From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1P3cJW-00017Z-Fm for garchives@archives.gentoo.org; Wed, 06 Oct 2010 22:18:20 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6A174E0925; Wed, 6 Oct 2010 22:17:22 +0000 (UTC) Received: from mail-gx0-f181.google.com (mail-gx0-f181.google.com [209.85.161.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 47733E0925 for ; Wed, 6 Oct 2010 22:17:22 +0000 (UTC) Received: by gxk1 with SMTP id 1so36426gxk.40 for ; Wed, 06 Oct 2010 15:17:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=pWY3oiHPo1eVeXdeR1eHUtcWoOX07YJydDoDJIYi3qo=; b=T3gFWFcqNnrstldtEIzX5JQIOPcFuHxbaUcfnpHJrhLdEDfA8S/v9Ko/AdtGgdAlfB QU0Q1cV/IvRb7VQacai3Mxm+tqQSQ49Cm9gIffcfpdygDyUq4iPShGb4QYk7kIXStW7+ iY/ec2rHR0L6yQwp6g4O88IFShLH2aEy3OaGw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=g5+IBJabGe4AwIsQEet5gOMz27yqSK1tr8dKOuW6QhW+n6pzSIIW9hL9eV0pj6PXPC bRzzgZKVGufT5O2+haIGfX4zHCnzEBJSVaXY3oVASWt1tVDujdWUj6WRZPAQN1mhHWfS wxHKIVYeYc7mHjOiu+9t2+BMIlv4LkR0eJR8w= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.42.1.75 with SMTP id 11mr3358364icf.6.1286403441675; Wed, 06 Oct 2010 15:17:21 -0700 (PDT) Received: by 10.42.6.130 with HTTP; Wed, 6 Oct 2010 15:17:21 -0700 (PDT) In-Reply-To: <83278B16-B7CE-4C16-8695-08F4E4051690@stellar.eclipse.co.uk> References: <83278B16-B7CE-4C16-8695-08F4E4051690@stellar.eclipse.co.uk> Date: Wed, 6 Oct 2010 15:17:21 -0700 Message-ID: Subject: Re: [gentoo-user] IP aliasing problem From: Grant To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 181721ad-0c2d-41b1-abb8-b14b340927d7 X-Archives-Hash: 458f5f57facdd6e8ee10e3abdda4869b >> ...I have 5 usable IPs from my host and I've defined 2 of them in /etc/c= onf.d/net like this: > >> >> config_eth0=3D( >> =A0 =A0 =A0 =A0"1.2.3.1 netmask 255.255.255.0" >> =A0 =A0 =A0 =A0"1.2.3.2 netmask 255.255.255.0" >> ) >> >> My apache2 config is not working as expected and I think its due to a >> networking problem because eth0:1 reports no RX or TX stats: >> >> # ifconfig >> eth0 =A0 =A0 =A0Link encap:Ethernet =A0HWaddr [removed] >> =A0 =A0 =A0 =A0 =A0inet addr:1.2.3.1 =A0Bcast:[removed] =A0Mask:255.255.= 255.0 >> =A0 =A0 =A0 =A0 =A0UP BROADCAST RUNNING MULTICAST =A0MTU:1500 =A0Metric:= 1 >> =A0 =A0 =A0 =A0 =A0RX packets:46047 errors:0 dropped:0 overruns:0 frame:= 0 >> =A0 =A0 =A0 =A0 =A0TX packets:65703 errors:0 dropped:0 overruns:0 carrie= r:0 >> =A0 =A0 =A0 =A0 =A0collisions:0 txqueuelen:1000 >> =A0 =A0 =A0 =A0 =A0RX bytes:6131194 (5.8 MiB) =A0TX bytes:82568335 (78.7= MiB) >> =A0 =A0 =A0 =A0 =A0Interrupt:40 >> >> eth0:1 =A0 =A0Link encap:Ethernet =A0HWaddr [removed] >> =A0 =A0 =A0 =A0 =A0inet addr:1.2.3.2 =A0Bcast:[removed] =A0Mask:255.255.= 255.0 >> =A0 =A0 =A0 =A0 =A0UP BROADCAST RUNNING MULTICAST =A0MTU:1500 =A0Metric:= 1 >> =A0 =A0 =A0 =A0 =A0Interrupt:40 > > It's frustrating that you must conceal the IP addresses during a question= like this, because it makes it harder to know whether you've misconfigured= your host or just made a typo in transcription. It's probably clearer if y= ou alter only the second octet of your IPs, and leave everything else other= wise intact. > > However... if you have 5 usable IPs then your subnet mask will not be 255= .255.255.0 - it'll be 255.255.255.248. See http://krow.net/dict/subnet.html > The broadcast address will also be affected. This is also known as a /29 = subnet - IIRC you actually have 8 IPs assigned to you - one of them is used= by the router, one of them