4

So i have a plesk centos server. This server has public IPs and is hosted at a datacenter.

And i have several IPs. The ones working lets say 192.168.1.50 .51 .52

192.168.1.50 is configured has eth0 like this:

DEVICE=eth0
BOOTPROTO=none
BROADCAST=192.168.1.55
HWADDR=BC:AE:C5:15:C0:34
IPADDR=192.168.1.50
IPV6INIT=yes
IPV6_AUTOCONF=yes
NETMASK=255.255.255.248
NETWORK=192.168.1.48
ONBOOT=yes
GATEWAY=192.168.1.49
TYPE=Ethernet
ETHTOOL_OPTS="speed 10 duplex full autoneg off"

I need to add a new ip lets say 192.168.2.90

and i've configured like this:

DEVICE="eth0:2"
BOOTPROTO=none
IPADDR="192.168.2.90"
NETMASK="255.255.255.0"
TYPE=Ethernet
ETHTOOL_OPTS="speed 10 duplex full autoneg off"

It doesn't seem to work since i can't ping it from outside. Also the company that supplies these ips say there isn't anything they need to do at their side.

What is wrong here?

EDIT the tracert

Tracing route to xxxxxxxx [xxx.xxx.xxx.xxx]
over a maximum of 30 hops:

1     1 ms    <1 ms    <1 ms  zonhub.home [192.168.1.1]
2     7 ms     9 ms     6 ms  10.12.63.254
3    12 ms     7 ms    10 ms  10.137.200.161
4     9 ms     8 ms     8 ms  10.255.48.78
5     9 ms     8 ms    11 ms  Claranet.AS8426.gigapix.pt [193.136.250.50]
6     *        *        *     Request timed out.
7     *        *

EDIT 2 I have another server running a single IP of that network and working, here's the config:

DEVICE=eth0
BOOTPROTO=none
HWADDR=00:e0:81:79:91:8a
IPADDR=192.168.2.15
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=192.168.2.1
TYPE=Ethernet
ETHTOOL_OPTS="speed 10 duplex full autoneg off"
gravyface
  • 13,957
  • 19
  • 68
  • 100
GriffinHeart
  • 411
  • 6
  • 14
  • Can you post the exact information the company gave you when they told you that you could use the additional IP address. For example, did they specify the netmask or did you guess it? Did they specify how it would be routed to you? (The configuration you showed is correct if 192.168.2.0/24 is an additional network on that same subnet and you are authorized to use .90 on it. But it's completely wrong if they routed that single new IP to one of your existing IPs.) – David Schwartz Oct 15 '11 at 08:53
  • @DavidSchwartz they did confirm the the netmask being /24, they did not specify how its routed. they just gave me the ips and the mask. I'll post some more info on the question. Since i have another server running one of those ips. – GriffinHeart Oct 15 '11 at 11:57
  • Your other server has a gateway on the same subnet. Perhaps the provider forgot to provide you a gateway along with your new IPs (or in this case, they assumed that you know the gateway already). – Rilindo Oct 15 '11 at 14:12
  • @Rilindo so is it possible to have 2 ips from diferent networks in the same nic? and is it something i need to do on my side or the providers side? – GriffinHeart Oct 15 '11 at 14:51
  • Yes, you can. People do it all the time. It all depends on how your server and network is setup. Take a look at @wqw response. That maybe what you need. – Rilindo Oct 15 '11 at 15:52
  • There's no reason he'd want an additional gateway. – David Schwartz Oct 15 '11 at 20:47

4 Answers4

2

Here is the minimum setup you would need to setup routing so that connections on first IP 192.168.1.50 are replied through first gateway 192.168.1.49, connections on second IP 192.168.2.90 are replied through second gateway 192.168.2.1 and finally outgoing connections are load-balanced on both gateways.

/etc/sysconfig/network-scripts/ifcfg-eth0

NAME=eth0
HWADDR=BC:AE:C5:15:C0:34
IPADDR=192.168.1.50
NETMASK=255.255.255.248
DNS1=8.8.8.8
ONBOOT=yes

/etc/sysconfig/network-scripts/ifcfg-eth0:1

NAME=eth0:1
HWADDR=BC:AE:C5:15:C0:34
IPADDR=192.168.2.90
NETMASK=255.255.255.0
ONBOOT=yes

/etc/sysconfig/network-scripts/route-eth0

192.168.1.50/29 dev eth0 src 192.168.1.50 table T1
default via 192.168.1.49 dev eth0 table T1
192.168.2.90/24 dev eth0 src 192.168.2.90 table T2
default via 192.168.2.1 dev eth0 table T2
default scope global nexthop via 192.168.1.49 dev eth0 weight 1 nexthop via 192.168.2.1 dev eth0 weight 1

/etc/sysconfig/network-scripts/rule-eth0

from 192.168.2.90 table T2
from 192.168.1.50 table T1

Append to /etc/iproute2/rt_tables

100 T1
101 T2

Note that /etc/sysconfig/network should not contain any GATEWAY settings.

