Re: [gentoo-user] IP aliasing problem
The same TX RX are shown for both interfaces. That implies that they are layer 2 counters and will therefore be the same for a given physical interface. I don't know whether the tools have changed much since those I'm using on this box, but the difference *might* be that Grant's IPs are on the same subnet. I *think* it's possible for the route (as in: `man route`) to configure packets that come in on 1.2.3.2 to be replied to via 1.2.3.1. If the return packets are part of the same TCP session it will automatically be sent from the correct IP address. If it didnt, the remote end wouldnt consider the return packets part of the same session and reject them.
Re: [gentoo-user] IP aliasing problem
ServerName differently for each VirtualHost. Strangely though, I still don't get stats for RX/TX from ifconfig: eth0 Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.1 Bcast:[removed] Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:923677 errors:0 dropped:0 overruns:0 frame:0 TX packets:1444212 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:124904402 (119.1 MiB) TX bytes:1880087116 (1.7 GiB) Interrupt:40 eth0:1 Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.2 Bcast:[removed] Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:40 Remember eth0:1 is an alias for eth0. Your above info is slightly wrong in that eth0 should be listed as eth0:0; where instead ifconfig is showing eth0 generic information and eth0:0 information combined. That's probably the source of your confusion. On a system running 2.4.25 here I have: $ ifconfig eth0 Link encap:Ethernet HWaddr 00:02:A5:1B:01:59 inet addr:213.x.y.91 Bcast:213.x.y.95 Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:211366804 errors:0 dropped:0 overruns:0 frame:0 TX packets:306200382 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1542358934 (1470.9 Mb) TX bytes:1547826181 (1476.1 Mb) Interrupt:20 Base address:0xd000 eth0:1 Link encap:Ethernet HWaddr 00:02:A5:1B:01:59 inet addr:192.168.1.43 Bcast:192.168.255.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:211366804 errors:0 dropped:0 overruns:0 frame:0 TX packets:306200384 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1542358934 (1470.9 Mb) TX bytes:1547826521 (1476.1 Mb) Interrupt:20 Base address:0xd000 lo Link encap:Local Loopback ... The same TX RX are shown for both interfaces. I don't know whether the tools have changed much since those I'm using on this box, but the difference *might* be that Grant's IPs are on the same subnet. I *think* it's possible for the route (as in: `man route`) to configure packets that come in on 1.2.3.2 to be replied to via 1.2.3.1. You might set up a spare test box to see how current ifconfig displays packets, comparing aliased addresses on the same and separate subnets. Stroller. OK, thanks guys. - Grant
Re: [gentoo-user] IP aliasing problem
On 6 Oct 2010, at 23:17, Grant wrote: ...I have 5 usable IPs from my host and I've defined 2 of them in /etc/conf.d/net like this: config_eth0=( 1.2.3.1 netmask 255.255.255.0 1.2.3.2 netmask 255.255.255.0 ) My apache2 config is not working as expected and I think its due to a networking problem because eth0:1 reports no RX or TX stats: # ifconfig eth0 Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.1 Bcast:[removed] Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:46047 errors:0 dropped:0 overruns:0 frame:0 TX packets:65703 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6131194 (5.8 MiB) TX bytes:82568335 (78.7 MiB) Interrupt:40 eth0:1Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.2 Bcast:[removed] Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:40 ... Thank you for taking the time to write Stroller. This has really got my head spinning. First of all, you're right about the netmask. It is 255.255.255.248. I didn't have a good understanding of what a netmask is so I thought it would be smart to change it for a public message. The server is remote and hosted so I don't have any control over the router or network. I've gone back and forth with the host but they insist that everything is fine on their end. I'm confused because I have in apache2 config: VirtualHost 1.2.3.1:443 ... SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key ... Suggest you first establish you can ping *both* IPs. Stroller.
