Mutiple Network Adapters on same subnet issue

Issues related to configuring your network
Post Reply
m.yaqout
Posts: 1
Joined: 2022/03/21 09:37:56

Mutiple Network Adapters on same subnet issue

Post by m.yaqout » 2022/03/21 10:18:50

I have a centos server that has 4 Network Adapters that will be used for webhosting.
I have configured network adapters in /etc/sysconfig/network-scripts/ifcfg-ens*** ( Stars are the network adapter number )
with the following IPs:

ifcfg-ens161 :
ipv4 : 10.10.10.10/24
gateway: 10.10.10.1

ifcfg-ens192 :
ipv4 : 10.10.10.11/24
gateway: 10.10.10.1

ifcfg-ens224 :
ipv4 : 10.10.10.12/24
gateway: 10.10.10.1

ifcfg-ens256 :
ipv4 : 10.10.10.13/24
gateway: 10.10.10.1

Each IP has a NAT to a separate public IP

the issue as follows:

when I ping internal IPs without specifying an interface, it works.
ping 10.10.10.11
when I ping with specific IPs , the ping doesn't work.
ping -I ens192 10.10.10.10

I tried to turn off the firewall , I uninstalled imunify360 and no luck.
The reason I have multiple public IPs Natted to internal IPs is because I want to isolate management Services (Email,Website,etc...) from the IPs that will be used for shared hosting.

to isolate the issue, I created different subnets and defined them in the interfaces ens192, and ens256 as follows:
ens192:
ipv4:10.10.11.11/24
gateway:10.10.11.1

ens256:
ipv4:10.10.13.13/24
gateway:10.10.13.1


and still no luck, I am facing the same issue.

when I ping the internal interfaces using their NATTED Public IP address, I can see the external firewall logs showing the ping reaching the firewall but when the firewall sends it back to the host, it gets dropped somewhere.

How should I design the system or what should I do when configuring the Network?

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Mutiple Network Adapters on same subnet issue

Post by jlehtone » 2022/03/21 10:54:18

There can be only one!
... default route.

When you have a packet to send, you need to do a routing decision -- how to send it.
If it is to localhost, to link-local subnet(s) or other explicit routes, then decision is easy.
Otherwise, one has to use the default route. By definition, there is one default.

If the default route says that packets to "everyone else" should go via 10.10.10.1,
then subsequent question is, how to send to 10.10.10.1? Easy, it is in link-local subnet 10.10.10.0/24.
Which interface & source address is used to talk to members 10.10.10.0/24?
We expect one answer to that. Same answer every time.

If the answer is "10.10.10.11", but you reply to packet that was destined to 10.10.10.13,
then you do have a dilemma: if you could reply with "from 10.10.10.11", then recipient
would be confused as it expects from 10.10.10.13 (not to mention the NAT in between).
If you reply with "from 10.10.10.13" ... well, your rules say that you answer with "from 10.10.10.11".

There is "policy-based routing" that might be able to allow what you want, preferably with each interface in separate subnet.

The default for traffic originated in the machine remains one of them.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Mutiple Network Adapters on same subnet issue

Post by TrevorH » 2022/03/21 10:59:50

There are also just problems in general with having multiple adapters with ip addresses within the same subnet. It just gets very confused. You can sort of coerce it to work but in general it is much much easier to assign different subnets to all adapters. To stand a chance of making it work as it is you probably need to set

net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply