Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 244
  • Last Modified:

IP aliases appear rejected by ADSL modem

My Redhat 6.1 (2.2.13 kernel) system is configured as a firewall and has several IP aliases on the public side.  IP MASQ via ipchains works fine: I can reach everywhere from the private side of the firewall.  My ISP is providing 8 static IP addresses.

The problem is that only one public IP (whichever one is assigned to the firewall as its primary IP address) gets to the Internet most of the time.  The remaining 7 addresses are invisible from the Internet although I can ping them reliably from the private side of the firewall and from the firewall machine itself.

The ADSL modem is an Alcatel "Home" model with forwarding enabled.  Its IP address is 10.0.0.138.  When I ping it with a version of ping that allows me to set the source IP address, it responds only to the primary IP address most of the time.  What is really confusing is that at one point I could ping with the entire range of 8 addresses and it would respond to all of them.  

The question is, why doesn't it do that all the time and how can I encourage it to do so reliably?
0
sanantonio030800
Asked:
sanantonio030800
  • 2
  • 2
1 Solution
 
jlevieCommented:
I need a bit more information, what are the 8 static addresses (probably a netblock of 8, I'd imagine).
0
 
sanantonio030800Author Commented:
The 8 static addresses are a block of 8 with netmask 255.255.255.0: xxx.xxx.xxx.208-215.  Thanks.
0
 
jlevieCommented:
Close, I have to have the actual IP's to try a traceroute to them. If you don't want them to be visible in a public forum, email them to jlevie@bellsouth.net.

FYI, the netmask has to be 255.255.255.252 for a netblock of 8.
0
 
sanantonio030800Author Commented:
I found the solution.  

The problem was that there were three networks involved,
(192.168.2.0/24 and xxx.xxx.xxx.0/255) but only the ADSL modem was on the third network (10.0.0.0/8).  When the ADSL modem would send out arp packets asking for the ethernet address of the various alias IPs, the machine would not answer because it was not configured to listen to or talk to the 10.0.0.0/8 network.

The solution was to add another aliased IP for the machine, this one on the 10.0.0.0/8 network (e.g., 10.0.0.1).  When that was done, tcpdump showed that arp packets were being received and answered.

The request for more information that would allow traceroute to be used was not pertinent because traceroute would show (and did show) that packets got to the upstream router and no further.  I should have mentioned that in the original posting.  The netmask I use was assigned by the ISP.  jlivie is correct that it should not be 255.255.255.0, but I figure it's OK as long as I don't need to reach anyone else in the same subnet!

The reason that the 8 addresses used to work and stopped working is that I had set up the 10.0.0.1 alias previously thinking it might be good for something, but I didn't make the connection between that and the sudden proper functioning of the aliases.  I didn't put the change in the boot-up files, and when the machine got rebooted that alias was not recreated.  That's when the problem reappeared.

I have powercycled the machine several times since making the 10.0.0.1 alias permanent several weeks ago, sometimes after a power outage lasting 12 hours, and all the aliases have always worked.  So I think that this is the solution to the problem.
0
 
darinwCommented:
Hello everyone,

I am moving this question to the PAQ.

-- I am accepting one of sanantonio's comments as an answer --

darinw
Customer Service
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now