Home / server / Questions / 78006
Accepted
Jichao
Asked: 2009-10-25 16:53:08 +0800 CST

How does a host route IP packets if it gets two IP addresses?

  • 772

To clarify my question...

I am wondering how does the Linux kernel route packets on a multi-home host?

With 'multi-home', I mean the host has multiple NICs to send packets, for example my Debian in Virtualbox has two NICs.

eth0 provides the NAT support. I don't know how Virtualbox manages to do that. I mean there isn't any virtual NIC in my windows host whose IP is 10.0.2.x.

eth1 provides the host-only support. I use this small network to learn TCP/IP protocol and do some small experiments. I manually configure it to IP address 192.168.56.2, gateway 192.168.56.1, the latter IP address is the Virtualbox virtual NIC IP address.

host operating system I use ADSL to connect to the Internet and get a random IP address, e.g.118.249.xxx.113.

So the question comes out, how does the linux kernel route IP packets? I mean if I have run the following commands, I am not able to connect to the Internet.

ifup eth0
ifup eth1
ping www.google.com

that ping would return no response.

So is it that the after setting up the eth1, the kernel would use eth1 as the default NIC, which is in the host-only network, to send IP packets? As a result, in Debian, I cannot connect to the outside internet?

Another simple question is, as eth1 now is the default NIC, will the Linux kernel try to use the eth1 NIC to send packets if eth0 has failed to find an available route entry?
If it will, then how to configure it?

Here is my network configuration of Debian Linux in Virtualbox.

eth0  Link encap:Ethernet  HWaddr 08:00:27:ec:d9:bb  
              inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
              inet6 addr: fe80::a00:27ff:feec:d9bb/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:1690 errors:2 dropped:0 overruns:0 frame:0
              TX packets:1129 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:2276172 (2.1 MiB)  TX bytes:62647 (61.1 KiB)
              Interrupt:11 Base address:0xd020 


eth1      Link encap:Ethernet  HWaddr 08:00:27:ae:e1:69  
          inet addr:192.168.56.2  Bcast:192.168.56.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:feae:e169/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:48 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5985 (5.8 KiB)  TX bytes:1334 (1.3 KiB)
          Interrupt:10 Base address:0xd240 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:560 (560.0 B)  TX bytes:560 (560.0 B)

and the route table follows:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.0.2.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.56.0    0.0.0.0         255.255.255.0   U         0 0          0 eth1
0.0.0.0         192.168.56.1    0.0.0.0         UG        0 0          0 eth1
0.0.0.0         10.0.2.2        0.0.0.0         UG        0 0          0 eth0

thanks.
jcyang.

ip

4 Answers

  1. Your question is sort of confusing but let me give it a shot.

    First, if you want to have a simple NAT/masquerading router, there are some simple, adaptable tutorials on how to do this with netfilter (iptables). It can be deceptively simple to enable this behavior. Googling "linux nat" or "linux masquerade" will help.

    edit: throwing the basic commands in for good measure. Be sure you know which interface is which!

    /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

    Otherwise you should just be able to use the route command to delete the 'extra' gateways and force all traffic out through eth1 if that's your goal (don't need eth0 at all in this scenario if I understand you right.)

    route del gw 10.0.2.2 eth0

    Should do the trick on the last scenario. (If I understand you correctly, which I may not.)

    Hope that helps.

    • 1

  2. You have two default routes. I've only ever used one at a time, but I imagine two wouldn't be a problem --- as far as I know, the routing table is sorted by specificity (number of bits in the destination subnet mask, ascending) and maybe MTU (though I don't think so on Linux). The first matching default route in the sorted list would then be used.

    Try removing one of the default routes anyway (route del... as others have mentioned, or ip route del...).

    Otherwise... why is your ping getting "no response"? That sounds like a firewall issue. It MIGHT be that linux is automatically doing a load-balancing/round-robin thing with the two default routes, but I've never heard of Linux doing that, and it could create problems for some protocols, so I doubt it.

    If you're having routing issues, ping should probably say "no route to host" or something like that. No response is different. Make sure ping is figuring out the IP from the hostname OK. If not, it's a DNS issue. If so, look to your firewall -- iptables -L -n -v will give you any rules, and how many times the rules have been hit. If a rule increases as often as your pings, that's likely to be the problem. Otherwise, examine the packets leaving and entering the machine with wireshark.

    • 1
  3. Best Answer

    I'm not sure I understand correctly the problem but do a 'echo 1 > /proc/sys/net/ipv4/ip_forward' to enable routing. Make it permanent by editing /etc/sysctl.conf . When this is set to 1 (enabled) Linux will forward packets received from on one ethernet interface to another - it will act as a router.
    If you have a dual-home machine - two ways to get out on the internet - you can't use both uplinks with just two default gateways installed... What you can do is select the primary default gateway , let's say 192.168.56.1 and then select some networks you want to get trough the secondary link:
    ip route add default via 192.168.56.1
    ip route add 221.x.x.x/24 via 10.10.10.2
    ip route add 99.99.99.99/32 via 10.10.10.2

    • 0

  4. so, let me explain you some basics on your example. You have 2 Nics (virtual or not doens't matter). Both are in seperate Networks. 10.0.2.0 and 192.168.56.0

    The first two entries in your routing table shows they have no special gateway (0.0.0.0) ant last column shows at which NIC they are connected.

    Then there is an mistake in the routing table. You have two entries in for the default gateway. You can only have one real default gateway. Normally the IP Packets are sent to the first default gw found in the routing table. (I guess in your case its the wrong one)

    I dont know how exactly the NAT thing works ( I ever use bridged Networking). So you have two options. Set the default gateway to the IP Adress of your REAL Machines IP Adress. E.g. if your Machine outside of your virtual Box has the IP 10.0.2.254 set yout default gateway to 10.0.2.254. (In NAT Enviroment you have to setup your Machine outside of your virtual Box to support that, ipfilter must be setup right and routing Packets between Interfaces must be enabled echo 1 > /proc/sys/net/ipv4/ip_forward).

    If you use a bridged Setup, your Machine has direct connection to your Router, which is connected to the internet. Than you only have to setup an ip Adress is this Network and setup your default gateway to the ip of your router. e.g. VBOX 10.0.2.2 ------- MACHINE OUTSIDE VBOX 10.0.2.254 ------ Router connected to Internet 10.0.2.1

    Than your gateway will be 10.0.2.1

    • 0