Two NICs, two gateways, multiple aliases under each

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite
1












Last year I set up a CentOS 6 machine with two NICs, each using a separate gateway. Multiple aliases exist under NIC#1 (em1, em1:0, em1:1, ect), but currently only one interface exists under NIC#2 (em2).



I need to add an aliases to NIC#2 and am unsure how best to proceed.



Here is a quick summary of how I arrived at a working config as of now:



/etc/sysconfig/network-scripts/



em1
 DEVICE=em1
 NAME=siteABC
 IP=22.22.22.214
 GATEWAY=22.22.22.2
 NETMASK=255.255.255.0
 GATEWAY=22.22.22.2
 DNS1=1.1.1.1
 DNS2=1.1.1.2
 TYPE=Ethernet
 ONBOOT=yes
 BOOTPROTO=none

em1:0
 DEVICE=em1:0
 NAME=siteABC
 IPADDR=22.22.22.215
 GATEWAY=22.22.22.2
 NETMASK=255.255.255.0
 GATEWAY=22.22.22.2
 DNS1=1.1.1.1
 DNS2=1.1.1.2
 TYPE=Ethernet
 ONBOOT=yes
 BOOTPROTO=none

em2 
 DEVICE=em2
 NAME=sitetwo
 HWADDR=$MACADDRESS
 IPADDR=44.44.44.69
 NETMASK=255.255.255.0
 #GATEWAY= ### commented out per below ###
 DNS1=1.1.1.1
 DNS2=1.1.1.2
 TYPE=Ethernet
 ONBOOT=yes
 BOOTPROTO=none


/etc/iproute2/rt_tables was edited to add a new line at the bottom (below #1 inr.ruhep). The new line contains 200 MGMT. 



#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
200 MGMT


/etc/sysconfig/network-scripts/route-em2 was created with the following:



default table MGMT via 44.44.44.2

** Note that 44.44.44.2 is the gateway of the second NIC (the public WAN). **


Lastly, I created a rules file called /etc/sysconfig/network-scripts/rule-em2 with the following:



from 44.44.44.69 table MGMT


Continued:



The default gateway has multiple aliases configured (em1, em1:0, em1:1, ect). The second gateway only has one interface (em2) however I need to add alias em2:0 for another site IP hosted by the machine.



What I've tried today



I configured an alias called em2:0 which mirrors em2 except for DEVICE, NAME, and IPADDR. The network restarted without a problem, but I'm not able to access the newly configured IPADDR under em2:0.



Question



Do I just need to add another entry in the /etc/sysconfig/network-scripts/rule-em2 file (shown above)? Or is there more to do to add an alias under em2? This is a production system and I am hesitant to make a quick change to see what happens.




centos networking network-interface route




share|improve this question






















  • You can only have one default gateway. You'll need to set route(s) to other networks specifically to use your 2nd interface.
    – ivanivan
    Feb 16 at 23:20










  • I'd be reluctant to provide an answer and overlook something. Yes it seems you only need a new rule with the new IP. Also, just to be pedantic: even if there are separate configuration files, you shouldn't consider aliases as interfaces. It's just additional IPs on the same interface, plus a name. For example iptables wouldn't know about those aliases.
    – A.B
    Feb 16 at 23:22










  • @A.B, thanks for the reminder on terminology. I've updated the question so not to confuse anyone
    – a coder
    Feb 16 at 23:23











  • I'll wait till I can be at the machine before adding the new rule. Will follow up then.
    – a coder
    Feb 16 at 23:24










  • you can have multiple default routes but one is picked at random for each packet (unless one of the routes has a lower, i.e. higher precedence, metric). see unix.stackexchange.com/questions/345862/…. but you shouldn't need to change any routing rules to add an IP address to an interface - unless the new IP is in a subnet that isn't already routed to your host or LAN segment (and even then, the new route should be on your router, not your host).
    – cas
    Feb 17 at 0:01















up vote
0
down vote

favorite
1












Last year I set up a CentOS 6 machine with two NICs, each using a separate gateway. Multiple aliases exist under NIC#1 (em1, em1:0, em1:1, ect), but currently only one interface exists under NIC#2 (em2).



I need to add an aliases to NIC#2 and am unsure how best to proceed.



