Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-19-2014, 11:50 AM
|
#1
|
Member
Registered: Sep 2007
Posts: 50
Rep:
|
SIOCADDRT: No such process => How do I set up ifcfg-eth0:1
I have eth0 set as a local IP for my servers 192.168.2.20
I have set eth0:1 as a public IP
Code:
DEVICE="eth0:1"
HWADDR="00:30:48:32:C3:58"
NM_CONTROLLED="yes"
ONPARENT="yes"
TYPE=Ethernet
BOOTPROTO=static
NETWORK=209.208.13.240
IPADDR=209.208.13.242
NETMASK=255.255.255.248
BROADCAST=209.208.13.247
GATEWAY=209.208.13.241
DEFROUTE="yes"
PEERDNS="yes"
Here's my /etc/sysconfig/network
Code:
NETWORKING=yes
HOSTNAME=beta.scubaboard.com
GATEWAY=69.28.64.161
eth1 is set to a public IP and is reachable. eth1:1 thru 1:5 are on a different range and are all reachable. If I ifup eth0:1, then I stop being able to reach eth1 and eth1:1-:5. Taking out GATEWAY=209.208.13.41 and running service network restart gives me the error in the title. I have even tried putting in NETWORK=69.28.64.161 into the file but I get the error. What am I missing here?
When networking crashes, I can always get back in the local IP from one of her sister servers.
Last edited by NetDoc; 03-19-2014 at 11:52 AM.
|
|
|
03-20-2014, 10:22 PM
|
#2
|
Member
Registered: Sep 2007
Posts: 50
Original Poster
Rep:
|
No ideas on this?
|
|
|
03-21-2014, 08:20 AM
|
#3
|
Member
Registered: Sep 2007
Posts: 50
Original Poster
Rep:
|
Can an alias with a public IP be configured when the first IP is private?
|
|
|
03-21-2014, 11:52 AM
|
#4
|
Member
Registered: Sep 2007
Posts: 50
Original Poster
Rep:
|
Quote:
Originally Posted by NetDoc
Can an alias with a public IP be configured when the first IP is private?
|
I have answered this question to my own satisfaction: NO!
Here's how I came to that answer and resolved my dilemma:
cp ifcfg-eth0 ifcfg-eth1:6
nano ifcfg-eth1:6 (changed eth0 to eth1:6, ONBOOT to ONPARENT, changed the hardware address to eth1's and 192.168.2.20 to 193.168.2.22)
service network restart
I can ssh into the new IP from a local IP server. Cool. Now I can't lock myself out of the server in Orlando as I am here in Key Largo!!!
mv ifcfg-eth0 ifcfg-eth0:0
cp ifcfg-eth0:1 ifcfg-eth0
nano ifcfg-eth0 (changed from eth0:1 to eth0, ONPARENT to ONBOOT and then configured it to an IP in the same range as eth1)
nano ifcfg-eth0:0 (changed from eth0 to eth0:0 and ONBOOT to ONPARENT)
service network restart
EVERYTHING SEEMS TO WORK: YAY!!! Now I tried this:
mv ifcfg-eth0 ifcfg-eth0:2
mv ifcfg-eth0:1 ifcfg-eth0
mv ifcfg-eth0:2 ifcfg-eth0:1
nano ifcfg-eth0 (changed from eth0:1 to eth0, ONPARENT to ONBOOT)
nano ifcfg-eth0:0 (changed from eth0 to eth0:1 and ONBOOT to ONPARENT)
service network restart
EVERYTHING SEEMS TO WORK: YAY!
Code:
eth0 209.208.13.242
eth0:0 192.168.2.20
eth0:1 69.28.64.162
eth1 69.28.64.167
eth1:0 209.208.24.242
eth1:1 209.208.24.243
eth1:2 209.208.24.244
eth1:3 209.208.24.245
eth1:4 209.208.24.246
eth1:5 209.208.24.247
eth1:6 192.168.2.22
Lessons learned? Don't make a private IP the parent (ethX) but rather configure it for an alias (ethX:X). Persistence and perseverance are a Sysadmin's most important tools. Also, forums are hit and miss in trying to find out answers to your problems. I was given a hint on how to resolve this here: https://www.centos.org/forums/viewto...193500#p193500 but I feel I've figured this out more by experimenting on the server.
