Find the answer to your Linux question:
Results 1 to 2 of 2
I recently upgraded an Ubuntu 8.04 server to 10.04 server. My previous configuration had two network interfaces both routed to the same LAN with the same gateway. This functioned for ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2010
    Posts
    2

    Ubuntu 10.04- 2 interfaces same gateway setting


    I recently upgraded an Ubuntu 8.04 server to 10.04 server. My previous configuration had two network interfaces both routed to the same LAN with the same gateway. This functioned for me so as to support different services on each interface, such as http and smb on one, torrents on another. This routed fine in 8.04 (routing table below). Once I upgraded to 10.04, any packets that traveled beyond the LAN did not return. I checked and there is no local firewall running. Thinking that this was strange I set up a virtual machine and tested it in a different environment at work (and also with a virtual firewall configuration) with the same results. I also tested several other current operating systems, including Debian 5.04 and Open Solaris 9, all of which routed two interfaces with the same gateway fine. I rolled back from 10.04 to 9.10 and the problem persists, so the change exits also between 8.04 and 9.10. Can anyone help me at least identify what is unique to Unbuntu 9.10 and above that is preventing having two interfaces with the same gateway, something that other operating systems do not seem to have trouble with?

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    10.1.1.0 * 255.255.255.0 U 0 0 0 eth0
    10.1.1.0 * 255.255.255.0 U 0 0 0 eth1
    default blackbox.xxxx 0.0.0.0 UG 100 0 0 eth1
    default blackbox.xxxx 0.0.0.0 UG 100 0 0 eth0

  2. #2
    Just Joined!
    Join Date
    Aug 2010
    Posts
    2
    AH HA!!! Found it!

    It looks like there is a sysctl setting that was set in 8.04 LTS but was broken and is now fixed in at least 9.10 forward:

    rp_filter is for Source Address Verification, setting to 1 enables it.
    net.ipv4.conf.default.rp_filter=1
    net.ipv4.conf.all.rp_filter=1

    On 8.04 this results in

    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 0 <== should have inherited the 1
    net.ipv4.conf.eth1.rp_filter = 0 <== should have inherited the 1

    On 10.04 this results in

    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.eth1.rp_filter = 1

    This setting is probably not a big deal on a LAN. Now that I see that this is a 'fixed bug' between 8.04 and 10.04 I may go a different direction to separate my network traffic.... or not.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •