Re: IP Aliasing: IPs Switched?
From: Lainee Scott
Date: Wed Nov 26 2008 - 15:33:41 EST
--- On Wed, 11/26/08, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote:
> From: Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx>
> Subject: Re: IP Aliasing: IPs Switched?
> To: "linux-net@xxxxxxxxxxxxxxx" <linux-net@xxxxxxxxxxxxxxx>
> Date: Wednesday, November 26, 2008, 11:55 AM
> Lainee Scott a écrit :
> > I suspect that in your opinion changing to_filter
> won't solve my problem.
> to_filter ?
Sorry, should have been rp_filter!
> > Any idea what might?
> Not yet. But even though addresses appear to be swapped
> somehow, the box still seems to be able to communicate using
> them, so I believe that the ARP and IP operation is OK. Have
> you checked with a packet sniffer ?
Unfortunately, I could not test due to the fact that our entire production environment was down. In my test network environment I cannot reproduce the issue to do any further testing.
> > Is there any other info I can provide to get some
> more guidance?
> Yes. Can you elaborate "Listening on .11 is DNS and on
> .12 is HTTP" ? Is this the load balancer ?
The server has 3 IPs associated with eth0:
For now, we can disregard .13. Nothing on that interface is servicing our customers.
The box itself it acting as a DNS server so on .11 it is responding to and handling DNS requests. On .12 it is responding to port 80 but using an iptables based load balancer - just a port forwarding rule using the iptables statistic module for balancing over 3 internal (192.168.1.x) addresses. Port 80 requests are being forwarded through the machine to Web servers sitting inside the firewall. (The machine in question is the firewall.)
When the issue occurred (after about 10 hours), DNS stopped responding and Web requests stopped responding because DNS was responding on .12 (instead of .11) and Web requests were responding on .11 (instead of .12). I know this because I manually tested the IPs and found this to be the case.
I was able to SSH to the box. I tested by telnetting locally and remotely to .11 and .12 and observing that they responded for services but were switched.
Any clues? Anything else I can provide? I've got to replace the current firewall...its on its last legs and old. But I don't have a solution unless I can get this to work. Any help would be huge!
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html