Here is a quick summary of how I arrived at a working config as of now:



/etc/sysconfig/network-scripts/



em1
 DEVICE=em1
 NAME=siteABC
 IP=22.22.22.214
 GATEWAY=22.22.22.2
 NETMASK=255.255.255.0
 GATEWAY=22.22.22.2
 DNS1=1.1.1.1
 DNS2=1.1.1.2
 TYPE=Ethernet
 ONBOOT=yes
 BOOTPROTO=none

em1:0
 DEVICE=em1:0
 NAME=siteABC
 IPADDR=22.22.22.215
 GATEWAY=22.22.22.2
 NETMASK=255.255.255.0
 GATEWAY=22.22.22.2
 DNS1=1.1.1.1
 DNS2=1.1.1.2
 TYPE=Ethernet
 ONBOOT=yes
 BOOTPROTO=none

em2 
 DEVICE=em2
 NAME=sitetwo
 HWADDR=$MACADDRESS
 IPADDR=44.44.44.69
 NETMASK=255.255.255.0
 #GATEWAY= ### commented out per below ###
 DNS1=1.1.1.1
 DNS2=1.1.1.2
 TYPE=Ethernet
 ONBOOT=yes
 BOOTPROTO=none


/etc/iproute2/rt_tables was edited to add a new line at the bottom (below #1 inr.ruhep). The new line contains 200 MGMT. 



#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
200 MGMT


/etc/sysconfig/network-scripts/route-em2 was created with the following:



default table MGMT via 44.44.44.2

** Note that 44.44.44.2 is the gateway of the second NIC (the public WAN). **


Lastly, I created a rules file called /etc/sysconfig/network-scripts/rule-em2 with the following:



from 44.44.44.69 table MGMT


Continued:



The default gateway has multiple aliases configured (em1, em1:0, em1:1, ect). The second gateway only has one interface (em2) however I need to add alias em2:0 for another site IP hosted by the machine.



What I've tried today



I configured an alias called em2:0 which mirrors em2 except for DEVICE, NAME, and IPADDR. The network restarted without a problem, but I'm not able to access the newly configured IPADDR under em2:0.



Question



Do I just need to add another entry in the /etc/sysconfig/network-scripts/rule-em2 file (shown above)? Or is there more to do to add an alias under em2? This is a production system and I am hesitant to make a quick change to see what happens.




centos networking network-interface route




share|improve this question






















  • You can only have one default gateway. You'll need to set route(s) to other networks specifically to use your 2nd interface.
    – ivanivan
    Feb 16 at 23:20










  • I'd be reluctant to provide an answer and overlook something. Yes it seems you only need a new rule with the new IP. Also, just to be pedantic: even if there are separate configuration files, you shouldn't consider aliases as interfaces. It's just additional IPs on the same interface, plus a name. For example iptables wouldn't know about those aliases.
    – A.B
    Feb 16 at 23:22










  • @A.B, thanks for the reminder on terminology. I've updated the question so not to confuse anyone
    – a coder
    Feb 16 at 23:23











  • I'll wait till I can be at the machine before adding the new rule. Will follow up then.
    – a coder
    Feb 16 at 23:24










  • you can have multiple default routes but one is picked at random for each packet (unless one of the routes has a lower, i.e. higher precedence, metric). see unix.stackexchange.com/questions/345862/…. but you shouldn't need to change any routing rules to add an IP address to an interface - unless the new IP is in a subnet that isn't already routed to your host or LAN segment (and even then, the new route should be on your router, not your host).
    – cas
    Feb 17 at 0:01













up vote
0
down vote

favorite
1









up vote
0
down vote

favorite
1






1





Last year I set up a CentOS 6 machine with two NICs, each using a separate gateway. Multiple aliases exist under NIC#1 (em1, em1:0, em1:1, ect), but currently only one interface exists under NIC#2 (em2).



I need to add an aliases to NIC#2 and am unsure how best to proceed.



Here is a quick summary of how I arrived at a working config as of now:



/etc/sysconfig/network-scripts/



em1
 DEVICE=em1
 NAME=siteABC
 IP=22.22.22.214
 GATEWAY=22.22.22.2
 NETMASK=255.255.255.0
 GATEWAY=22.22.22.2
 DNS1=1.1.1.1
 DNS2=1.1.1.2
 TYPE=Ethernet
 ONBOOT=yes
 BOOTPROTO=none

em1:0
 DEVICE=em1:0
 NAME=siteABC
 IPADDR=22.22.22.215
 GATEWAY=22.22.22.2
 NETMASK=255.255.255.0
 GATEWAY=22.22.22.2
 DNS1=1.1.1.1
 DNS2=1.1.1.2
 TYPE=Ethernet
 ONBOOT=yes
 BOOTPROTO=none

em2 
 DEVICE=em2
 NAME=sitetwo
 HWADDR=$MACADDRESS
 IPADDR=44.44.44.69
 NETMASK=255.255.255.0
 #GATEWAY= ### commented out per below ###
 DNS1=1.1.1.1
 DNS2=1.1.1.2
 TYPE=Ethernet
 ONBOOT=yes
 BOOTPROTO=none


/etc/iproute2/rt_tables was edited to add a new line at the bottom (below #1 inr.ruhep). The new line contains 200 MGMT. 



