Packet "Mixing" Between Multiple NICs on Host

Jonathan B. Horen horen at mail.iucc.ac.il
Tue Mar 30 10:34:35 UTC 2004 

Shalom!

In, perhaps, a misguided desire for elegance, I moved our DNS server from an 
aged and infirm host onto our existing file/mail server (Dell PowerEdge/2450 
w/dual PIII/866 CPUs and 2GB RAM, running Fedora Core 1 w/all updates).  Since 
the DNS server sat on a different subnet, I added a second NIC to the 
file/mail server and created the appropriate files in 
/etc/sysconfig/network-scripts (ifcfg-eth1 and route-eth{0,1}).

"route -n" shows:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
128.139.197.0   0.0.0.0         255.255.255.0   U     0      0        0 eth1
128.139.206.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         128.139.197.16  0.0.0.0         UG    0      0        0 eth1
0.0.0.0         128.139.206.1   0.0.0.0         UG    1      0        0 eth0

The problem is that although packets received from the two subnets arrive 
through the corresponding device, *packets sent to a host on a subnet other 
than 128.139.197.0 exit through eth1.*

Running "ping 128.139.206.12" from a host on the 128.139.206.0 subnet shows 
that packets exit via eth1, rather than via eth0:

root at efes network-scripts# tcpdump -i eth1 host horen.tau.ac.il
tcpdump: listening on eth1
11:54:38.192269 efes.iucc.ac.il > horen.tau.ac.il: icmp: echo reply
11:54:39.202538 efes.iucc.ac.il > horen.tau.ac.il: icmp: echo reply
11:54:40.212855 efes.iucc.ac.il > horen.tau.ac.il: icmp: echo reply

I understand that this is because the metric for eth1 is "0", while the metric 
for eth1 is "1".  If I understand correctly, changing the metric for eth0 to 
"0" would mean that every packet would be sent to *both* interfaces, giving me 
a 50% packet loss.

Is there a way to configure routing on this server so that a packet's 
source-address is "honored" by the system when responding?

worst-case, I'll cobble together a separate DNS server from an unused PIII/500...

TIA!


-- 
JONATHAN B. HOREN                            UNIX SYSTEMS ADMINISTRATOR
E: horen at mail.iucc.ac.il            Inter-University Computation Center
T: +972-(0)3-640-5203                               Tel-Aviv University
F: +972-(0)3-640-9118                           Ramat-Aviv 69978 Israel

More information about the fedora-list mailing list