[gentoo-user] IP aliasing problem

[gentoo-user] IP aliasing problem

[Grant]

I'm trying to use a different SSL cert in apache2 for each of the two
domains on my server.  I don't want to use SNI or subjectAltName
because of lacking browser support and I want to use port 443 for both
domains.  I think this means I need to use separate IP addresses for
each of my domains.  I have 5 usable IPs from my host and I've defined
2 of them in /etc/conf.d/net like this:

config_eth0=(
        "1.2.3.1 netmask 255.255.255.0"
        "1.2.3.2 netmask 255.255.255.0"
)

My apache2 config is not working as expected and I think its due to a
networking problem because eth0:1 reports no RX or TX stats:

# ifconfig
eth0      Link encap:Ethernet  HWaddr [removed]
          inet addr:1.2.3.1  Bcast:[removed]  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:46047 errors:0 dropped:0 overruns:0 frame:0
          TX packets:65703 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6131194 (5.8 MiB)  TX bytes:82568335 (78.7 MiB)
          Interrupt:40

eth0:1    Link encap:Ethernet  HWaddr [removed]
          inet addr:1.2.3.2  Bcast:[removed]  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:40

Does anyone know how to get this working?

- Grant

Re: [gentoo-user] IP aliasing problem

[Stroller]

On 6 Oct 2010, at 19:02, Grant wrote:
> ...I have 5 usable IPs from my host and I've defined 2 of them in /etc/conf.d/net like this:

> 
> config_eth0=(
>        "1.2.3.1 netmask 255.255.255.0"
>        "1.2.3.2 netmask 255.255.255.0"
> )
> 
> My apache2 config is not working as expected and I think its due to a
> networking problem because eth0:1 reports no RX or TX stats:
> 
> # ifconfig
> eth0      Link encap:Ethernet  HWaddr [removed]
>          inet addr:1.2.3.1  Bcast:[removed]  Mask:255.255.255.0
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:46047 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:65703 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:1000
>          RX bytes:6131194 (5.8 MiB)  TX bytes:82568335 (78.7 MiB)
>          Interrupt:40
> 
> eth0:1    Link encap:Ethernet  HWaddr [removed]
>          inet addr:1.2.3.2  Bcast:[removed]  Mask:255.255.255.0
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          Interrupt:40

It's frustrating that you must conceal the IP addresses during a question like this, because it makes it harder to know whether you've misconfigured your host or just made a typo in transcription. It's probably clearer if you alter only the second octet of your IPs, and leave everything else otherwise intact.

However... if you have 5 usable IPs then your subnet mask will not be 255.255.255.0 - it'll be 255.255.255.248. See http://krow.net/dict/subnet.html
The broadcast address will also be affected. This is also known as a /29 subnet - IIRC you actually have 8 IPs assigned to you - one of them is used by the router, one of them is the broadcast, and the other is unused (the way 192.168.0.0 or 0.0.0.0 is normally unused).

Since your router has an IP in the same subnet, you'll know this is all working when you can ping the addresses of your webserver (1.2.3.1 & 1.2.3.2) from the router. 

Alternatively, set up a second PC - e.g. your laptop - on the globally-addressable subnet, and try pinging from there.

The normal situation with a home router is that it has a globally-addressable IP on it's "WAN" interface and a private IP (192.168.x.y) on its LAN interface. When you start using your globally-addressable IPs behind the router you usually need to tell it so, and I'm guessing you haven't done that.

If your laptop is currently using 192.168.a.b with a default gateway of 192.168.0.1, then the packets will be sent to the router for routing. And if the router is in the default configuration usual for home users, it won't know there's a 1.2.3.z subnet on your LAN, and it'll be trying to route the packets out into the internet (and those poor little packets will probably get very confused when they reach your ISP and it sends them back again!).

You can triple-home by setting eth0:2 to 192.168.c.d, and can (depending on your bridge/router configuration) continue to use private addresses for additional machines if you have more hosts on the LAN than you have globally-addressable IPs. Watch out for default gateway and DNS stuff! You'll probably want to give your laptop 1 private + 1 global IP whilst you're testing.