Re: [gentoo-user] IP aliasing problem
...I have 5 usable IPs from my host and I've defined 2 of them in /etc/conf.d/net like this: config_eth0=( 1.2.3.1 netmask 255.255.255.0 1.2.3.2 netmask 255.255.255.0 ) My apache2 config is not working as expected and I think its due to a networking problem because eth0:1 reports no RX or TX stats: # ifconfig eth0 Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.1 Bcast:[removed] Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:46047 errors:0 dropped:0 overruns:0 frame:0 TX packets:65703 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6131194 (5.8 MiB) TX bytes:82568335 (78.7 MiB) Interrupt:40 eth0:1 Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.2 Bcast:[removed] Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:40 ... Thank you for taking the time to write Stroller. This has really got my head spinning. First of all, you're right about the netmask. It is 255.255.255.248. I didn't have a good understanding of what a netmask is so I thought it would be smart to change it for a public message. The server is remote and hosted so I don't have any control over the router or network. I've gone back and forth with the host but they insist that everything is fine on their end. I'm confused because I have in apache2 config: VirtualHost 1.2.3.1:443 ... SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key ... Suggest you first establish you can ping *both* IPs. Thanks Stroller. It's working now. I needed to define apache2's ServerName differently for each VirtualHost. Strangely though, I still don't get stats for RX/TX from ifconfig: eth0 Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.1 Bcast:[removed] Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:923677 errors:0 dropped:0 overruns:0 frame:0 TX packets:1444212 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:124904402 (119.1 MiB) TX bytes:1880087116 (1.7 GiB) Interrupt:40 eth0:1Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.2 Bcast:[removed] Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:40 - Grant
Re: [gentoo-user] IP aliasing problem
ServerName differently for each VirtualHost. Strangely though, I still don't get stats for RX/TX from ifconfig: eth0 Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.1 Bcast:[removed] Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:923677 errors:0 dropped:0 overruns:0 frame:0 TX packets:1444212 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:124904402 (119.1 MiB) TX bytes:1880087116 (1.7 GiB) Interrupt:40 eth0:1Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.2 Bcast:[removed] Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:40 Remember eth0:1 is an alias for eth0. Your above info is slightly wrong in that eth0 should be listed as eth0:0; where instead ifconfig is showing eth0 generic information and eth0:0 information combined. That's probably the source of your confusion. Don't know how to remedy it though. HTH, Ben
Re: [gentoo-user] IP aliasing problem
On 7 Oct 2010, at 18:51, BRM wrote: ServerName differently for each VirtualHost. Strangely though, I still don't get stats for RX/TX from ifconfig: eth0 Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.1 Bcast:[removed] Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:923677 errors:0 dropped:0 overruns:0 frame:0 TX packets:1444212 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:124904402 (119.1 MiB) TX bytes:1880087116 (1.7 GiB) Interrupt:40 eth0:1Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.2 Bcast:[removed] Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:40 Remember eth0:1 is an alias for eth0. Your above info is slightly wrong in that eth0 should be listed as eth0:0; where instead ifconfig is showing eth0 generic information and eth0:0 information combined. That's probably the source of your confusion. On a system running 2.4.25 here I have: $ ifconfig eth0 Link encap:Ethernet HWaddr 00:02:A5:1B:01:59 inet addr:213.x.y.91 Bcast:213.x.y.95 Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:211366804 errors:0 dropped:0 overruns:0 frame:0 TX packets:306200382 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1542358934 (1470.9 Mb) TX bytes:1547826181 (1476.1 Mb) Interrupt:20 Base address:0xd000 eth0:1Link encap:Ethernet HWaddr 00:02:A5:1B:01:59 inet addr:192.168.1.43 Bcast:192.168.255.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:211366804 errors:0 dropped:0 overruns:0 frame:0 TX packets:306200384 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1542358934 (1470.9 Mb) TX bytes:1547826521 (1476.1 Mb) Interrupt:20 Base address:0xd000 loLink encap:Local Loopback ... The same TX RX are shown for both interfaces. I don't know whether the tools have changed much since those I'm using on this box, but the difference *might* be that Grant's IPs are on the same subnet. I *think* it's possible for the route (as in: `man route`) to configure packets that come in on 1.2.3.2 to be replied to via 1.2.3.1. You might set up a spare test box to see how current ifconfig displays packets, comparing aliased addresses on the same and separate subnets. Stroller.
