two ip two gateway

Unanswered Question
Aug 15th, 2009

one unix server have two adapter,so user config two ip and two default gateway,like 10.10.1.1/gw 10.10.1.254 and 10.10.2.1/gw 10.10.2.254.now,sometime some user access the unix,not ok.why.

if we delete 10.10.2.254 defaultgateway,other user can still ping 10.10.2.1.why.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sun, 08/16/2009 - 03:35

Hello Qing,

>> if we delete 10.10.2.254 defaultgateway,other user can still ping 10.10.2.1.why.

if you delete default gateway 10.10.2.254 the gateway is still there and can reach it.

Proxy ARP can play a role on why the return traffic is successful verify on router interface if it is enabled with

sh ip interface type x/y

look for the Proxy ARP line and check if it says enabled.

About first question:

verify security configurations on the server itself.

Hope to help

Giuseppe

QFX527518 Sun, 08/16/2009 - 04:06

thanks.

now,the unix define two ip and two default gateway.and the unix's root delete one gateway,like 10.10.2.254.

but the client can still ping 10.10.2.1.

the connection is unix server->switch(L2)->switch(L3).normal,if computer delete the default gateway,only the same subnet can ping it.other subnet can't ping it.

Giuseppe Larosa Sun, 08/16/2009 - 04:22

Hello Qing,

>> normal,if computer delete the default gateway,only the same subnet can ping it.other subnet can't ping it.

this depends on proxy-ARP settings on router device:

it means a device without a gateway tries to ARP for any ip address also out of local subnet and the router if proxy-ARP is enabled answers with its own MAC address if it knows how to reach the destination address.

in your case the unix box could do something similar allowing to reach ip 10.10.2.1 from the other subnet.

you should find out what path the packets do in both directions to understand why this happens.

Hope to help

Giuseppe

QFX527518 Sun, 08/16/2009 - 16:56

thanks.

the unix box self ip is 10.10.1.1 and 10.10.2.1.the box connect l2-switch,one port is vlan 101,other port is vlan 102.L3-switch have define vlan 101 and 102.ip address is 10.10.1.254.and 10.10.2.254.check ip int vlan 101 and 102,Proxy ARP is disabled and Local Proxy ARP is disabled.

so if we delete unix's gateway 10.10.2.254.other user can still ping 10.10.2.1,the unix use the 10.10.1.254 default gateway to response the ping 10.10.2.1.it all right????

QFX527518 Wed, 08/19/2009 - 01:18

today,capture the icmp packet and telnet icmp.the result like this:

1:on the unix box,delete 10.10.2.254 default gateway,user can still ping 10.10.2.1,the 10.10.2.1 rechive the icmp echo,and reply is through the 10.10.1.1,so the request and relpy not the same path.the telnet action like ping.

if capture the flow of the 10.10.1.1 port,through sniffer,found the response packet mac add is 10.10.1.1 port adapter;but the ip add is 10.10.2.1.

so think the unix use ip forwarding to complete it.

Giuseppe Larosa Wed, 08/19/2009 - 04:08

Hello Qing,

so it is the unix box that answers back on interface with ip address 10.10.1.1 where it has its only default gateway.

source mac address has to be that of the outgoing NIC so what you see is correct.

Hope to help

Giuseppe

goldtechcco Wed, 08/19/2009 - 17:39

thanks.

yes,it is correct.

but now how to resolve the problem,user not want 10.10.2.1 use the NIC(10.10.1.1) mac to communicate.on the switch,which way can prevent this happen?

thks.

Actions

This Discussion