Network problem with external host and default routers with anti-spoofing

From: Andrew Watkins (andrew@dcs.bbk.ac.uk)
Date: Tue Sep 13 2005 - 06:17:49 EDT

• Next message: mark_round@ipcmedia.com: "Tracking down system calls on Solaris 9"
• Previous message: Gold Sun: "patch 111570-03 for Solaris 8 wont install though uucp is present"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi folks,

An interesting problem which I want to check out before asking Sun:

External hosts can not contact a sun server on 1 on the interfaces depending
on which default router is configured.

Server (zeus):
==============
Solaris 9 has 2 networks interfaces
                193.61.29.14
            and 193.61.28.143
            
            and default gateway 193.61.28.245.

Client (pc-em5):
====== =========
193.61.44.37% ping 193.61.28.143
zeus alive

193.61.44.37% ping 193.61.29.14
no answer from zeus

The problem is that the packet arrives on 193.61.29.14 interface on zeus

> IP: Source address = 193.61.44.37, pc-em5
> IP: Destination address = 193.61.29.14, zeus
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 193.61.29.14 netmask ffffff00 broadcast 193.61.29.255
        

and it sends it out via the default gateway which is on 193.61.28 interface.

> IP: Source address = 193.61.29.14, zeus
> IP: Destination address = 193.61.44.37, pc-em5.dcs.bbk.ac.uk
bge1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
        inet 193.61.28.143 netmask ffffff00 broadcast 193.61.28.255

This would normally work, but the problem is that the router has
anti-spoofing enabled which means that it blocks the outgoing packet since
it is not arrive via this router!

If I swap the default gateway to be the 193.61.29.245 it then works the
other way round

Client:
=======
193.61.44.37% ping 193.61.29.14
zeus alive

193.61.44.37% ping 193.61.28.143
no answer from zeus

1) We don't have this problem on MS Windows 2 interface machines, since it
        looks like windows sends the packets to specific interfaces/routers.
        
2) I have tried setting up 2 default gateways but that does not help since
        solaris uses them as round robin setup.
        
3) I have played with setting up some other routes, but have not cracked it.

4) The only work round at the moment is I have removed the 2nd IP addresses
        from our DNS so all traffic comes via one route.
        
        
Any thoughts (We don't have any control over the routers!)

Andrew
*****************************************************************************
Unix Administrator tel: 020-7631 6720
Computer Science Department fax: 020-7631 6727
Birkbeck College (University of London)
Malet Street
London e-mail: andrew@dcs.bbk.ac.uk
WC1E 7HX http://www.dcs.bbk.ac.uk/~andrew
*****************************************************************************
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: mark_round@ipcmedia.com: "Tracking down system calls on Solaris 9"
• Previous message: Gold Sun: "patch 111570-03 for Solaris 8 wont install though uucp is present"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:31:38 EDT