If your router is a fully-configurable Linux box then say so, and someone will be able to point you in the right direction for this. It's been a long time since I messed with this. I'm still using an old Draytek Vigor here, and this is all done by checking a radio button and pasting IP addressy stuff into boxes in the web-based configurator. The router has to operate in bridging mode to do this - on a Linux router you need configure as a bridge and NOT as a router (or, I think, as both).
http://www.google.com/search?q=bridge+5+usable+ips

My initial reaction to your question was, "Oh, Grant, this is simple network stuff", but whilst writing this my memory has been roughly refreshed, and I realise it's really not terribly simple at all. I'm extremely rusty at all this, and I'm also very tired, so I'm not going to write any more right now. 

Stroller.

Re: [gentoo-user] IP aliasing problem

[Grant]

>> ...I have 5 usable IPs from my host and I've defined 2 of them in /etc/conf.d/net like this:
>
>>
>> config_eth0=(
>>        "1.2.3.1 netmask 255.255.255.0"
>>        "1.2.3.2 netmask 255.255.255.0"
>> )
>>
>> My apache2 config is not working as expected and I think its due to a
>> networking problem because eth0:1 reports no RX or TX stats:
>>
>> # ifconfig
>> eth0      Link encap:Ethernet  HWaddr [removed]
>>          inet addr:1.2.3.1  Bcast:[removed]  Mask:255.255.255.0
>>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>          RX packets:46047 errors:0 dropped:0 overruns:0 frame:0
>>          TX packets:65703 errors:0 dropped:0 overruns:0 carrier:0
>>          collisions:0 txqueuelen:1000
>>          RX bytes:6131194 (5.8 MiB)  TX bytes:82568335 (78.7 MiB)
>>          Interrupt:40
>>
>> eth0:1    Link encap:Ethernet  HWaddr [removed]
>>          inet addr:1.2.3.2  Bcast:[removed]  Mask:255.255.255.0
>>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>          Interrupt:40
>
> It's frustrating that you must conceal the IP addresses during a question like this, because it makes it harder to know whether you've misconfigured your host or just made a typo in transcription. It's probably clearer if you alter only the second octet of your IPs, and leave everything else otherwise intact.
>
> However... if you have 5 usable IPs then your subnet mask will not be 255.255.255.0 - it'll be 255.255.255.248. See http://krow.net/dict/subnet.html
> The broadcast address will also be affected. This is also known as a /29 subnet - IIRC you actually have 8 IPs assigned to you - one of them is used by the router, one of them is the broadcast, and the other is unused (the way 192.168.0.0 or 0.0.0.0 is normally unused).
>
> Since your router has an IP in the same subnet, you'll know this is all working when you can ping the addresses of your webserver (1.2.3.1 & 1.2.3.2) from the router.
>
> Alternatively, set up a second PC - e.g. your laptop - on the globally-addressable subnet, and try pinging from there.
>
> The normal situation with a home router is that it has a globally-addressable IP on it's "WAN" interface and a private IP (192.168.x.y) on its LAN interface. When you start using your globally-addressable IPs behind the router you usually need to tell it so, and I'm guessing you haven't done that.
>
> If your laptop is currently using 192.168.a.b with a default gateway of 192.168.0.1, then the packets will be sent to the router for routing. And if the router is in the default configuration usual for home users, it won't know there's a 1.2.3.z subnet on your LAN, and it'll be trying to route the packets out into the internet (and those poor little packets will probably get very confused when they reach your ISP and it sends them back again!).
>
> You can triple-home by setting eth0:2 to 192.168.c.d, and can (depending on your bridge/router configuration) continue to use private addresses for additional machines if you have more hosts on the LAN than you have globally-addressable IPs. Watch out for default gateway and DNS stuff! You'll probably want to give your laptop 1 private + 1 global IP whilst you're testing.
>
> If your router is a fully-configurable Linux box then say so, and someone will be able to point you in the right direction for this. It's been a long time since I messed with this. I'm still using an old Draytek Vigor here, and this is all done by checking a radio button and pasting IP addressy stuff into boxes in the web-based configurator. The router has to operate in bridging mode to do this - on a Linux router you need configure as a bridge and NOT as a router (or, I think, as both).
> http://www.google.com/search?q=bridge+5+usable+ips
>
> My initial reaction to your question was, "Oh, Grant, this is simple network stuff", but whilst writing this my memory has been roughly refreshed, and I realise it's really not terribly simple at all. I'm extremely rusty at all this, and I'm also very tired, so I'm not going to write any more right now.
>
> Stroller.