#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
200 MGMT


/etc/sysconfig/network-scripts/route-em2 was created with the following:



default table MGMT via 44.44.44.2

** Note that 44.44.44.2 is the gateway of the second NIC (the public WAN). **


Lastly, I created a rules file called /etc/sysconfig/network-scripts/rule-em2 with the following:



from 44.44.44.69 table MGMT


Continued:



The default gateway has multiple aliases configured (em1, em1:0, em1:1, ect). The second gateway only has one interface (em2) however I need to add alias em2:0 for another site IP hosted by the machine.



What I've tried today



I configured an alias called em2:0 which mirrors em2 except for DEVICE, NAME, and IPADDR. The network restarted without a problem, but I'm not able to access the newly configured IPADDR under em2:0.



Question



Do I just need to add another entry in the /etc/sysconfig/network-scripts/rule-em2 file (shown above)? Or is there more to do to add an alias under em2? This is a production system and I am hesitant to make a quick change to see what happens.




centos networking network-interface route




share|improve this question














Last year I set up a CentOS 6 machine with two NICs, each using a separate gateway. Multiple aliases exist under NIC#1 (em1, em1:0, em1:1, ect), but currently only one interface exists under NIC#2 (em2).



I need to add an aliases to NIC#2 and am unsure how best to proceed.



Here is a quick summary of how I arrived at a working config as of now:



/etc/sysconfig/network-scripts/



em1
 DEVICE=em1
 NAME=siteABC
 IP=22.22.22.214
 GATEWAY=22.22.22.2
 NETMASK=255.255.255.0
 GATEWAY=22.22.22.2
 DNS1=1.1.1.1
 DNS2=1.1.1.2
 TYPE=Ethernet
 ONBOOT=yes
 BOOTPROTO=none

em1:0
 DEVICE=em1:0
 NAME=siteABC
 IPADDR=22.22.22.215
 GATEWAY=22.22.22.2
 NETMASK=255.255.255.0
 GATEWAY=22.22.22.2
 DNS1=1.1.1.1
 DNS2=1.1.1.2
 TYPE=Ethernet
 ONBOOT=yes
 BOOTPROTO=none

em2 
 DEVICE=em2
 NAME=sitetwo
 HWADDR=$MACADDRESS
 IPADDR=44.44.44.69
 NETMASK=255.255.255.0
 #GATEWAY= ### commented out per below ###
 DNS1=1.1.1.1
 DNS2=1.1.1.2
 TYPE=Ethernet
 ONBOOT=yes
 BOOTPROTO=none


/etc/iproute2/rt_tables was edited to add a new line at the bottom (below #1 inr.ruhep). The new line contains 200 MGMT. 



#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
200 MGMT


/etc/sysconfig/network-scripts/route-em2 was created with the following:



default table MGMT via 44.44.44.2

** Note that 44.44.44.2 is the gateway of the second NIC (the public WAN). **


Lastly, I created a rules file called /etc/sysconfig/network-scripts/rule-em2 with the following:



from 44.44.44.69 table MGMT


Continued:



The default gateway has multiple aliases configured (em1, em1:0, em1:1, ect). The second gateway only has one interface (em2) however I need to add alias em2:0 for another site IP hosted by the machine.



What I've tried today



I configured an alias called em2:0 which mirrors em2 except for DEVICE, NAME, and IPADDR. The network restarted without a problem, but I'm not able to access the newly configured IPADDR under em2:0.