Edit: oops, I'm using 6.0 here, might not work on 5.x

wqw
  • 175
  • 6
  • what is the part doing the load balancing? I don't think i need it, cause this ip is just to have a SSL certificate. And what is the 192.168.2.164 ip? – GriffinHeart Oct 15 '11 at 16:24
  • i'm also getting the following errors: `Error: argument "T2" is wrong: invalid table ID` `Error: argument "T1" is wrong: invalid table ID` – GriffinHeart Oct 15 '11 at 16:44
  • Oops, see edit on `rt_tables`. Skip the `default scope global` route if no load balancing needed. – wqw Oct 15 '11 at 20:44
  • whats the 192.168.2.164 ip? and i get a new error: Bringing up interface eth0: RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument – GriffinHeart Oct 16 '11 at 19:08
  • A typo, should be 192.168.2.90. The error means you already have a default gateway, the `default scope global ...` part can not be `ip route add`ed twice, it can be `ip route replace`d once added. With this setup you'll see the error on `service network restart`. – wqw Oct 16 '11 at 20:28
1

Define what you mean by pinging the host from outside.

By definition, 192.168.x.x is routable only LOCALLY and not over the internet in general. Thus I would not be able to ping this address at all.

If these addresses are correct and you are routing internally, you cannot add just any IP, you can only add those that are compatible with the router/network connected to. Thus that would be in the 192.168.1.48 (with netmask 255.255.255.248) area, 192.168.2.90 would most probably be incompatible in this example coming using the same hardware interface eth0.

mdpc
  • 11,856
  • 28
  • 53
  • 67
  • i'm sorry, the ips are public (used example ips) and the server is at a datacenter. So i can only have one "network" per interface? – GriffinHeart Oct 14 '11 at 22:21
  • Basically, with only one hardware card, that is basically true based on what eth0 is. The provider has this information and it is possible that there could be more than one network routed on your connection, but I'd doubt it. – mdpc Oct 14 '11 at 22:26
  • The server has another hardware card, but in the future if we get more ips the same problem may arise. Trying to configure this ip for SSL certificate. Isn't there any configuration missing from my files? – GriffinHeart Oct 14 '11 at 22:30
1

I am assuming you changed the IP addresses from the real, public IP addresses to some fake private ones to protect the innocent (or guilty).

What does a traceroute from the outside to 192.168.2.90 show? The way you have it set up now it must go through 192.168.1.49. I strongly doubt this is the case (though it is not impossible, contrary to what mdpc said).

I suspect there is something miscommunication. Your other set of IPs is in a /29 (255.255.255.248) which provides 6 usable IPs (8 IPs total; 1 is used for the gateway and 1 for the broadcast). This is a typical small number of IPs a hosting company would provide you. Unless you've spent a good amount of money, I highly doubt they've allocated a /24 to you (255.255.255.0, 254 IPs).

Mark Wagner
  • 18,019
  • 2
  • 32
  • 47
  • Well the first set of ips are a ip range provided by them like you said. The new ips i got, that are from a diferent network (as in x.x.1.x and x.x.2.x) got them "single". The info i got from them is that the mask is /24 (255.255.255.0). Updated with a traceroute. – GriffinHeart Oct 14 '11 at 22:49
1

(disclaimer: I am not a network engineer)

It might be easier if you draw it out:

enter image description here

(Lines are goofy, I know).

From what I can see, 192.168.2.15/24 is reachable because when you ping it, your packets will go through your provider's network, and someplace there, a router will send the packet to the gateway 192.168.2.1, which will send the packet over to server 192.168.2.15, which resides on the same subnet that the gateway servers. Likewise, when you ping 192.168.1.55, it will go to the gateway 192.168.1.49/29, which send the packet over to server on its subnet 192.168.1.50.

So it seems that when you ping 192.168.2.90, the packet is going through gateway 192.168.2.1. However, since there is no host on that network with the IP 192.168.2.90, it will fail.

However, this assumes that the gateways are on two different physical networks. It is possible that both routes are advertising on the same physical network, which, in that case, it is just the matter of ensuring that this gateway:

192.168.2.1

Is reachable. If it is, you probably need to make sure that the following gateway is specified ifcfg-eth0:1 file:

DEVICE="eth0:2"
BOOTPROTO=none
IPADDR="192.168.2.90"
NETMASK="255.255.255.0"
GATEWAY="192.168.2.1"
TYPE=Ethernet
ETHTOOL_OPTS="speed 10 duplex full autoneg off"

You also probably want to ensure that your server is forwarding the packet over appropriately with the following setting in sysctl.conf:

net.ipv4.ip_forward = 1

I probably suggest, though, that you talk to your provider and ask them what would be the appropriate configuration to be made on the server in order for your new IP to be reachable. They should at least give you the appropriate instructions for you to get started.

Rilindo
  • 5,078
  • 5
  • 28
  • 46