Packets sent from an alias have wrong source address
I have a private IP alias on my public ethernet interface.
The problem is that packets sent to private addresses have public source
address instead of the private one. This behaviour for example breaks the
The box does not act as a router.
$ ifconfig eg0
inet 184.108.40.206 netmask 0xffffffe0 broadcast 220.127.116.11
inet 192.168.128.14 netmask 0xffffff00 broadcast 192.168.128.255
$ netstat -rn
Destination Gateway Netmask Flags Refs Use Interface
default 18.104.22.168 UGS 6 18959 eg0
192.168.10 link#5 0xffffff00 UC 0 0 ef0
192.168.128 link#4 0xffffff00 UCS 0 0 eg0
Here is what happens when I try to ping, say, 192.168.128.1:
# snoop -V 192.168.128.1
Using device eg0 (promiscuous mode)
cactus -> 192.168.128.1 ETHER Type=0800 (IP), size = 98 bytes
cactus -> 192.168.128.1 IP D=192.168.128.1 S=22.214.171.124 LEN=84,
cactus -> 192.168.128.1 ICMP Echo request (ID: 7661 Sequence number: 0)
192.168.128.1 -> cactus ETHER Type=0800 (IP), size = 98 bytes
192.168.128.1 -> cactus IP D=126.96.36.199 S=192.168.128.1 LEN=84,
192.168.128.1 -> cactus ICMP Echo reply (ID: 7661 Sequence number: 0)
Can it be because the primary address has a different netmask (it is
recommended at techpubs that "the primary address of an interface and all its
IP aliases should share a common subnet address.")?
Thanks for any help,
Re: Packets sent from an alias have wrong source address
On 2004-01-28, Benjamin Goldsteen <email@example.com> wrote:[color=blue]
> Marek Zawadzki <firstname.lastname@example.org> wrote in message
>> I have a private IP alias on my public ethernet interface.
>> The problem is that packets sent to private addresses have public source
>> address instead of the private one. This behaviour for example breaks the
>> firewall rules.[/color]
> IRIX always sets the source IP address of a packet to the primary IP
> address of the interface. There are pros and cons of this approach
> but that is the way that IRIX does it and I don't think it will
Hmm, that's weird. And what are the pros, may I ask?
Anyway - can somebody point me out to the offcial documentation
(techpubs/manual) which states the above/provides some workarounds?
>> The box does not act as a router.[/color]
> IRIX does not make a good router.[/color]
Like I said, it does not act as a router.
Marek Zawadzki, System Administrator
Poznan Supercomputing & Networking Center