Solved

IP aliases appear rejected by ADSL modem

Posted on 2000-03-08
5
223 Views
Last Modified: 2010-03-18
My Redhat 6.1 (2.2.13 kernel) system is configured as a firewall and has several IP aliases on the public side.  IP MASQ via ipchains works fine: I can reach everywhere from the private side of the firewall.  My ISP is providing 8 static IP addresses.

The problem is that only one public IP (whichever one is assigned to the firewall as its primary IP address) gets to the Internet most of the time.  The remaining 7 addresses are invisible from the Internet although I can ping them reliably from the private side of the firewall and from the firewall machine itself.

The ADSL modem is an Alcatel "Home" model with forwarding enabled.  Its IP address is 10.0.0.138.  When I ping it with a version of ping that allows me to set the source IP address, it responds only to the primary IP address most of the time.  What is really confusing is that at one point I could ping with the entire range of 8 addresses and it would respond to all of them.  

The question is, why doesn't it do that all the time and how can I encourage it to do so reliably?
0
Comment
Question by:sanantonio030800
  • 2
  • 2
5 Comments
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
I need a bit more information, what are the 8 static addresses (probably a netblock of 8, I'd imagine).
0
 

Author Comment

by:sanantonio030800
Comment Utility
The 8 static addresses are a block of 8 with netmask 255.255.255.0: xxx.xxx.xxx.208-215.  Thanks.
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
Close, I have to have the actual IP's to try a traceroute to them. If you don't want them to be visible in a public forum, email them to jlevie@bellsouth.net.

FYI, the netmask has to be 255.255.255.252 for a netblock of 8.
0
 

Accepted Solution

by:
sanantonio030800 earned 100 total points
Comment Utility
I found the solution.  

The problem was that there were three networks involved,
(192.168.2.0/24 and xxx.xxx.xxx.0/255) but only the ADSL modem was on the third network (10.0.0.0/8).  When the ADSL modem would send out arp packets asking for the ethernet address of the various alias IPs, the machine would not answer because it was not configured to listen to or talk to the 10.0.0.0/8 network.

The solution was to add another aliased IP for the machine, this one on the 10.0.0.0/8 network (e.g., 10.0.0.1).  When that was done, tcpdump showed that arp packets were being received and answered.

The request for more information that would allow traceroute to be used was not pertinent because traceroute would show (and did show) that packets got to the upstream router and no further.  I should have mentioned that in the original posting.  The netmask I use was assigned by the ISP.  jlivie is correct that it should not be 255.255.255.0, but I figure it's OK as long as I don't need to reach anyone else in the same subnet!

The reason that the 8 addresses used to work and stopped working is that I had set up the 10.0.0.1 alias previously thinking it might be good for something, but I didn't make the connection between that and the sudden proper functioning of the aliases.  I didn't put the change in the boot-up files, and when the machine got rebooted that alias was not recreated.  That's when the problem reappeared.

I have powercycled the machine several times since making the 10.0.0.1 alias permanent several weeks ago, sometimes after a power outage lasting 12 hours, and all the aliases have always worked.  So I think that this is the solution to the problem.
0
 
LVL 3

Expert Comment

by:darinw
Comment Utility
Hello everyone,

I am moving this question to the PAQ.

-- I am accepting one of sanantonio's comments as an answer --

darinw
Customer Service
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now