Thank you for taking the time to write Stroller.  This has really got
my head spinning.  First of all, you're right about the netmask.  It
is 255.255.255.248.  I didn't have a good understanding of what a
netmask is so I thought it would be smart to change it for a public
message.

The server is remote and hosted so I don't have any control over the
router or network.  I've gone back and forth with the host but they
insist that everything is fine on their end.

I'm confused because I have in apache2 config:

<VirtualHost 1.2.3.1:443>
...
SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key
...
</VirtualHost>
<VirtualHost 1.2.3.2:443>
...
SSLCertificateFile /etc/apache2/ssl/www.example2.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.example2.com.key
...
</VirtualHost>

But if I request https://1.2.3.2 or https://1.2.3.2:443, I'm presented
with an SSL cert that has www.example1.com for the Common Name.  I
used openssl to verify that the Common Name for www.example2.com.crt
is www.example2.com.

My knowledge of networking is weak and I'm unsure of where to look for
the problem.

- Grant

Re: [gentoo-user] IP aliasing problem

[BRM]

----- Original Message ----

> Thank you for taking the time to write Stroller.  This has  really got
> my head spinning.  First of all, you're right about the  netmask.  It
> is 255.255.255.248.  I didn't have a good  understanding of what a
> netmask is so I thought it would be smart to change  it for a public
> message.
> 
> The server is remote and hosted so I don't  have any control over the
> router or network.  I've gone back and forth  with the host but they
> insist that everything is fine on their  end.
> 
> I'm confused because I have in apache2  config:
> 
> <VirtualHost 1.2.3.1:443>
> ...
> SSLCertificateFile  /etc/apache2/ssl/www.example1.com.crt
> SSLCertificateKeyFile  /etc/apache2/ssl/www.example1.com.key
> ...
> </VirtualHost>
> <VirtualHost  1.2.3.2:443>
> ...
> SSLCertificateFile  /etc/apache2/ssl/www.example2.com.crt
> SSLCertificateKeyFile  /etc/apache2/ssl/www.example2.com.key
> ...
> </VirtualHost>
> 
> But  if I request https://1.2.3.2 or https://1.2.3.2:443, I'm  presented
> with an SSL cert that has www.example1.com for the Common Name.   I
> used openssl to verify that the Common Name for www.example2.com.crt
> is www.example2.com.
> 

I would suggest setting up separate access and error logs for each virtual host 
so you can see who is actually getting the connection, and then going from 
there.
That will probably point out your real problem.

Ben

[gentoo-user] Re: IP aliasing problem

[walt]

On 10/06/2010 03:17 PM, Grant wrote:

> The server is remote and hosted so I don't have any control over the
> router or network.  I've gone back and forth with the host but they
> insist that everything is fine on their end.

Hi Grant.  I know less than you about networking, but I am curious
about the way you use the word 'host'.

I'm guessing that you are paying a third party (maybe some company
similar to rackspace.com) to serve your (two?) websites on their
hardware?

I'm also guessing that the third party is running apache on their
own servers, right?

These are newbie questions, but I'm hoping to focus our thoughts
on the parts of your questions that seem sorta vague to me.

I'm also hoping to learn something along the way, of course :)

Re: [gentoo-user] IP aliasing problem

[Michael Orlitzky]

On 10/06/2010 06:17 PM, Grant wrote:
> I'm confused because I have in apache2 config:
> 
> <VirtualHost 1.2.3.1:443>
> ...
> SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt
> SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key
> ...
> </VirtualHost>
> <VirtualHost 1.2.3.2:443>
> ...
> SSLCertificateFile /etc/apache2/ssl/www.example2.com.crt
> SSLCertificateKeyFile /etc/apache2/ssl/www.example2.com.key
> ...
> </VirtualHost>
> 
> But if I request https://1.2.3.2 or https://1.2.3.2:443, I'm presented
> with an SSL cert that has www.example1.com for the Common Name.  I
> used openssl to verify that the Common Name for www.example2.com.crt
> is www.example2.com.

Make sure you don't have SSLCertificateFile/SSLCertificateKeyFile
defined anywhere outside of the virtual hosts.

