Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 17 November 2024, 07:27:46 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14258 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  [Solved] EFW 2.5.1 RED additional addresses not visible
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: [Solved] EFW 2.5.1 RED additional addresses not visible  (Read 10311 times)
vsenko
Full Member
***
Offline Offline

Posts: 19


« on: Saturday 12 January 2013, 01:37:20 am »

Good day everyone!

I'm in the middle of migrating to EFW Community, but there is a problem I can't handle.

I installed EFW and set up RED Uplink with the main IP and three additional IPs from the same subnet. I can ping the main IP and the secondary IPs from their subnet, but when I try to ping them from anywhere else in the internet, only the main IP is visible.
I also tried to add a port forwarding rule. It works the same way - I can access the NATed server through the main IP from anywhere, but if I try to access it through the secondary IP, I can do it only from it's subnet.
And even more - I added the TRACE rules to iptables (iptables -t raw -A OUTPUT -p icmp -j TRACE, iptables -t raw -A PREROUTING -p icmp -j TRACE) and examined the logs. When I pinged the main IP from anywhere, I saw ICMP activity. But when I pinged the secondary IPs, I saw ICMP activity only if I pinged them from their subnet.
The secondary IPs are in the same logical subnet as the main IP - it's for sure.
I thought it could be the routing problem, but in this case the incomming packets should appear in the logs.

I am totally confused!
Suggestions anybody?
Logged
vsenko
Full Member
***
Offline Offline

Posts: 19


« Reply #1 on: Friday 18 January 2013, 11:57:12 pm »

Spent some time analyzing packets and thats what I found.
Our Astaro box uses gratuitous arp to announce each of its addresses, but EFW does not. Is there any common solution or I should write s script?
Logged
vsenko
Full Member
***
Offline Offline

Posts: 19


« Reply #2 on: Friday 25 January 2013, 06:34:02 pm »

So the solution is to run the following script every several minutes:
ip addr show dev eth0 | grep inet | grep -v inet6 | awk '{print $2}' | cut -d"/" -f1 | while read line ; do arping -I eth0 -c 2 -U $line ; done
This announces all the IPs attached to the NIC and their corresponding MAC addresses.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com