[BlueOnyx:26643] Re: Interfaces and default routes

Darren Wolfe darren at intersys-group.com
Thu Dec 7 10:37:37 -05 2023 

The interface configuration files in /etc/sysconfig/network-scripts appear to be correct, so I am not sure where this might be coming from!


From: Taco Scargo <taco at blueonyx.nl>
Sent: Thursday, December 7, 2023 3:15 PM
To: Darren Wolfe <darren at intersys-group.com>; BlueOnyx General Mailing List <blueonyx at mail.blueonyx.it>
Subject: Re: [BlueOnyx:26641] Interfaces and default routes

I see 1.1.1.225 is configured on eth1 as well though.
That should not be.


I think that is why the default gateway is also “attached” to eth1.


1.1.1.225       0.0.0.0         255.255.255.255 UH    101    0        0 eth1




On 7 Dec 2023, at 14:33, Darren Wolfe via Blueonyx <blueonyx at mail.blueonyx.it<mailto:blueonyx at mail.blueonyx.it>> wrote:

Hi,

I've adjusted for privacies sake, but the last octet is unchanged so the netmasks and network ranges make sense

eth0 (public interface): 1.1.1.238, netmask 255.255.255.224
Gateway address is 1.1.1.225

eth1 (private interface): 192.168.17.18, netmask 255.255.255.0
No gateway address or any other routes needed, this is used as a simple DMZ




-----Original Message-----
From: Taco Scargo <taco at blueonyx.nl<mailto:taco at blueonyx.nl>>
Sent: Thursday, December 7, 2023 8:35 AM
To: Darren Wolfe <darren at intersys-group.com<mailto:darren at intersys-group.com>>; BlueOnyx General Mailing List
<blueonyx at mail.blueonyx.it<mailto:blueonyx at mail.blueonyx.it>>
Subject: Re: [BlueOnyx:26639] Interfaces and default routes

Darren,

Would you be so kind to share the IP addresses of the interfaces?
Because the routing table does not make sense at all and it almost seems that
both interfaces share the same network address space, which you should never
do.

Thanks,

Taco


On 7 Dec 2023, at 00:44, Darren Wolfe via Blueonyx
<blueonyx at mail.blueonyx.it<mailto:blueonyx at mail.blueonyx.it>> wrote:


Hi,


Indeed, the IPv6 autoconf=no should be set. I'll see to it.

Thank you!


As for the default gateway? In my understanding there should be only one
default gateway and that should apply to all interfaces. There may be
additional routes that direct traffic destined for an internal network
to the interface that the internal network is connected to. Or if
OpenVPN is present, there ought to be a route that allows traffic to be
directed to the private network that OpenVPN clients use.

But there shouldn't be two default gateways.


I shouldn't have confused the issue by mentioning two public default routes, but
the idea that the default gateway should apply to all interfaces is an assumption
that does not always hold. In my case, the public-facing interface has a public IP
address as one would expect, but there is a DMZ network on a different interface
and private address range which should not have the same default route applied
to it.


I may be misinterpreting what I see on the boxes which is that when the server
is rebooted.  This is how it looks:

eth0 is the public interface, eth1 is the private (ip's have been changed)

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         1.1.1.225       0.0.0.0         UG    100    0        0 eth0
0.0.0.0         1.1.1.225       0.0.0.0         UG    101    0        0 eth1
1.1.1.224       0.0.0.0         255.255.255.224 U     100    0        0 eth0
1.1.1.225       0.0.0.0         255.255.255.255 UH    101    0        0 eth1
192.168.17.0    0.0.0.0         255.255.255.0   U     101    0        0 eth1

I don't know what that 4th rule is attempting to do..

Sometimes eth1 will get the lower route metric, which results in no network
connectivity. Even like the above, active monitor says:

The network interface eth0 is down. The network interface eth1 is down.

If the incorrect routes - the 2nd and 4th in the above, are removed, all is well.




_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it<mailto:Blueonyx at mail.blueonyx.it>
http://mail.blueonyx.it/mailman/listinfo/blueonyx


_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it<mailto:Blueonyx at mail.blueonyx.it>
http://mail.blueonyx.it/mailman/listinfo/blueonyx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20231207/ebb90f9d/attachment.html>

More information about the Blueonyx mailing list