Re: [gentoo-user] IP aliasing problem

[Grant]

>> I'm confused because I have in apache2 config:
>>
>> <VirtualHost 1.2.3.1:443>
>> ...
>> SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt
>> SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key
>> ...
>> </VirtualHost>
>> <VirtualHost 1.2.3.2:443>
>> ...
>> SSLCertificateFile /etc/apache2/ssl/www.example2.com.crt
>> SSLCertificateKeyFile /etc/apache2/ssl/www.example2.com.key
>> ...
>> </VirtualHost>
>>
>> But if I request https://1.2.3.2 or https://1.2.3.2:443, I'm presented
>> with an SSL cert that has www.example1.com for the Common Name.  I
>> used openssl to verify that the Common Name for www.example2.com.crt
>> is www.example2.com.
>
> Make sure you don't have SSLCertificateFile/SSLCertificateKeyFile
> defined anywhere outside of the virtual hosts.

It was ServerName.  I had ServerName defined as www.example1.com in
/etc/apache2/vhosts.d/default_vhost.include.  I removed it from there
and added it to each of my SSL VirtualHost blocks and now everything
works.  I noticed that removing ServerName entirely works for Firefox,
but in that case SSL wouldn't work for either domain in Opera.

I thought ServerName was just a label like ServerAdmin.  Should I be
OK only having it defined in each of my SSL VirtualHost blocks?

Thanks a lot for everyone's help with this.  You helped me realize it
was an apache2 config problem.

- Grant

Re: [gentoo-user] IP aliasing problem

[Stroller]

On 6 Oct 2010, at 23:17, Grant wrote:

>>> ...I have 5 usable IPs from my host and I've defined 2 of them in /etc/conf.d/net like this:
>>> 
>>> config_eth0=(
>>>        "1.2.3.1 netmask 255.255.255.0"
>>>        "1.2.3.2 netmask 255.255.255.0"
>>> )
>>> 
>>> My apache2 config is not working as expected and I think its due to a
>>> networking problem because eth0:1 reports no RX or TX stats:
>>> 
>>> # ifconfig
>>> eth0      Link encap:Ethernet  HWaddr [removed]
>>>          inet addr:1.2.3.1  Bcast:[removed]  Mask:255.255.255.0
>>>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>          RX packets:46047 errors:0 dropped:0 overruns:0 frame:0
>>>          TX packets:65703 errors:0 dropped:0 overruns:0 carrier:0
>>>          collisions:0 txqueuelen:1000
>>>          RX bytes:6131194 (5.8 MiB)  TX bytes:82568335 (78.7 MiB)
>>>          Interrupt:40
>>> 
>>> eth0:1    Link encap:Ethernet  HWaddr [removed]
>>>          inet addr:1.2.3.2  Bcast:[removed]  Mask:255.255.255.0
>>>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>          Interrupt:40
>> 
> ...
> Thank you for taking the time to write Stroller.  This has really got
> my head spinning.  First of all, you're right about the netmask.  It
> is 255.255.255.248.  I didn't have a good understanding of what a
> netmask is so I thought it would be smart to change it for a public
> message.
> 
> The server is remote and hosted so I don't have any control over the
> router or network.  I've gone back and forth with the host but they
> insist that everything is fine on their end.
> 
> I'm confused because I have in apache2 config:
> 
> <VirtualHost 1.2.3.1:443>
> ...
> SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt
> SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key
> ...

Suggest you first establish you can ping *both* IPs.

Stroller.

Re: [gentoo-user] IP aliasing problem

[Grant]

>>>> ...I have 5 usable IPs from my host and I've defined 2 of them in /etc/conf.d/net like this:
>>>>
>>>> config_eth0=(
>>>>        "1.2.3.1 netmask 255.255.255.0"
>>>>        "1.2.3.2 netmask 255.255.255.0"
>>>> )
>>>>
>>>> My apache2 config is not working as expected and I think its due to a
>>>> networking problem because eth0:1 reports no RX or TX stats:
>>>>
>>>> # ifconfig
>>>> eth0      Link encap:Ethernet  HWaddr [removed]
>>>>          inet addr:1.2.3.1  Bcast:[removed]  Mask:255.255.255.0
>>>>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>>          RX packets:46047 errors:0 dropped:0 overruns:0 frame:0
>>>>          TX packets:65703 errors:0 dropped:0 overruns:0 carrier:0
>>>>          collisions:0 txqueuelen:1000
>>>>          RX bytes:6131194 (5.8 MiB)  TX bytes:82568335 (78.7 MiB)
>>>>          Interrupt:40
>>>>
>>>> eth0:1    Link encap:Ethernet  HWaddr [removed]
>>>>          inet addr:1.2.3.2  Bcast:[removed]  Mask:255.255.255.0
>>>>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>>          Interrupt:40
>>>
>> ...
>> Thank you for taking the time to write Stroller.  This has really got
>> my head spinning.  First of all, you're right about the netmask.  It
>> is 255.255.255.248.  I didn't have a good understanding of what a
>> netmask is so I thought it would be smart to change it for a public
>> message.
>>
>> The server is remote and hosted so I don't have any control over the
>> router or network.  I've gone back and forth with the host but they
>> insist that everything is fine on their end.
>>
>> I'm confused because I have in apache2 config:
>>
>> <VirtualHost 1.2.3.1:443>
>> ...
>> SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt
>> SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key
>> ...
>
> Suggest you first establish you can ping *both* IPs.

