 255.255.0.0
auto eth1:0
iface eth1:0 inet static
address 10.2.1.1
netmask 255.255.0.0
auto eth2
iface eth2 inet static
address 10.7.1.1
netmask 255.255.0.0
route -n
Code:
1.2.3.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
10.2.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
10.7.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
0.0.0.0 1.2.3.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 1.2.3.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 1.2.3.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 1.2.3.1 0.0.0.0 UG 0 0 0 eth0