• Part I
  • sun managers I
• Part D
  • sun managers D
• Part L
  • sun managers L
• Part H
  • sun managers H
• Part B
  • sun managers B
• Part E
  • sun managers E
• Part J
  • sun managers J
• Part F
  • sun managers F
• Part C
  • sun managers C
• Part K
  • sun managers K

Network problem with external host and default routers with anti-spoofing

An interesting problem which I want to check out before asking Sun:

External hosts can not contact a sun server on 1 on the interfaces depending
on which default router is configured.

Server (zeus):
==============
Solaris 9 has 2 networks interfaces
193.61.29.14
and 193.61.28.143

and default gateway 193.61.28.245.

Client (pc-em5):
====== =========
193.61.44.37% ping 193.61.28.143
zeus alive

193.61.44.37% ping 193.61.29.14
no answer from zeus

The problem is that the packet arrives on 193.61.29.14 interface on zeus

> IP: Source address = 193.61.44.37, pc-em5
> IP: Destination address = 193.61.29.14, zeus
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 193.61.29.14 netmask ffffff00 broadcast 193.61.29.255

and it sends it out via the default gateway which is on 193.61.28 interface.

> IP: Source address = 193.61.29.14, zeus
> IP: Destination address = 193.61.44.37, pc-em5.dcs.bbk.ac.uk
bge1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 193.61.28.143 netmask ffffff00 broadcast 193.61.28.255

This would normally work, but the problem is that the router has
anti-spoofing enabled which means that it blocks the outgoing packet since
it is not arrive via this router!

If I swap the default gateway to be the 193.61.29.245 it then works the
other way round

Client:
=======
193.61.44.37% ping 193.61.29.14
zeus alive

193.61.44.37% ping 193.61.28.143
no answer from zeus

1) We don't have this problem on MS Windows 2 interface machines, since it
looks like windows sends the packets to specific interfaces/routers.

2) I have tried setting up 2 default gateways but that does not help since
solaris uses them as round robin setup.

3) I have played with setting up some other routes, but have not cracked it.

4) The only work round at the moment is I have removed the 2nd IP addresses
from our DNS so all traffic comes via one route.


Any thoughts (We don't have any control over the routers!)

Andrew
*****************************************************************************
Unix Administrator tel: 020-7631 6720
Computer Science Department fax: 020-7631 6727
Birkbeck College (University of London)
Malet Street
London e-mail: andrew at dcs.bbk.ac.uk
WC1E 7HX http://www.dcs.bbk.ac.uk/~andrew
*****************************************************************************

Comments

"sun managers H [Part H]" Sponsored Links

• "sun managers H [Part H]" New Questiones!

  • network issue
  • Network failover or load balancing
  • network configuration / routing
  • Network boot failing
  • Network Alternate Path on E3500
  • netstat -in showing Collisions and Errors in output packets.
  • netstat command is nor working
  • Netra-T1 105 console: output, no input
  • netra t1125, x86 jumpstart problems
  • Netra T1 fails to "boot net"
  • Netra T1 105 won't power off
  • Netra Console Connection.
  • Netra 440 & 240 snmp questions
  • Netra 20 OBP version that supports WANboot
  • netout: Broken pipe/ rcp lost connection/ Netbackup Restore fails.
  • Netmask Problem / Solaris 9
  • netmask issue on solaris 9
  • netboot v240 from bge1?
  • Netbackup Problem - Backup Fails on Solaris 9
  • Netbackup Problem - Backup Fails

Copyright © 2008 thatsjava.com • All rights reserved • CMS Theme by WebmasterFund.com - 0.188