Thanks Stroller.  It's working now.  I needed to define apache2's
ServerName differently for each VirtualHost.  Strangely though, I
still don't get stats for RX/TX from ifconfig:

eth0      Link encap:Ethernet  HWaddr [removed]
          inet addr:1.2.3.1  Bcast:[removed]  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:923677 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1444212 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:124904402 (119.1 MiB)  TX bytes:1880087116 (1.7 GiB)
          Interrupt:40

eth0:1    Link encap:Ethernet  HWaddr [removed]
          inet addr:1.2.3.2  Bcast:[removed]  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:40

- Grant

Re: [gentoo-user] IP aliasing problem

[BRM]

> ServerName differently for  each VirtualHost.  Strangely though, I

> still don't get stats for RX/TX  from ifconfig:
> 
> eth0      Link encap:Ethernet  HWaddr  [removed]
>           inet addr:1.2.3.1   Bcast:[removed]  Mask:255.255.255.248
>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>            RX packets:923677 errors:0 dropped:0 overruns:0  frame:0
>           TX packets:1444212 errors:0  dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:1000
>           RX  bytes:124904402 (119.1 MiB)  TX bytes:1880087116 (1.7 GiB)
>            Interrupt:40
> 
> eth0:1    Link  encap:Ethernet  HWaddr [removed]
>           inet  addr:1.2.3.2  Bcast:[removed]  Mask:255.255.255.248
>            UP BROADCAST RUNNING MULTICAST  MTU:1500   Metric:1
>           Interrupt:40

Remember eth0:1 is an alias for eth0.

Your above info is slightly wrong in that eth0 should be listed as eth0:0; where 
instead ifconfig is showing eth0 generic information and eth0:0 information 
combined.
That's probably the source of your confusion.

Don't know how to remedy it though.

HTH,

Ben

Re: [gentoo-user] IP aliasing problem

[Stroller]

On 7 Oct 2010, at 18:51, BRM wrote:

>> ServerName differently for  each VirtualHost.  Strangely though, I
>> still don't get stats for RX/TX  from ifconfig:
>> 
>> eth0      Link encap:Ethernet  HWaddr  [removed]
>>          inet addr:1.2.3.1   Bcast:[removed]  Mask:255.255.255.248
>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>           RX packets:923677 errors:0 dropped:0 overruns:0  frame:0
>>          TX packets:1444212 errors:0  dropped:0 overruns:0 carrier:0
>>           collisions:0 txqueuelen:1000
>>          RX  bytes:124904402 (119.1 MiB)  TX bytes:1880087116 (1.7 GiB)
>>           Interrupt:40
>> 
>> eth0:1    Link  encap:Ethernet  HWaddr [removed]
>>          inet  addr:1.2.3.2  Bcast:[removed]  Mask:255.255.255.248
>>           UP BROADCAST RUNNING MULTICAST  MTU:1500   Metric:1
>>          Interrupt:40
> 
> Remember eth0:1 is an alias for eth0.
> 
> Your above info is slightly wrong in that eth0 should be listed as eth0:0; where 
> instead ifconfig is showing eth0 generic information and eth0:0 information 
> combined.
> That's probably the source of your confusion.

