2 Ip address in the same nterface, the second one only respond ping

[Jabetza]

Hi,

I am new in linux, I have a server with centos 5 and plesk 9 and I have buy an additional IP address for my server, when i create it in plesk, there is no problem, all its ok I can assign it to a new domain, but the ip only responds ping, none of other services as http, ssh or smtp.

I paste here the configuration of files

ifcfg-eth0

device=eth0
bootproto=dhcp
type=ethernet
onboot=yes

ifcfg-eth0:1

device="eth0:1"
ipaddr="***.***.***.51"
netmask="255.255.255.255"

Asterisk for security
I have stopped IPTABLES service and nothing happens.
What is i have making wrong?

I tried put eth0 as static, but all fails and I have to reinstall the image of the server.

Thanks for advance

[zombykillah]

You may wanna add something:
ifcfg-eth0

device=eth0:0
bootproto=dhcp
type=ethernet
onboot=yes

ifcfg-eth0:1

device="eth0:1"
ipaddr="***.***.***.51"
netmask="255.255.255.255"

[gumaheru]

Not necessary to change the nic name to "eth0:0". Can you give us the full information on the nics? Just change the first two numbers and keep the last two. That way we can figure out if you are on the same subnet or not. Also can you post your routing information? Just run an "ifconfig -a" and either a "netstat -nr" or a "ip route show".

[Jabetza]

Not necessary to change the nic name to "eth0:0". Can you give us the full information on the nics? Just change the first two numbers and keep the last two. That way we can figure out if you are on the same subnet or not. Also can you post your routing information? Just run an "ifconfig -a" and either a "netstat -nr" or a "ip route show".

DEVICE=eth0
BOOTPROTO=dhcp
TYPE=Ethernet
ONBOOT=yes

For Eth0 the IP Address is ***.***.53.78

Eth0:1

DEVICE="eth0:1"
IPADDR="***..***.134.51"
NETMASK="255.255.255.255"

Asterisks are the same numbers in eth0 and eth0:1


ifconfig -a result

eth0 Link encap:Ethernet HWaddr 00:16:3E:30:81:5D
inet addr:***.***.53.78 Bcast:***.***.53.78 Mask:255.255.255.255
inet6 addr: fe80::216:3eff:fe30:815d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:750884 errors:0 dropped:115 overruns:0 frame:0
TX packets:818854 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:431072769 (411.1 MiB) TX bytes:604781975 (576.7 MiB)
Interrupt:185 Base address:0x2000

eth0:1 Link encap:Ethernet HWaddr 00:16:3E:30:81:5D
inet addr:***.***.134.51 Bcast:***.***.134.51 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:185 Base address:0x2000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:17068 errors:0 dropped:0 overruns:0 frame:0
TX packets:17068 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4379522 (4.1 MiB) TX bytes:4379522 (4.1 MiB)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


netstat -nr

Destination Gateway Genmask Flags MSS Window irtt Iface
10.255.255.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
0.0.0.0 10.255.255.1 0.0.0.0 UG 0 0 0 eth0

ip route show
10.255.255.1 dev eth0 scope link
default via 10.255.255.1 dev eth0

[gumaheru]

Can you ping and ssh to the new address locally? Can you do the same from another host on the same subnet? Are you trying to access this host externally as in from outside of your network or a system that is connected directly to the internet? From another system can you ping the router? If you can ping the router then I would suggest running a tcpdump on the interface. Check to see if there is any traffic actually hitting it. I would run a tcpdump from both ends.

Just a tip you should actually use a firewall and NAT out all of the hosts behind it. You shouldn't buy a new IP for every single host that will be facing the internet. If you don't want to spend the money on a Cisco PIX or something along that lines you can just use another Linux host as the firewall.

[Jabetza]

Can you ping and ssh to the new address locally? Can you do the same from another host on the same subnet? Are you trying to access this host externally as in from outside of your network or a system that is connected directly to the internet? From another system can you ping the router? If you can ping the router then I would suggest running a tcpdump on the interface. Check to see if there is any traffic actually hitting it. I would run a tcpdump from both ends.

Just a tip you should actually use a firewall and NAT out all of the hosts behind it. You shouldn't buy a new IP for every single host that will be facing the internet. If you don't want to spend the money on a Cisco PIX or something along that lines you can just use another Linux host as the firewall.

I am accessing this host form a system that is connected directly to the internet, my office, and this is a sdedicated server of 1&1,

I dont use firewall, I have bougth one server form 1 &1 and 2 ips, the second only respond to ping after configure it in plesk.

[gumaheru]

Correct me if I am wrong but you said the second IP responds to a ping? Okay then that is a good sign. That means it is at least accessible. Can you run ssh in debug mode and run a tcpdump on both ends? Just to check from each end if there is any communication over these ports. Do you see any traffic at all? Do you have iptables filtering out any traffic? If not there the problem would lay a step before your system. Maybe those ports aren't being allowed somewhere else.

[Jabetza]

Yes i can ping

If I make ping to ***.***.53.78 ok
If I make http connection to ***.***.53.78 ok
If I make smtp connection to ***.***.53.78 ok

If I make ping to ***.***.134.51 ok
If I make http connection to ***.***.134.51 not respond
If I make smtp connection to ***.***.134.51 not respond

if i try to connect over ssh, the second ip does not respond.
Putty says "Network error, time out",

I have stopped iptables "service iptables stop", and all is the same i cant connect only by ping.

How to make a tcpdump in both ends, what is the syntax?

[gumaheru]

on the server side you would run "tcpdump -i eth0:1 src IPofOfficeSystem". On the office system run "tcpdump -i MainInterface dst IPofServer". Then run ssh in another terminal to the server and see what both of them say. Also make sure that you runn ssh with "-vv" or multiple to see more debugging.

[gumaheru]

Actually on the server side don't put a src ip at first. Let's just see if there is any traffic coming in. So it would be "tcpdump -i eth0:1"