Re: [gentoo-user] IP aliasing problem
On 6 Oct 2010, at 19:02, Grant wrote: ...I have 5 usable IPs from my host and I've defined 2 of them in /etc/conf.d/net like this: config_eth0=( 1.2.3.1 netmask 255.255.255.0 1.2.3.2 netmask 255.255.255.0 ) My apache2 config is not working as expected and I think its due to a networking problem because eth0:1 reports no RX or TX stats: # ifconfig eth0 Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.1 Bcast:[removed] Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:46047 errors:0 dropped:0 overruns:0 frame:0 TX packets:65703 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6131194 (5.8 MiB) TX bytes:82568335 (78.7 MiB) Interrupt:40 eth0:1Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.2 Bcast:[removed] Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:40 It's frustrating that you must conceal the IP addresses during a question like this, because it makes it harder to know whether you've misconfigured your host or just made a typo in transcription. It's probably clearer if you alter only the second octet of your IPs, and leave everything else otherwise intact. However... if you have 5 usable IPs then your subnet mask will not be 255.255.255.0 - it'll be 255.255.255.248. See http://krow.net/dict/subnet.html The broadcast address will also be affected. This is also known as a /29 subnet - IIRC you actually have 8 IPs assigned to you - one of them is used by the router, one of them is the broadcast, and the other is unused (the way 192.168.0.0 or 0.0.0.0 is normally unused). Since your router has an IP in the same subnet, you'll know this is all working when you can ping the addresses of your webserver (1.2.3.1 1.2.3.2) from the router. Alternatively, set up a second PC - e.g. your laptop - on the globally-addressable subnet, and try pinging from there. The normal situation with a home router is that it has a globally-addressable IP on it's WAN interface and a private IP (192.168.x.y) on its LAN interface. When you start using your globally-addressable IPs behind the router you usually need to tell it so, and I'm guessing you haven't done that. If your laptop is currently using 192.168.a.b with a default gateway of 192.168.0.1, then the packets will be sent to the router for routing. And if the router is in the default configuration usual for home users, it won't know there's a 1.2.3.z subnet on your LAN, and it'll be trying to route the packets out into the internet (and those poor little packets will probably get very confused when they reach your ISP and it sends them back again!). You can triple-home by setting eth0:2 to 192.168.c.d, and can (depending on your bridge/router configuration) continue to use private addresses for additional machines if you have more hosts on the LAN than you have globally-addressable IPs. Watch out for default gateway and DNS stuff! You'll probably want to give your laptop 1 private + 1 global IP whilst you're testing. If your router is a fully-configurable Linux box then say so, and someone will be able to point you in the right direction for this. It's been a long time since I messed with this. I'm still using an old Draytek Vigor here, and this is all done by checking a radio button and pasting IP addressy stuff into boxes in the web-based configurator. The router has to operate in bridging mode to do this - on a Linux router you need configure as a bridge and NOT as a router (or, I think, as both). http://www.google.com/search?q=bridge+5+usable+ips My initial reaction to your question was, Oh, Grant, this is simple network stuff, but whilst writing this my memory has been roughly refreshed, and I realise it's really not terribly simple at all. I'm extremely rusty at all this, and I'm also very tired, so I'm not going to write any more right now. Stroller.
Re: [gentoo-user] IP aliasing problem
...I have 5 usable IPs from my host and I've defined 2 of them in /etc/conf.d/net like this: config_eth0=( 1.2.3.1 netmask 255.255.255.0 1.2.3.2 netmask 255.255.255.0 ) My apache2 config is not working as expected and I think its due to a networking problem because eth0:1 reports no RX or TX stats: # ifconfig eth0 Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.1 Bcast:[removed] Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:46047 errors:0 dropped:0 overruns:0 frame:0 TX packets:65703 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6131194 (5.8 MiB) TX bytes:82568335 (78.7 MiB) Interrupt:40 eth0:1 Link encap:Ethernet HWaddr [removed] inet addr:1.2.3.2 Bcast:[removed] Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:40 It's frustrating that you must conceal the IP addresses during a question like this, because it makes it harder to know whether you've misconfigured your host or just made a typo in transcription. It's probably clearer if you alter only the second octet of your IPs, and leave everything else otherwise intact. However... if you have 5 usable IPs then your subnet mask will not be 255.255.255.0 - it'll be 255.255.255.248. See http://krow.net/dict/subnet.html The broadcast address will also be affected. This is also known as a /29 subnet - IIRC you actually have 8 IPs assigned to you - one of them is used by the router, one of them is the broadcast, and the other is unused (the way 192.168.0.0 or 0.0.0.0 is normally unused). Since your router has an IP in the same subnet, you'll know this is all working when you can ping the addresses of your webserver (1.2.3.1 1.2.3.2) from the router. Alternatively, set up a second PC - e.g. your laptop - on the globally-addressable subnet, and try pinging from there. The normal situation with a home router is that it has a globally-addressable IP on it's WAN interface and a private IP (192.168.x.y) on its LAN interface. When you start using your globally-addressable IPs behind the router you usually need to tell it so, and I'm guessing you