two ip two gateway

Unanswered Question
Aug 15th, 2009
User Badges:

one unix server have two adapter,so user config two ip and two default gateway,like 10.10.1.1/gw 10.10.1.254 and 10.10.2.1/gw 10.10.2.254.now,sometime some user access the unix,not ok.why.

if we delete 10.10.2.254 defaultgateway,other user can still ping 10.10.2.1.why.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sun, 08/16/2009 - 03:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Qing,


>> if we delete 10.10.2.254 defaultgateway,other user can still ping 10.10.2.1.why.


if you delete default gateway 10.10.2.254 the gateway is still there and can reach it.


Proxy ARP can play a role on why the return traffic is successful verify on router interface if it is enabled with


sh ip interface type x/y


look for the Proxy ARP line and check if it says enabled.


About first question:

verify security configurations on the server itself.


Hope to help

Giuseppe




QFX527518 Sun, 08/16/2009 - 04:06
User Badges:

thanks.

now,the unix define two ip and two default gateway.and the unix's root delete one gateway,like 10.10.2.254.

but the client can still ping 10.10.2.1.

the connection is unix server->switch(L2)->switch(L3).normal,if computer delete the default gateway,only the same subnet can ping it.other subnet can't ping it.

Giuseppe Larosa Sun, 08/16/2009 - 04:22
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Qing,

>> normal,if computer delete the default gateway,only the same subnet can ping it.other subnet can't ping it.


this depends on proxy-ARP settings on router device:

it means a device without a gateway tries to ARP for any ip address also out of local subnet and the router if proxy-ARP is enabled answers with its own MAC address if it knows how to reach the destination address.


in your case the unix box could do something similar allowing to reach ip 10.10.2.1 from the other subnet.


you should find out what path the packets do in both directions to understand why this happens.


Hope to help

Giuseppe


QFX527518 Sun, 08/16/2009 - 16:56
User Badges:

thanks.

the unix box self ip is 10.10.1.1 and 10.10.2.1.the box connect l2-switch,one port is vlan 101,other port is vlan 102.L3-switch have define vlan 101 and 102.ip address is 10.10.1.254.and 10.10.2.254.check ip int vlan 101 and 102,Proxy ARP is disabled and Local Proxy ARP is disabled.

so if we delete unix's gateway 10.10.2.254.other user can still ping 10.10.2.1,the unix use the 10.10.1.254 default gateway to response the ping 10.10.2.1.it all right????

Lucien Avramov Sun, 08/16/2009 - 18:08
User Badges:
  • Red, 2250 points or more

you can do a tcpdump on your unix to see how it's responding to the pings.


QFX527518 Wed, 08/19/2009 - 01:18
User Badges:

today,capture the icmp packet and telnet icmp.the result like this:

1:on the unix box,delete 10.10.2.254 default gateway,user can still ping 10.10.2.1,the 10.10.2.1 rechive the icmp echo,and reply is through the 10.10.1.1,so the request and relpy not the same path.the telnet action like ping.

if capture the flow of the 10.10.1.1 port,through sniffer,found the response packet mac add is 10.10.1.1 port adapter;but the ip add is 10.10.2.1.

so think the unix use ip forwarding to complete it.

Giuseppe Larosa Wed, 08/19/2009 - 04:08
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Qing,

so it is the unix box that answers back on interface with ip address 10.10.1.1 where it has its only default gateway.


source mac address has to be that of the outgoing NIC so what you see is correct.



Hope to help

Giuseppe


goldtechcco Wed, 08/19/2009 - 17:39
User Badges:

thanks.

yes,it is correct.

but now how to resolve the problem,user not want 10.10.2.1 use the NIC(10.10.1.1) mac to communicate.on the switch,which way can prevent this happen?

thks.

Actions

This Discussion