EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Tuesday 24 December 2024, 12:22:09 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
The Latest Endian Firewall is now available for download
HERE
14262
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
[Solved] EFW 2.5.1 RED additional addresses not visible
0 Members and 0 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: [Solved] EFW 2.5.1 RED additional addresses not visible (Read 11300 times)
vsenko
Full Member
Offline
Posts: 19
[Solved] EFW 2.5.1 RED additional addresses not visible
«
on:
Saturday 12 January 2013, 01:37:20 am »
Good day everyone!
I'm in the middle of migrating to EFW Community, but there is a problem I can't handle.
I installed EFW and set up RED Uplink with the main IP and three additional IPs from the same subnet. I can ping the main IP and the secondary IPs from their subnet, but when I try to ping them from anywhere else in the internet, only the main IP is visible.
I also tried to add a port forwarding rule. It works the same way - I can access the NATed server through the main IP from anywhere, but if I try to access it through the secondary IP, I can do it only from it's subnet.
And even more - I added the TRACE rules to iptables (iptables -t raw -A OUTPUT -p icmp -j TRACE, iptables -t raw -A PREROUTING -p icmp -j TRACE) and examined the logs. When I pinged the main IP from anywhere, I saw ICMP activity. But when I pinged the secondary IPs, I saw ICMP activity only if I pinged them from their subnet.
The secondary IPs are in the same logical subnet as the main IP - it's for sure.
I thought it could be the routing problem, but in this case the incomming packets should appear in the logs.
I am totally confused!
Suggestions anybody?
Logged
vsenko
Full Member
Offline
Posts: 19
Re: EFW 2.5.1 RED additional addresses not visible
«
Reply #1 on:
Friday 18 January 2013, 11:57:12 pm »
Spent some time analyzing packets and thats what I found.
Our Astaro box uses gratuitous arp to announce each of its addresses, but EFW does not. Is there any common solution or I should write s script?
Logged
vsenko
Full Member
Offline
Posts: 19
Re: EFW 2.5.1 RED additional addresses not visible
«
Reply #2 on:
Friday 25 January 2013, 06:34:02 pm »
So the solution is to run the following script every several minutes:
ip addr show dev eth0 | grep inet | grep -v inet6 | awk '{print $2}' | cut -d"/" -f1 | while read line ; do arping -I eth0 -c 2 -U $line ; done
This announces all the IPs attached to the NIC and their corresponding MAC addresses.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.063 seconds with 21 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com