haven't done that. If your laptop is currently using 192.168.a.b with a default gateway of 192.168.0.1, then the packets will be sent to the router for routing. And if the router is in the default configuration usual for home users, it won't know there's a 1.2.3.z subnet on your LAN, and it'll be trying to route the packets out into the internet (and those poor little packets will probably get very confused when they reach your ISP and it sends them back again!). You can triple-home by setting eth0:2 to 192.168.c.d, and can (depending on your bridge/router configuration) continue to use private addresses for additional machines if you have more hosts on the LAN than you have globally-addressable IPs. Watch out for default gateway and DNS stuff! You'll probably want to give your laptop 1 private + 1 global IP whilst you're testing. If your router is a fully-configurable Linux box then say so, and someone will be able to point you in the right direction for this. It's been a long time since I messed with this. I'm still using an old Draytek Vigor here, and this is all done by checking a radio button and pasting IP addressy stuff into boxes in the web-based configurator. The router has to operate in bridging mode to do this - on a Linux router you need configure as a bridge and NOT as a router (or, I think, as both). http://www.google.com/search?q=bridge+5+usable+ips My initial reaction to your question was, Oh, Grant, this is simple network stuff, but whilst writing this my memory has been roughly refreshed, and I realise it's really not terribly simple at all. I'm extremely rusty at all this, and I'm also very tired, so I'm not going to write any more right now. Stroller. Thank you for taking the time to write Stroller. This has really got my head spinning. First of all, you're right about the netmask. It is 255.255.255.248. I didn't have a good understanding of what a netmask is so I thought it would be smart to change it for a public message. The server is remote and hosted so I don't have any control over the router or network. I've gone back and forth with the host but they insist that everything is fine on their end. I'm confused because I have in apache2 config: VirtualHost 1.2.3.1:443 ... SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key ... /VirtualHost VirtualHost 1.2.3.2:443 ... SSLCertificateFile /etc/apache2/ssl/www.example2.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example2.com.key ... /VirtualHost But if I request https://1.2.3.2 or https://1.2.3.2:443, I'm presented with an SSL cert that has
Re: [gentoo-user] IP aliasing problem
- Original Message Thank you for taking the time to write Stroller. This has really got my head spinning. First of all, you're right about the netmask. It is 255.255.255.248. I didn't have a good understanding of what a netmask is so I thought it would be smart to change it for a public message. The server is remote and hosted so I don't have any control over the router or network. I've gone back and forth with the host but they insist that everything is fine on their end. I'm confused because I have in apache2 config: VirtualHost 1.2.3.1:443 ... SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key ... /VirtualHost VirtualHost 1.2.3.2:443 ... SSLCertificateFile /etc/apache2/ssl/www.example2.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example2.com.key ... /VirtualHost But if I request https://1.2.3.2 or https://1.2.3.2:443, I'm presented with an SSL cert that has www.example1.com for the Common Name. I used openssl to verify that the Common Name for www.example2.com.crt is www.example2.com. I would suggest setting up separate access and error logs for each virtual host so you can see who is actually getting the connection, and then going from there. That will probably point out your real problem. Ben
Re: [gentoo-user] IP aliasing problem
On 10/06/2010 06:17 PM, Grant wrote: I'm confused because I have in apache2 config: VirtualHost 1.2.3.1:443 ... SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key ... /VirtualHost VirtualHost 1.2.3.2:443 ... SSLCertificateFile /etc/apache2/ssl/www.example2.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example2.com.key ... /VirtualHost But if I request https://1.2.3.2 or https://1.2.3.2:443, I'm presented with an SSL cert that has www.example1.com for the Common Name. I used openssl to verify that the Common Name for www.example2.com.crt is www.example2.com. Make sure you don't have SSLCertificateFile/SSLCertificateKeyFile defined anywhere outside of the virtual hosts.
Re: [gentoo-user] IP aliasing problem
I'm confused because I have in apache2 config: VirtualHost 1.2.3.1:443 ... SSLCertificateFile /etc/apache2/ssl/www.example1.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example1.com.key ... /VirtualHost VirtualHost 1.2.3.2:443 ... SSLCertificateFile /etc/apache2/ssl/www.example2.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example2.com.key ... /VirtualHost But if I request https://1.2.3.2 or https://1.2.3.2:443, I'm presented with an SSL cert that has www.example1.com for the Common Name. I used openssl to verify that the Common Name for www.example2.com.crt is www.example2.com. Make sure you don't have SSLCertificateFile/SSLCertificateKeyFile defined anywhere outside of the virtual hosts. It was ServerName. I had ServerName defined as www.example1.com in /etc/apache2/vhosts.d/default_vhost.include. I removed it from there and added it to each of my SSL VirtualHost blocks and now everything works. I noticed that removing ServerName entirely works for Firefox, but in that case SSL wouldn't work for either domain in Opera. I thought ServerName was just a label like ServerAdmin. Should I be OK only having it defined in each of my SSL VirtualHost blocks? Thanks a lot for everyone's help with this. You helped me realize it was an apache2 config problem. - Grant