LinuxQuestions.org - IP Alias-lost packages between receiving and routing chains

Hi All,

I manage a Debian server and I'd like to set up another IP for the eth0 interface (failover IP on my secondary server). I've managed to set up the IP alias that works inside my server but the server is not able to response to the packages from outside

the router is configured to route to all packages addressed to IP_B in the same way as packages to IP_A are routed. For IP_A the server responses OK. There is no firewall on the secondary server.

IP_B on my secondary server does not reponse (ping, ssh etc) but the server can see the packages (I can see the incoming packages with tcpdump) but on the other hand e.g. iptables can't see the packages.

The question is what may be wrong? My primary server works fine with IP_B (but it's the Gentoo distribution, not debian)

The log from one of my tests below (Secondary server):
OS: Debian 2.6.32-5-amd64

IP_A - means the first server's IP
IP_B - means the second server's IP
IP_CLIENT - means my laptop IP (i use to manage my server)
IP_A.XXX - means the first 3 parts from the IP_A and the part equal to XXX

SERVER CONFIG:

Code:

/etc/network/interfaces

...

auto eth0

iface eth0 inet static

        address IP_A

        netmask 255.255.255.0

        network IP_A.0

        broadcast IP_A.255

        gateway IP_A.254



auto eth0:0

        iface eth0:0 inet static

        address IP_B

        netmask 255.255.255.255

        network IP_B

...





eth0      Link encap:Ethernet  HWaddr 00:25:90:22:37:70  

          inet addr:IP_A  Bcast:IP_A.255  Mask:255.255.255.0

          inet6 addr: fe80::225:90ff:fe22:3770/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:190444361 errors:0 dropped:0 overruns:0 frame:0

          TX packets:193175302 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:74500368049 (69.3 GiB)  TX bytes:33424718752 (31.1 GiB)

          Memory:fbce0000-fbd00000 



eth0:1    Link encap:Ethernet  HWaddr 00:25:90:22:37:70  

          inet addr:IP_B  Bcast:0.0.0.0  Mask:255.255.255.255

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          Memory:fbce0000-fbd00000 



FROM SERVER:

# ping IP_B

PING IP_B (IP_B) 56(84) bytes of data.

64 bytes from IP_B: icmp_req=1 ttl=64 time=0.057 ms

64 bytes from IP_B: icmp_req=2 ttl=64 time=0.065 ms







Added the following iptables rules:

# iptables -t mangle -A PREROUTING -j LOG  --log-prefix="TEST-OK"

# iptables -t mangle -A PREROUTING -j LOG  --log-prefix="TEST-INVALID"

# iptables -t nat -A PREROUTING -j LOG -m state --state INVALID --log-prefix="TEST-INVALID"

# iptables -t nat -A PREROUTING -j LOG  --log-prefix="TEST-OK"

# iptables - -A INPUT -j LOG  --log-prefix="TEST-INPUT"



and started tcpdump:

# tcpdump -X -n  | grep  IP_B

FROM CLIENT:

Code:

# ping IP_A

PING IP_A (IP_A) 56(84) bytes of data.

64 bytes from IP_A: icmp_req=1 ttl=54 time=54.7 ms

^C

--- IP_A ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 54.775/54.775/54.775/0.000 ms

# ping IP_B

PING IP_B (IP_B) 56(84) bytes of data.

^C

--- IP_B ping statistics ---

13 packets transmitted, 0 received, 100% packet loss, time 12007ms

FROM SERVER:

Code:

OUTPUT FROM: tcpdump -X -n  | grep  IP_B

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

20:04:14.327218 IP CLIENT_IP > IP_B: ICMP echo request, id 22011, seq 1, length 64

20:04:15.336282 IP CLIENT_IP > IP_B: ICMP echo request, id 22011, seq 2, length 64







# cat /var/log/syslog | grep TEST | grep ICMP | grep IP_A

OUTPUT:

Oct 14 20:07:10 ks29815 kernel: [8028930.606886] TEST-INVALIDIN=eth0 OUT= MAC=00:25:90:22:37:70:00:30:48:61:04:ac:08:00 SRC=IP_A.250 DST=IP_A LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=22831 SEQ=9473 

Oct 14 20:08:10 ks29815 kernel: [8028990.572746] TEST-OKIN=eth0 OUT= MAC=00:25:90:22:37:70:00:30:48:61:04:ac:08:00 SRC=IP_A.250 DST=IP_A LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=14640 SEQ=9473 

Oct 14 20:09:10 ks29815 kernel: [8029050.513571] TEST-OKIN=eth0 OUT= MAC=00:25:90:22:37:70:00:30:48:61:04:ac:08:00 SRC=IP_A.250 DST=IP_A LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=3121 SEQ=9473





# cat /var/log/syslog | grep TEST | grep ICMP | grep IP_B

OUTPUT: NONE

The question is what I should check to find out what is wrong? Any idea why tcpdump can see the packages but iptables not?
Thanks!