Want to have Local IP the same as router IP

Hi everyone

Hope someone can help me with this..

On our network, the router (delivered by our ISP) has an IP
address like 123.123.123.1. We have bought a new router
with linux to enable redundant internet connections, control
traffic etc, and now I want to put it into production.

However, we have hundreds of users with the default gateway
123.123.123.1 configured, and I don't want to have to change
the config on all computers.

Here is what I want to do:
1. Plug the existing router directly into eth2
2. Add route to 123.123.123.1 through eth2
3. Add 123.123.123.1 as default gw
4. Add static ARP entry to 123.123.123.1 (?)
5. Put eth0 on ip 123.123.123.1

Thus, all users would now be using the new router as default
gateway, no changes needed.

I tried this, and here is what happened:
1. plugged the existing router directly in eth2, and was able
to ping it ok
2. no problem
3. no problem
4. no problem
5. As soon as i issued ifup eth0 after the ip change, I was
unable to ping 123.123.123.1, even if i specified through eth2.
If i ran ifdown eth0, then "ping -I eth2 123.123.123.1" worked
as it should.

Does anybody have any clue as to how I can accomplish this?
Any suggestions would be appreciated.


Sincerely,
-Oyvind

"Øyvind Henriksen" <(E-Mail Removed)> writes:

]Hi everyone

]Hope someone can help me with this..

]On our network, the router (delivered by our ISP) has an IP
]address like 123.123.123.1. We have bought a new router
]with linux to enable redundant internet connections, control
]traffic etc, and now I want to put it into production.

]However, we have hundreds of users with the default gateway
]123.123.123.1 configured, and I don't want to have to change
]the config on all computers.

]Here is what I want to do:
]1. Plug the existing router directly into eth2
]2. Add route to 123.123.123.1 through eth2
]3. Add 123.123.123.1 as default gw
]4. Add static ARP entry to 123.123.123.1 (?)
]5. Put eth0 on ip 123.123.123.1

]Thus, all users would now be using the new router as default
]gateway, no changes needed.

]I tried this, and here is what happened:
]1. plugged the existing router directly in eth2, and was able
] to ping it ok
]2. no problem
]3. no problem
]4. no problem
]5. As soon as i issued ifup eth0 after the ip change, I was
]unable to ping 123.123.123.1, even if i specified through eth2.
]If i ran ifdown eth0, then "ping -I eth2 123.123.123.1" worked
]as it should.

]Does anybody have any clue as to how I can accomplish this?
]Any suggestions would be appreciated.

Well, tell us what the IP on eth0 is. Also the routes.
ifconfig -a
with eth0 up
route -n with eth0 up.

(by the way, what system is this on? If the router the linux box or is
the router some separate machine? We need more info here to give good
advice.)

Hi David

Thanks a whole lot for answering! :-)

123.123.123.1 is the default gateway, it's a preconfigured router delivered
to
us from our ISP. There are no services that we need on it.

eth1 is used for our second internet connection, our 'backup connection',
its
got an ip like 234.234.234.118
I have configured iptables to do dnat to some of our hosts on eth0. To make
this work i had to read some of the adv routing howto, esp chapter 4.
eth0 is our internal network, on ip 123.123.123.247
eth2 is our internal network, on ip 123.123.123.246

I have not configured load balancing, all outbound traffic should go through
eth2 if the connection is alive. Only if the connection dies should outgoing
traffic be sent through eth1.

So let me see if i understand:
- I turn on proxy arp for eth0
- eth2 should be configured like this (ifcfg-eth2):
DEVICE=eth2
BOOTPROTO=static
IPADDR=123.123.123.246
NETMASK=255.255.255.255
BROADCAST=123.123.123.246
ONBOOT=yes

And these entries are correct (from 'route') ?
Destination Gateway Genmask Flags Metric Ref Use
Iface
123.123.123.1 * 255.255.255.255 UH 0 0 0 eth2
default 123.123.123.1 0.0.0.0 UG 0 0 0 eth2

I tried the ifcfg settings above, and at least I'm able to ping
123.123.123.1
through eth2. The route settings are the same as I always had..

You said that "eth0 should answer arp requests for anything on its other
interfaces", and I'm a bit confused. I only need it to answer for
123.123.123.1. What hosts can be considered 'on its other interfaces'?

I will read up on proxy_arp, and see if it lets me do what i want it to,
then
experiment some more later. This seems promising! :-)

Sincerely,
- Oyvind

> Set eth0 to any IP other than 123.123.123.1
>
> Set up eth2 with any other 123.123.123.x IP netmask 255.255.255.255
> broadcast (same as IP). Same host and default routes to 123.123.123.1 on
> dev eth2.
>
> echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp.
>
> Then eth0 should answer arp requests for anything on its other interfaces
> (including 123.123.123.1). However, you have not said what is on eth1, so
> maybe you need to read the Adv-Routing HOWTO instead of using proxy_arp
> (if you are doing something like load balancing or fallback between eth1 &
> eth2 for internet connections).
>
> If 123.123.123.1 represents a public IP, you likely also need to do some
> sort of masquerading.
>
> --
> David Efflandt - All spam ignored http://www.de-srv.com/
> http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
> http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/

David, thanks for your insight on proxy arp. I have however given this up
for now, and will explore other options.