Question



Do I just need to add another entry in the /etc/sysconfig/network-scripts/rule-em2 file (shown above)? Or is there more to do to add an alias under em2? This is a production system and I am hesitant to make a quick change to see what happens.





centos networking network-interface route





share|improve this question













share|improve this question




share|improve this question








edited Feb 17 at 4:09

























asked Feb 16 at 23:15









a coder

92962346




92962346











  • You can only have one default gateway. You'll need to set route(s) to other networks specifically to use your 2nd interface.
    – ivanivan
    Feb 16 at 23:20










  • I'd be reluctant to provide an answer and overlook something. Yes it seems you only need a new rule with the new IP. Also, just to be pedantic: even if there are separate configuration files, you shouldn't consider aliases as interfaces. It's just additional IPs on the same interface, plus a name. For example iptables wouldn't know about those aliases.
    – A.B
    Feb 16 at 23:22










  • @A.B, thanks for the reminder on terminology. I've updated the question so not to confuse anyone
    – a coder
    Feb 16 at 23:23











  • I'll wait till I can be at the machine before adding the new rule. Will follow up then.
    – a coder
    Feb 16 at 23:24










  • you can have multiple default routes but one is picked at random for each packet (unless one of the routes has a lower, i.e. higher precedence, metric). see unix.stackexchange.com/questions/345862/…. but you shouldn't need to change any routing rules to add an IP address to an interface - unless the new IP is in a subnet that isn't already routed to your host or LAN segment (and even then, the new route should be on your router, not your host).
    – cas
    Feb 17 at 0:01

















  • You can only have one default gateway. You'll need to set route(s) to other networks specifically to use your 2nd interface.
    – ivanivan
    Feb 16 at 23:20










  • I'd be reluctant to provide an answer and overlook something. Yes it seems you only need a new rule with the new IP. Also, just to be pedantic: even if there are separate configuration files, you shouldn't consider aliases as interfaces. It's just additional IPs on the same interface, plus a name. For example iptables wouldn't know about those aliases.
    – A.B
    Feb 16 at 23:22










  • @A.B, thanks for the reminder on terminology. I've updated the question so not to confuse anyone
    – a coder
    Feb 16 at 23:23











  • I'll wait till I can be at the machine before adding the new rule. Will follow up then.
    – a coder
    Feb 16 at 23:24










  • you can have multiple default routes but one is picked at random for each packet (unless one of the routes has a lower, i.e. higher precedence, metric). see unix.stackexchange.com/questions/345862/…. but you shouldn't need to change any routing rules to add an IP address to an interface - unless the new IP is in a subnet that isn't already routed to your host or LAN segment (and even then, the new route should be on your router, not your host).
    – cas
    Feb 17 at 0:01
















You can only have one default gateway. You'll need to set route(s) to other networks specifically to use your 2nd interface.
– ivanivan
Feb 16 at 23:20




You can only have one default gateway. You'll need to set route(s) to other networks specifically to use your 2nd interface.
– ivanivan
Feb 16 at 23:20












I'd be reluctant to provide an answer and overlook something. Yes it seems you only need a new rule with the new IP. Also, just to be pedantic: even if there are separate configuration files, you shouldn't consider aliases as interfaces. It's just additional IPs on the same interface, plus a name. For example iptables wouldn't know about those aliases.
– A.B
Feb 16 at 23:22




I'd be reluctant to provide an answer and overlook something. Yes it seems you only need a new rule with the new IP. Also, just to be pedantic: even if there are separate configuration files, you shouldn't consider aliases as interfaces. It's just additional IPs on the same interface, plus a name. For example iptables wouldn't know about those aliases.
– A.B
Feb 16 at 23:22












@A.B, thanks for the reminder on terminology. I've updated the question so not to confuse anyone
– a coder
Feb 16 at 23:23





@A.B, thanks for the reminder on terminology. I've updated the question so not to confuse anyone
– a coder
Feb 16 at 23:23













I'll wait till I can be at the machine before adding the new rule. Will follow up then.
– a coder
Feb 16 at 23:24




I'll wait till I can be at the machine before adding the new rule. Will follow up then.
– a coder
Feb 16 at 23:24












you can have multiple default routes but one is picked at random for each packet (unless one of the routes has a lower, i.e. higher precedence, metric). see unix.stackexchange.com/questions/345862/…. but you shouldn't need to change any routing rules to add an IP address to an interface - unless the new IP is in a subnet that isn't already routed to your host or LAN segment (and even then, the new route should be on your router, not your host).
– cas
Feb 17 at 0:01





you can have multiple default routes but one is picked at random for each packet (unless one of the routes has a lower, i.e. higher precedence, metric). see unix.stackexchange.com/questions/345862/…. but you shouldn't need to change any routing rules to add an IP address to an interface - unless the new IP is in a subnet that isn't already routed to your host or LAN segment (and even then, the new route should be on your router, not your host).
– cas
Feb 17 at 0:01











1 Answer
1






active

oldest

votes

















up vote
2
down vote



accepted










Yes it appears you have to add a rule for the new IP 44.44.44.X on em2. That would be ip rule add from 44.44.44.X table MGMT.



