Question about using two network cards with two IP addresses

SUSE Product Topics SLES Networking
1

Hi,
I have a question about using two network cards with two IP addresses in SUSE Linux Enterprise Server 11 SP 3.

The server has two network cards (NICs). I’m trying to host two different websites with the two NICs. (the IP addresses assigned to the NICs (through DHCP) are 128.194.141.168 and 128.194.141.147, respectively.) But there are some problems as follows.

  1. I can reach (or ping) to the both IP addresses from the computers with the same subnet (128.194.141.xxx).
  2. However, I can only reach (or ping) to the first one (128.194.141.168), not to the second one (128.194.141.147), from the computers outside of the subnet.
  3. I already added the two IP addresses (with 80 port) to /etc/apache2/listen.conf.
  4. When I turn off the first NIC, and reboot, I can reach to the second NIC (128.194.141.147), but not to the first NIC (128.194.141.168).

I have struggled with this problem almost for a week. Would it be possible for anyone of you to give any advice about this problem?

Thank you.

2

Hi jwookyoo,

The server has two network cards (NICs) […] 128.194.141.168 and 128.194.141.147

it’s typically no good idea to have two distinct interfaces with IP addresses on the same subnet.

If it is just about IP addresses (and no bandwidth problem), add the second (and any further) IP address as a secondary IP to the “first” interface.

If it’s about bandwidth, bundle the physical interfaces and then assign the IP addresses to the bond interface.

Regards,
Jens

3

Agreed, it’s just not a good setup. Apache httpd can differentiate
traffic intended for one site or another using DNS using its name server
settings as part of Virtual Hosts, and that works really well.

Still, if you must have two, you need to change an rp_filter setting in
your system, for example by modifying /etc/sysctl.conf and adding the
following line:

net.ipv4.conf.all.rp_filter = 2

After you do this and the setting is applied you MAY notice that a restart
of the system or the firewall causes the system to behave as if it not
there anymore. Restarting the firewall (which also happens on system
reboot) may expose a condition invalidating this setting, which is
frustrating, but you can work around that by adding the following line to
the /etc/sysconfig/scripts/SuSEfirewall2-custom file in the
fw_custom_before_denyall function/method (near the bottom of the file in
my case, around line 85).

You can read more about the rp_filter settings online, including SUSE TID#
7007649.


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

4

Thank you for the advice. Based on your feedback, I changed it to use only one network adapter for two websites, and it works okay now :slight_smile: I plan to use the other network adapter for bonding later on.

Thank you!