The issue came up on my main application server, which runs my web server, email server, and is a DNS master for one of my domains. I recently set up a virtual web server under apache, and since it was doing SSL I needed it to run using its own IP address so that I could use an IP-address based virtual server configuration. Since the machine is running Ubuntu 7.04 (a Debian variant), the ethernet interfaces are set up in /etc/network/interfaces. Here is what that file looked like before adding the alias:

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

auto eth0

iface eth0 inet static

        address 10.0.0.25

        netmask 255.255.255.0

        network 10.0.0.0

        broadcast 10.0.0.255

        gateway 10.0.0.1

Easy enough to add an alias; I just copied/pasted in another stanza, identical to the eth0 stanza only with the alias set up so that it was set up as eth0:0:

# The secondary network interface

auto eth0:0

iface eth0:0 inet static

        address 10.0.0.50

        netmask 255.255.255.0

        network 10.0.0.0

        broadcast 10.0.0.255

        gateway 10.0.0.1

A quick ifup eth0:0 and now I was up and running with my one ethernet interface answering to two IP addresses, one which was my original/main IP addr (10.0.0.25) and a new one that I could use for my new virtual web server (10.0.0.50).

But I ran into a snag- I found out later that my DNS updates were no longer being pushed out to my secondary servers. Why? Well, being a good administrator I set up bind on my secondary DNS servers to only accept zone updates from the master server, via a stanza like this in named.conf:

// be secondary for lackhead.org

zone “foobar.com” in  {

       type slave;

       notify no;

       file “db.foobar.com”;

       masters { 10.0.0.25; };

};

Looking at the named logs, I saw that the zone updates being pushed out by my master name server were coming from 10.0.0.50, the new IP alias I had just set up. In face, looking at the box, I saw that all outgoing traffic that originated from my server box was coming from this new IP alias I had set up, instead of what I thought of as the primary interface, eth0.

After a bit of digging, I found my error. If you notice up above when I created eth0:0 in the /etc/network/interfaces file, I just copied/pasted the stanza, and then just updated the IP address, and changed the interface name from eth0 to eth0:0. One effect of this was that the IP alias also had a line that specified the gateway. The result of this was that when Ubuntu was bringing up the interfaces, it essentially did a ip route add default gw …. command, which meant that a default route was added to the routing table for each interface. This is what my routing table looked like:

(508) root@myhost:/var/log:# netstat -nr

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

10.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0

0.0.0.0         10.0.0.1     0.0.0.0         UG        0 0          0 eth0

0.0.0.0         10.0.0.1     0.0.0.0         UG        0 0          0 eth0

(509) root@myhost:/var/log:#

Note the duplicate entry for 0.0.0.0. This, I think, is where I got confused and/or misled, because netstat doesn’t seem to report sub interfaces, so while I say that I had two default routes, they both pointed to eth0, not eth0:0, and so in my mind I read this as all traffic should be going out eth0. Honestly, I consider this a bug, and perhaps I’ll submit one to Ubuntu for it.

In any case, I did eventually figure out what was going on, and removed the gateway line from the eth0:0 stanza, did a quick ifdown eth0:0 ; ifup eth0:0 and viola, not only did the duplicate entry in the routing table not show up, but I got the behavior I had expected; all outgoing traffic from my box now originated from eth0, but any traffic coming into the IP address bound to eth0:0 was responded to out of eth0:0.

Yay! Lesson to be learned- be wary of perils of cut and paste.

-c