Without rule to the MGMT table (200), the default route chosen would be default via 22.22.22.2 dev em1, even for this IP on em2. With this setting a customer from Internet trying to reach this new management IP would have her connection arriving at em2 from an IP with no default route (so no route) defined via em2: the default setting for CentOS' reverse path filtering would drop the packet.



Likewise, an outgoing packet with this new IP 44.44.44.X would attempt to go to the customer via the only available default route: 22.22.22.2 on em1. It's possible (but not very relevant, the other way is already not working) that an other equipment in the path would not allow this either (eg: if 22.22.22.2 and 44.44.44.2 are going via two different Internet providers, or simply if 22.22.22.2 has no Internet connectivity).



Adding ip rule add from 44.44.44.X table MGMT will select this routing table when the source ip is 44.44.44.X, now selecting default via 44.44.44.2 dev em2 from table MGMT. A packet from Internet arriving at 44.44.44.X via em2 has now its route through em2, so won't be dropped by rp_filter. An outgoing packet from 44.44.44.X will now correctly use em2 to go to Internet via 44.44.44.2.



You can easily see the difference by typing for example:



ip route get 8.8.8.8 from 44.44.44.X


Without the rule, you'll see the route 8.8.8.8 from 44.44.44.X via 22.22.22.2 dev em1, with it it will switch to 8.8.8.8 from 44.44.44.X via 44.44.44.2 dev em2 table 200






share|improve this answer






















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f424693%2ftwo-nics-two-gateways-multiple-aliases-under-each%23new-answer', 'question_page');

    );

    Post as a guest

















    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote



    accepted










    Yes it appears you have to add a rule for the new IP 44.44.44.X on em2. That would be ip rule add from 44.44.44.X table MGMT.



    Without rule to the MGMT table (200), the default route chosen would be default via 22.22.22.2 dev em1, even for this IP on em2. With this setting a customer from Internet trying to reach this new management IP would have her connection arriving at em2 from an IP with no default route (so no route) defined via em2: the default setting for CentOS' reverse path filtering would drop the packet.



    Likewise, an outgoing packet with this new IP 44.44.44.X would attempt to go to the customer via the only available default route: 22.22.22.2 on em1. It's possible (but not very relevant, the other way is already not working) that an other equipment in the path would not allow this either (eg: if 22.22.22.2 and 44.44.44.2 are going via two different Internet providers, or simply if 22.22.22.2 has no Internet connectivity).



    Adding ip rule add from 44.44.44.X table MGMT will select this routing table when the source ip is 44.44.44.X, now selecting default via 44.44.44.2 dev em2 from table MGMT. A packet from Internet arriving at 44.44.44.X via em2 has now its route through em2, so won't be dropped by rp_filter. An outgoing packet from 44.44.44.X will now correctly use em2 to go to Internet via 44.44.44.2.



    You can easily see the difference by typing for example:



    ip route get 8.8.8.8 from 44.44.44.X


    Without the rule, you'll see the route 8.8.8.8 from 44.44.44.X via 22.22.22.2 dev em1, with it it will switch to 8.8.8.8 from 44.44.44.X via 44.44.44.2 dev em2 table 200






    share|improve this answer


























      up vote
      2
      down vote



      accepted










      Yes it appears you have to add a rule for the new IP 44.44.44.X on em2. That would be ip rule add from 44.44.44.X table MGMT.



      Without rule to the MGMT table (200), the default route chosen would be default via 22.22.22.2 dev em1, even for this IP on em2. With this setting a customer from Internet trying to reach this new management IP would have her connection arriving at em2 from an IP with no default route (so no route) defined via em2: the default setting for CentOS' reverse path filtering would drop the packet.



      Likewise, an outgoing packet with this new IP 44.44.44.X would attempt to go to the customer via the only available default route: 22.22.22.2 on em1. It's possible (but not very relevant, the other way is already not working) that an other equipment in the path would not allow this either (eg: if 22.22.22.2 and 44.44.44.2 are going via two different Internet providers, or simply if 22.22.22.2 has no Internet connectivity).



