|
Title: [Solved] EFW 2.5.1 RED additional addresses not visible Post by: vsenko on Saturday 12 January 2013, 01:37:20 am Good day everyone!
I'm in the middle of migrating to EFW Community, but there is a problem I can't handle. I installed EFW and set up RED Uplink with the main IP and three additional IPs from the same subnet. I can ping the main IP and the secondary IPs from their subnet, but when I try to ping them from anywhere else in the internet, only the main IP is visible. I also tried to add a port forwarding rule. It works the same way - I can access the NATed server through the main IP from anywhere, but if I try to access it through the secondary IP, I can do it only from it's subnet. And even more - I added the TRACE rules to iptables (iptables -t raw -A OUTPUT -p icmp -j TRACE, iptables -t raw -A PREROUTING -p icmp -j TRACE) and examined the logs. When I pinged the main IP from anywhere, I saw ICMP activity. But when I pinged the secondary IPs, I saw ICMP activity only if I pinged them from their subnet. The secondary IPs are in the same logical subnet as the main IP - it's for sure. I thought it could be the routing problem, but in this case the incomming packets should appear in the logs. I am totally confused! Suggestions anybody? Title: Re: EFW 2.5.1 RED additional addresses not visible Post by: vsenko on Friday 18 January 2013, 11:57:12 pm Spent some time analyzing packets and thats what I found.
Our Astaro box uses gratuitous arp to announce each of its addresses, but EFW does not. Is there any common solution or I should write s script? Title: Re: EFW 2.5.1 RED additional addresses not visible Post by: vsenko on Friday 25 January 2013, 06:34:02 pm So the solution is to run the following script every several minutes:
ip addr show dev eth0 | grep inet | grep -v inet6 | awk '{print $2}' | cut -d"/" -f1 | while read line ; do arping -I eth0 -c 2 -U $line ; done This announces all the IPs attached to the NIC and their corresponding MAC addresses. |