In the future, I will set up eth0 as the public IP pointed to the FQN used as the servername and then eth0:0 as a local address. Also, I will be sure to use "ONPARENT" instead of "ONBOOT" for the child aliases. This was also a good exposure to nano for me. I have used vi exclusively until now and it's still not intuitive for me. Yah, I got a bit confused during the moving, copying and editing the aliases and I felt like a one armed paperhanger trying to juggle a bunch of objects.
Last edited by NetDoc; 03-21-2014 at 11:58 AM.
|
|
|
03-21-2014, 12:19 PM
|
#5
|
Member
Registered: Sep 2007
Posts: 50
Original Poster
Rep:
|
Crap! It's not fixed. Not yet. Only the aliases on eth0 are coming up. the aliases on eth1 are not addressable. What am I missing?
|
|
|
03-21-2014, 12:45 PM
|
#6
|
Senior Member
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278
|
What do your ifcfg files look like? All of them, really.
And of course your output for
Code:
ip a
ip route
cat /etc/sysconfig/iptables
You can use ubuntu pastebin, if you dont want to post all of it here permanently. http://paste.ubuntu.com/
Last edited by szboardstretcher; 03-21-2014 at 12:49 PM.
|
|
1 members found this post helpful.
|
03-21-2014, 01:53 PM
|
#7
|
Member
Registered: Sep 2007
Posts: 50
Original Poster
Rep:
|
Quote:
Originally Posted by szboardstretcher
What do your ifcfg files look like? All of them, really.
And of course your output for
Code:
ip a
ip route
cat /etc/sysconfig/iptables
|
Code:
[root@beta network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:30:48:32:c3:58 brd ff:ff:ff:ff:ff:ff
inet 69.28.64.167/28 brd 69.28.64.176 scope global eth0
inet 192.168.2.20/24 brd 192.168.2.255 scope global eth0:0
inet 209.208.13.242/29 brd 209.208.13.247 scope global eth0:1
inet6 fe80::230:48ff:fe32:c358/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:30:48:32:c3:59 brd ff:ff:ff:ff:ff:ff
inet 69.28.64.162/28 brd 69.28.64.176 scope global eth1
inet 209.208.24.242/28 brd 209.208.24.248 scope global eth1:0
inet 192.168.2.22/24 brd 192.168.2.255 scope global eth1:6
inet 209.208.24.243/28 brd 209.208.24.248 scope global secondary eth1:1
inet 209.208.24.244/28 brd 209.208.24.248 scope global secondary eth1:2
inet 209.208.24.245/28 brd 209.208.24.248 scope global secondary eth1:3
inet 209.208.24.246/28 brd 209.208.24.248 scope global secondary eth1:4
inet 209.208.24.247/28 brd 209.208.24.248 scope global secondary eth1:5
inet6 fe80::230:48ff:fe32:c359/64 scope link
valid_lft forever preferred_lft forever
4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 52:54:00:e6:14:ef brd ff:ff:ff:ff:ff:ff
Code:
[root@beta network-scripts]# ip route
209.208.13.240/29 dev eth0 proto kernel scope link src 209.208.13.242
209.208.24.240/28 dev eth1 proto kernel scope link src 209.208.24.242
69.28.64.160/28 dev eth0 proto kernel scope link src 69.28.64.167
69.28.64.160/28 dev eth1 proto kernel scope link src 69.28.64.162
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.20
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.22
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth1 scope link metric 1003
default via 69.28.64.161 dev eth0
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
link/ether 52:54:00:e6:14:ef brd ff:ff:ff:ff:ff:ff
Code:
[root@beta network-scripts]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Fri Nov 30 22:53:44 2012
*nat
:PREROUTING ACCEPT [2239:500553]
:POSTROUTING ACCEPT [572:38449]
:OUTPUT ACCEPT [572:38449]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Fri Nov 30 22:53:44 2012
# Generated by iptables-save v1.4.7 on Fri Nov 30 22:53:44 2012
*mangle
:PREROUTING ACCEPT [14636:8423479]
:INPUT ACCEPT [14340:8362185]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10033:1140322]
:POSTROUTING ACCEPT [10033:1140322]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Fri Nov 30 22:53:44 2012
# Generated by iptables-save v1.4.7 on Fri Nov 30 22:53:44 2012
*filter
:INPUT ACCEPT [14340:8362185]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10033:1140322]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Nov 30 22:53:44 2012
Very useful diagnostics. Thanks.