      Adding ip rule add from 44.44.44.X table MGMT will select this routing table when the source ip is 44.44.44.X, now selecting default via 44.44.44.2 dev em2 from table MGMT. A packet from Internet arriving at 44.44.44.X via em2 has now its route through em2, so won't be dropped by rp_filter. An outgoing packet from 44.44.44.X will now correctly use em2 to go to Internet via 44.44.44.2.



      You can easily see the difference by typing for example:



      ip route get 8.8.8.8 from 44.44.44.X


      Without the rule, you'll see the route 8.8.8.8 from 44.44.44.X via 22.22.22.2 dev em1, with it it will switch to 8.8.8.8 from 44.44.44.X via 44.44.44.2 dev em2 table 200






      share|improve this answer
























        up vote
        2
        down vote



        accepted







        up vote
        2
        down vote



        accepted






        Yes it appears you have to add a rule for the new IP 44.44.44.X on em2. That would be ip rule add from 44.44.44.X table MGMT.



        Without rule to the MGMT table (200), the default route chosen would be default via 22.22.22.2 dev em1, even for this IP on em2. With this setting a customer from Internet trying to reach this new management IP would have her connection arriving at em2 from an IP with no default route (so no route) defined via em2: the default setting for CentOS' reverse path filtering would drop the packet.



        Likewise, an outgoing packet with this new IP 44.44.44.X would attempt to go to the customer via the only available default route: 22.22.22.2 on em1. It's possible (but not very relevant, the other way is already not working) that an other equipment in the path would not allow this either (eg: if 22.22.22.2 and 44.44.44.2 are going via two different Internet providers, or simply if 22.22.22.2 has no Internet connectivity).



        Adding ip rule add from 44.44.44.X table MGMT will select this routing table when the source ip is 44.44.44.X, now selecting default via 44.44.44.2 dev em2 from table MGMT. A packet from Internet arriving at 44.44.44.X via em2 has now its route through em2, so won't be dropped by rp_filter. An outgoing packet from 44.44.44.X will now correctly use em2 to go to Internet via 44.44.44.2.



        You can easily see the difference by typing for example:



        ip route get 8.8.8.8 from 44.44.44.X


        Without the rule, you'll see the route 8.8.8.8 from 44.44.44.X via 22.22.22.2 dev em1, with it it will switch to 8.8.8.8 from 44.44.44.X via 44.44.44.2 dev em2 table 200






        share|improve this answer














        Yes it appears you have to add a rule for the new IP 44.44.44.X on em2. That would be ip rule add from 44.44.44.X table MGMT.



        Without rule to the MGMT table (200), the default route chosen would be default via 22.22.22.2 dev em1, even for this IP on em2. With this setting a customer from Internet trying to reach this new management IP would have her connection arriving at em2 from an IP with no default route (so no route) defined via em2: the default setting for CentOS' reverse path filtering would drop the packet.



        Likewise, an outgoing packet with this new IP 44.44.44.X would attempt to go to the customer via the only available default route: 22.22.22.2 on em1. It's possible (but not very relevant, the other way is already not working) that an other equipment in the path would not allow this either (eg: if 22.22.22.2 and 44.44.44.2 are going via two different Internet providers, or simply if 22.22.22.2 has no Internet connectivity).



        Adding ip rule add from 44.44.44.X table MGMT will select this routing table when the source ip is 44.44.44.X, now selecting default via 44.44.44.2 dev em2 from table MGMT. A packet from Internet arriving at 44.44.44.X via em2 has now its route through em2, so won't be dropped by rp_filter. An outgoing packet from 44.44.44.X will now correctly use em2 to go to Internet via 44.44.44.2.



        You can easily see the difference by typing for example:



        ip route get 8.8.8.8 from 44.44.44.X


        Without the rule, you'll see the route 8.8.8.8 from 44.44.44.X via 22.22.22.2 dev em1, with it it will switch to 8.8.8.8 from 44.44.44.X via 44.44.44.2 dev em2 table 200







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Feb 17 at 2:13

























        answered Feb 17 at 1:40









        A.B

        3,0901617




        3,0901617






















             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f424693%2ftwo-nics-two-gateways-multiple-aliases-under-each%23new-answer', 'question_page');

            );

            Post as a guest
































































            -

            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
            Read more

            Bahrain

            Image
            For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
            Read more

            Postfix configuration issue with fips on centos 7; mailgun relay

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
            Read more