Ping a Specific Port

Question

David

Asked: 2013-03-09 10:15:54 +0800 CST2013-03-09 10:15:54 +0800 CST 2013-03-09 10:15:54 +0800 CST

Interface ip address discrepancy

772

This is very strange.

Output of ip route show:

default via 192.168.1.1 dev eth0 metric 100
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10
192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.11
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.58
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1

From the firewall logs: (slightly shortened)

Mar 8 09:17:12 vmhost kernel: [ 562.808036] ''IN-dmz-lan-face':'IN=eth1 OUT= MAC=... SRC=192.168.1.108 DST=192.168.1.58 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=28218 DF PROTO=TCP SPT=47365 DPT=22 WINDOW=14600 RES=0x00 SYN URGP=0

Notice the wacky discrepancy?

The firewall log lists eth1 at the address 192.168.1.58, but the routing table puts it at 192.168.1.10.

Somehow, eth1 and eth0 are getting swapped, or their ip addresses are.

There are no extra routing tables in play.

How can this happen? How can I fix it?

Edit (more info)

Output of ip addr | grep "inet ":

inet 127.0.0.1/8 scope host lo
inet 192.168.1.58/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.10/24 brd 192.168.1.255 scope global eth1
inet 192.168.1.11/24 brd 192.168.1.255 scope global eth2
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

1 Answers

Voted

BatchyX · Answer 1 · 2013-03-09T11:33:54+08:00

There is no discrepancy.

IN=eth1 OUT= SRC=192.168.1.108 DST=192.168.1.58 PROTO=TCP SPT=47365 DPT=22

The firewall log lists eth1 at the address 192.168.1.58, but the routing table puts it at 192.168.1.10.

No, the firewall tell you it has received a packet from eth1 with destination 192.168.1.58. This is not surprising: anyone on your network can send any bogus packet on the interface on which your server is connected. If this is a problem, blame the sender.

Note that, however, that the Linux kernel use a weak host model by default. That mean it will accept a packet as his own if the destination address match one on any of its interface. So the kernel will accept the packet as legitimate.

This weak host model is also reflected on ARP behaviour: the kernel will answer an ARP for the 192.168.1.58 address on any of its interface by default. If all interfaces are connected to the same network segment, then someone requesting 192.168.1.58 may end up on any of your 3 interfaces. If this is not wanted, set the arp_ignore sysctl to 1.

Also, your routing tables are unusual, if not wrong. If you ask the kernel to connect to 192.168.1.108, what interface should it use ? The actual answer is given by the ip route get 192.168.1.108 command. It may not be the one you expect.

Interface ip address discrepancy

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?