Packets sent from an alias have wrong source address - SGI

This is a discussion on Packets sent from an alias have wrong source address - SGI ; I have a private IP alias on my public ethernet interface. The problem is that packets sent to private addresses have public source address instead of the private one. This behaviour for example breaks the firewall rules. The box does ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Packets sent from an alias have wrong source address

  1. Packets sent from an alias have wrong source address

    I have a private IP alias on my public ethernet interface.
    The problem is that packets sent to private addresses have public source
    address instead of the private one. This behaviour for example breaks the
    firewall rules.
    The box does not act as a router.

    $ ifconfig eg0
    eg0: flags=8c15c43 LINK0,IPALIAS,HIGHBW,IPV6>
    inet 150.254.173.5 netmask 0xffffffe0 broadcast 150.254.173.31
    inet 192.168.128.14 netmask 0xffffff00 broadcast 192.168.128.255

    $ netstat -rn
    Routing tables

    Internet:
    Destination Gateway Netmask Flags Refs Use Interface
    default 150.254.173.14 UGS 6 18959 eg0
    192.168.10 link#5 0xffffff00 UC 0 0 ef0
    192.168.128 link#4 0xffffff00 UCS 0 0 eg0

    Here is what happens when I try to ping, say, 192.168.128.1:

    # snoop -V 192.168.128.1
    Using device eg0 (promiscuous mode)
    ________________________________
    cactus -> 192.168.128.1 ETHER Type=0800 (IP), size = 98 bytes
    cactus -> 192.168.128.1 IP D=192.168.128.1 S=150.254.173.5 LEN=84,
    ID=54202
    cactus -> 192.168.128.1 ICMP Echo request (ID: 7661 Sequence number: 0)
    ________________________________
    192.168.128.1 -> cactus ETHER Type=0800 (IP), size = 98 bytes
    192.168.128.1 -> cactus IP D=150.254.173.5 S=192.168.128.1 LEN=84,
    ID=63556
    192.168.128.1 -> cactus ICMP Echo reply (ID: 7661 Sequence number: 0)


    Can it be because the primary address has a different netmask (it is
    recommended at techpubs that "the primary address of an interface and all its
    IP aliases should share a common subnet address.")?

    Thanks for any help,

    -marek

  2. Re: Packets sent from an alias have wrong source address

    On 2004-01-28, Benjamin Goldsteen wrote:
    > Marek Zawadzki wrote in message
    > news:...
    >> I have a private IP alias on my public ethernet interface.
    >> The problem is that packets sent to private addresses have public source
    >> address instead of the private one. This behaviour for example breaks the
    >> firewall rules.

    >
    > IRIX always sets the source IP address of a packet to the primary IP
    > address of the interface. There are pros and cons of this approach
    > but that is the way that IRIX does it and I don't think it will
    > change.


    Hmm, that's weird. And what are the pros, may I ask?
    Anyway - can somebody point me out to the offcial documentation
    (techpubs/manual) which states the above/provides some workarounds?

    >> The box does not act as a router.

    >
    > IRIX does not make a good router.


    Like I said, it does not act as a router.

    Thanks,

    -marek

    --
    Marek Zawadzki, System Administrator
    Poznan Supercomputing & Networking Center
    http://www.man.poznan.pl/~mzawadzk

+ Reply to Thread