My conclusion so far is that this is doable, but there is no way for me to
flush the arp cache on the ISP's router. The default timeout is 14400
seconds (4 hours), and we really want to avvoid that kind of downtime.

Sincerely,
- Oyvind

"David Efflandt" <(E-Mail Removed)> skrev i melding
news:(E-Mail Removed)...
> On Mon, 28 Jul 2003 00:55:16 +0200, Oyvind <(E-Mail Removed)> wrote:
> > Hi David
> >
> > Thanks a whole lot for answering! :-)
> >
> > 123.123.123.1 is the default gateway, it's a preconfigured router
delivered
> > to
> > us from our ISP. There are no services that we need on it.
> >
> > eth1 is used for our second internet connection, our 'backup
connection',
> > its
> > got an ip like 234.234.234.118
> > I have configured iptables to do dnat to some of our hosts on eth0. To
make
> > this work i had to read some of the adv routing howto, esp chapter 4.
> > eth0 is our internal network, on ip 123.123.123.247
> > eth2 is our internal network, on ip 123.123.123.246
> >
> > I have not configured load balancing, all outbound traffic should go
through
> > eth2 if the connection is alive. Only if the connection dies should
outgoing
> > traffic be sent through eth1.
> >
> > So let me see if i understand:
> > - I turn on proxy arp for eth0
> > - eth2 should be configured like this (ifcfg-eth2):
> > DEVICE=eth2
> > BOOTPROTO=static
> > IPADDR=123.123.123.246
> > NETMASK=255.255.255.255
> > BROADCAST=123.123.123.246
> > ONBOOT=yes
> >
> > And these entries are correct (from 'route') ?
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface
> > 123.123.123.1 * 255.255.255.255 UH 0 0 0
eth2
> > default 123.123.123.1 0.0.0.0 UG 0 0 0
eth2
> >
> > I tried the ifcfg settings above, and at least I'm able to ping
> > 123.123.123.1
> > through eth2. The route settings are the same as I always had..
> >
> > You said that "eth0 should answer arp requests for anything on its other
> > interfaces", and I'm a bit confused. I only need it to answer for
> > 123.123.123.1. What hosts can be considered 'on its other interfaces'?
> >
> > I will read up on proxy_arp, and see if it lets me do what i want it to,
> > then
> > experiment some more later. This seems promising! :-)
>
> It is hard to be specific without knowing what networks are on your
> various interfaces. And I am not sure how proxy_arp works if you have a
> 3rd interface that needs to be masqueraded. I currently have a
> configuration like this:
>
> PPPoE(eth1)-Linux1-eth0-----eth0-Linux2-eth1-----WAP wireless-laptop
> Linux1 does firewall/masq
> proxy_arp is enabled for eth0 of Linux2
> eth1 of Linux2 is 255.255.255.248 subnet of main LAN 255.255.255.0 subnet.
>
> In your case you have:
> eth0-----alternate gw
> eth1-----internet-masq(default)
> eth2-----LAN
>
> With proxy_arp enabled on eth0, it would answer for IPs on eth2, and you
> should not have any traffic destined for the internet coming in through
> eth0, so it should work. You need to masquerade anything going out eth1.
> Not sure if you need to masq eth0 (depends whether eth0 and eth2 are
> public IPs).
>
> >> Set eth0 to any IP other than 123.123.123.1
> >>
> >> Set up eth2 with any other 123.123.123.x IP netmask 255.255.255.255
> >> broadcast (same as IP). Same host and default routes to 123.123.123.1
on
> >> dev eth2.
> >>
> >> echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp.
> >>
> >> Then eth0 should answer arp requests for anything on its other
interfaces
> >> (including 123.123.123.1). However, you have not said what is on eth1,
so
> >> maybe you need to read the Adv-Routing HOWTO instead of using proxy_arp
> >> (if you are doing something like load balancing or fallback between
eth1 &
> >> eth2 for internet connections).
> >>
> >> If 123.123.123.1 represents a public IP, you likely also need to do
some
> >> sort of masquerading.
>
> --
> David Efflandt - All spam ignored http://www.de-srv.com/

On Mon, 28 Jul 2003, Oyvind wrote:

> David, thanks for your insight on proxy arp. I have however given this up
> for now, and will explore other options.
>
> My conclusion so far is that this is doable, but there is no way for me to
> flush the arp cache on the ISP's router. The default timeout is 14400
> seconds (4 hours), and we really want to avvoid that kind of downtime.

Let me suggest one more thing you should do....

Over time, re-configure all your clients to use DHCP (for all network
settings, not just IP address), so that you can change the default gateway
by merely changing the DHCP server's configuration!