On a system running 2.4.25 here I have:

$ ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:02:A5:1B:01:59  
          inet addr:213.x.y.91  Bcast:213.x.y.95  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:211366804 errors:0 dropped:0 overruns:0 frame:0
          TX packets:306200382 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1542358934 (1470.9 Mb)  TX bytes:1547826181 (1476.1 Mb)
          Interrupt:20 Base address:0xd000 

eth0:1    Link encap:Ethernet  HWaddr 00:02:A5:1B:01:59  
          inet addr:192.168.1.43  Bcast:192.168.255.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:211366804 errors:0 dropped:0 overruns:0 frame:0
          TX packets:306200384 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1542358934 (1470.9 Mb)  TX bytes:1547826521 (1476.1 Mb)
          Interrupt:20 Base address:0xd000 

lo        Link encap:Local Loopback  
...


The same TX & RX are shown for both interfaces.

I don't know whether the tools have changed much since those I'm using on this box, but the difference *might* be that Grant's IPs are on the same subnet. I *think* it's possible for the route (as in: `man route`) to configure packets that come in on 1.2.3.2 to be replied to via 1.2.3.1.

You might set up a spare test box to see how current ifconfig displays packets, comparing aliased addresses on the same and separate subnets.

Stroller.

Re: [gentoo-user] IP aliasing problem

[Grant]

>>> ServerName differently for  each VirtualHost.  Strangely though, I
>>> still don't get stats for RX/TX  from ifconfig:
>>>
>>> eth0      Link encap:Ethernet  HWaddr  [removed]
>>>          inet addr:1.2.3.1   Bcast:[removed]  Mask:255.255.255.248
>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>           RX packets:923677 errors:0 dropped:0 overruns:0  frame:0
>>>          TX packets:1444212 errors:0  dropped:0 overruns:0 carrier:0
>>>           collisions:0 txqueuelen:1000
>>>          RX  bytes:124904402 (119.1 MiB)  TX bytes:1880087116 (1.7 GiB)
>>>           Interrupt:40
>>>
>>> eth0:1    Link  encap:Ethernet  HWaddr [removed]
>>>          inet  addr:1.2.3.2  Bcast:[removed]  Mask:255.255.255.248
>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500   Metric:1
>>>          Interrupt:40
>>
>> Remember eth0:1 is an alias for eth0.
>>
>> Your above info is slightly wrong in that eth0 should be listed as eth0:0; where
>> instead ifconfig is showing eth0 generic information and eth0:0 information
>> combined.
>> That's probably the source of your confusion.
>
> On a system running 2.4.25 here I have:
>
> $ ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:02:A5:1B:01:59
>          inet addr:213.x.y.91  Bcast:213.x.y.95  Mask:255.255.255.248
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:211366804 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:306200382 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:1000
>          RX bytes:1542358934 (1470.9 Mb)  TX bytes:1547826181 (1476.1 Mb)
>          Interrupt:20 Base address:0xd000
>
> eth0:1    Link encap:Ethernet  HWaddr 00:02:A5:1B:01:59
>          inet addr:192.168.1.43  Bcast:192.168.255.255  Mask:255.255.255.0
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:211366804 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:306200384 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:1000
>          RX bytes:1542358934 (1470.9 Mb)  TX bytes:1547826521 (1476.1 Mb)
>          Interrupt:20 Base address:0xd000
>
> lo        Link encap:Local Loopback
> ...
>
>
> The same TX & RX are shown for both interfaces.
>
> I don't know whether the tools have changed much since those I'm using on this box, but the difference *might* be that Grant's IPs are on the same subnet. I *think* it's possible for the route (as in: `man route`) to configure packets that come in on 1.2.3.2 to be replied to via 1.2.3.1.
>
> You might set up a spare test box to see how current ifconfig displays packets, comparing aliased addresses on the same and separate subnets.
>
> Stroller.

OK, thanks guys.

- Grant

Re: [gentoo-user] IP aliasing problem

[Adam Carter]

[-- Attachment #1: Type: text/plain, Size: 683 bytes --]

> > The same TX & RX are shown for both interfaces.
>

That implies that they are layer 2 counters and will therefore be the same
for a given physical interface.

> I don't know whether the tools have changed much since those I'm using on
> this box, but the difference *might* be that Grant's IPs are on the same
> subnet. I *think* it's possible for the route (as in: `man route`) to
> configure packets that come in on 1.2.3.2 to be replied to via 1.2.3.1.
>

If the return packets are part of the same TCP session it will automatically
be sent from the correct IP address. If it didnt, the remote end wouldnt
consider the return packets part of the same session and reject them.

[-- Attachment #2: Type: text/html, Size: 1085 bytes --]