is the broadcast, and the other is unused (the = way 192.168.0.0 or 0.0.0.0 is normally unused). > > Since your router has an IP in the same subnet, you'll know this is all w= orking when you can ping the addresses of your webserver (1.2.3.1 & 1.2.3.2= ) from the router. > > Alternatively, set up a second PC - e.g. your laptop - on the globally-ad= dressable subnet, and try pinging from there. > > The normal situation with a home router is that it has a globally-address= able IP on it's "WAN" interface and a private IP (192.168.x.y) on its LAN i= nterface. When you start using your globally-addressable IPs behind the rou= ter you usually need to tell it so, and I'm guessing you haven't done that. > > If your laptop is currently using 192.168.a.b with a default gateway of 1= 92.168.0.1, then the packets will be sent to the router for routing. And if= the router is in the default configuration usual for home users, it won't = know there's a 1.2.3.z subnet on your LAN, and it'll be trying to route the= packets out into the internet (and those poor little packets will probably= get very confused when they reach your ISP and it sends them back again!). > > You can triple-home by setting eth0:2 to 192.168.c.d, and can (depending = on your bridge/router configuration) continue to use private addresses for = additional machines if you have more hosts on the LAN than you have globall= y-addressable IPs. Watch out for default gateway and DNS stuff! You'll prob= ably want to give your laptop 1 private + 1 global IP whilst you're testing= . > > If your router is a fully-configurable Linux box then say so, and someone= will be able to point you in the right direction for this. It's been a lon= g time since I messed with this. I'm still using an old Draytek Vigor here,= and this is all done by checking a radio button and pasting IP addressy st= uff into boxes in the web-based configurator. The router has to operate in = bridging mode to do this - on a Linux router you need configure as a bridge= and NOT as a router (or, I think, as both). > http://www.google.com/search?q=3Dbridge+5+usable+ips > > My initial reaction to your question was, "Oh, Grant, this is simple netw= ork stuff", but whilst writing this my memory has been roughly refreshed, a= nd I realise it's really not terribly simple at all. I'm extremely rusty at= all this, and I'm also very tired, so I'm not going to write any more righ= t now. > > Stroller. Thank you for taking the time to write Stroller. This has really got my head spinning. First of all, you're right about the netmask. It is 255.255.255.248. I didn't have a good understanding of what a netmask is so I thought it would be smart to change it for a public message. The server is remote and hosted so I don't have any control over the router or network. I've gone back and forth with the host but they insist that everything is fine on their end. I'm confused because I have in apache2 config: ... SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key ... ... SSLCertificateFile /etc/apache2/ssl/www.example2.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example2.com.key ... But if I request https://1.2.3.2 or https://1.2.3.2:443, I'm presented with an SSL cert that has www.example1.com for the Common Name. I used openssl to verify that the Common Name for www.example2.com.crt is www.example2.com. My knowledge of networking is weak and I'm unsure of where to look for the problem. - Grant