BTW, is there an easy way to copy text off the terminal window? I am using PuTTY and when I highlight with my mouse and right click, it echoes the whole thing back on the terminal. I can still paste it here, but I hate that echo when I right click.
Last edited by NetDoc; 03-21-2014 at 01:55 PM.
|
|
|
03-21-2014, 01:57 PM
|
#8
|
Senior Member
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278
|
Quote:
Originally Posted by NetDoc
BTW, is there an easy way to copy text off the terminal window? I am using PuTTY and when I highlight with my mouse and right click, it echoes the whole thing back on the terminal. I can still paste it here, but I hate that echo when I right click.
|
After you highlight in putty, it is already copied. So just highlight, then go to another window and paste. In putty, right-click defaults as paste.
You look like you have some varied configuration in your eth0/eth1 adapters. I would do some comparison between the ifcfg-eth0X files and the ifcfg-eth1X files.. You also seem to have some iptables configuration that is not used anymore. It might need to be cleaned up some for all this to work correctly.
Last edited by szboardstretcher; 03-21-2014 at 02:01 PM.
|
|
|
03-21-2014, 02:18 PM
|
#9
|
Member
Registered: Sep 2007
Posts: 50
Original Poster
Rep:
|
Quote:
Originally Posted by szboardstretcher
After you highlight in putty, it is already copied. So just highlight, then go to another window and paste. In putty, right-click defaults as paste.
You look like you have some varied configuration in your eth0/eth1 adapters. I would do some comparison between the ifcfg-eth0X files and the ifcfg-eth1X files.. You also seem to have some iptables configuration that is not used anymore. It might need to be cleaned up some for all this to work correctly.
|
How do I go about cleaning up the iptables? Can I simply edit them in nano?
|
|
|
03-21-2014, 02:21 PM
|
#10
|
Member
Registered: Sep 2007
Posts: 50
Original Poster
Rep:
|
This is a bit concerning: "Generated by iptables-save v1.4.7 on Fri Nov 30 22:53:44 2012" I just loaded this server last week or so.
Also, it's not showing anything that is in my ifcfg-ethX.X files.
|
|
|
03-21-2014, 02:28 PM
|
#11
|
Senior Member
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278
|
Quote:
Originally Posted by NetDoc
How do I go about cleaning up the iptables? Can I simply edit them in nano?
|
I edit the file directly with vim,. you can use nano if you prefer.
First make a backup. Second, make sure you have ONSITE/KVM access to this thing, because messing around with the firewall can lock you out. After that, go through the rules one by one and decide if you need it or not. Remove, test, repeat. If everything comes crashing down, reload your backup.
If you do not have access to the box, you can ask for onsite help in case of emergency, or you can write a fallback script that reloads your iptables rules after X number of minutes and flushes.
Quote:
Originally Posted by NetDoc
Also, it's not showing anything that is in my ifcfg-ethX.X files.
|
Are you certain? What files do you have in the /etc/sysconfig/network-scripts directory then? Which ones have your configuration in them? You should be able to find the config files by grepping for an ip address in the /etc/sysconfig directory and seeing the results.
|
|
|
03-21-2014, 02:38 PM
|
#12
|
Member
Registered: Sep 2007
Posts: 50
Original Poster
Rep:
|
Unfortunately, I have people coming into town to go diving, so I have to stop here until later. I see that I need to learn more about the iptables than I know right now before I go playing around with them. Any good tutorial on that?
Wait, did I say it was UNFORTUNATE that I have to do Scuba diving? Bwahahaha! The weekend should be fun and it's why I live in Key Largo.
|
|
|
03-21-2014, 02:57 PM
|
#13
|
Senior Member
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278
|
Awesome. Well, if you need further help, I don't mind hooking up and having a quicker convo in IRC. Send me a private message if you want to chat live about the IPtables and adapter issues? Or we can continue here.
Last edited by szboardstretcher; 03-24-2014 at 08:26 AM.
|
|
|
All times are GMT -5. The time now is 01:23 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|