Red Hat Bugzilla – Bug 149941
in some special cases ifup-aliases script makes all non-local world unreachable
Last modified: 2014-03-16 22:52:33 EDT
Description of problem:
In some special cases during setup of aliases of eth-devices script
ifup-aliases adds extra default routing rules that makes impossible
access to any non-local-network ip addresses.
Version-Release number of selected component (if applicable):
Fedora Core 1, RH EL AS 3 and may be much more RH-products uses the
same family of initscripts package.
make 2 configs for eth-device: for real dev, and alias to setup
ip addresses for different sub-networks and add GATEWAY setting
to real de config. start up network sub-system. i'll see wrong
routing table and can't send packets to any non-local ip-addresses.
Steps to Reproduce:
1. put 2 attached config files to your /etc/sysconfig/network-scripts
2. replace address, netmask and gateway in the file ifcfg-eth0 to your
correct ip-address, netmask and gateway for your box.
3. restart network sub-system: service network restart
routing table will be shown as in third attached file
you can see an extra default route rule with the same metric 0, this
causes kernel to send packets to all non-local-network addresses with
source address from file ifcfg-eth0:0, ofcorse these packets are
dropped on gateway interface as unknown.
routing table must be shown as in fourth attached file
as result, packets are sent with source address from file ifcfg-eth0
and all works fine.
I have attached file with workaround patch of ifup-aliases script that
fixes such situation in wrong routing entries. The patch fixes error
when GATEWAY variable is present in real dev ifcfg-eth0 config, so
there are two or more default route rules (only one of these are with
metric 0) in routing table at the moment when we gets these rules to
check if we need to add another default route rule. So my patch simply
prevents to get more then one of default rule. It's really simple
Yes, I know that using as alias ip-address from another sub-network
without specifying correct gateway for this address - useless for
non-testing purposes but such configurations must not to cause
unreachable the whole network sub-system.
But JIMHO more correctly solution is to rewrite ifup-alias and other
scripts in network-scripts with ip utility instead of ifconfig.
Created attachment 111500 [details]
config file for real eth0 dev
Created attachment 111501 [details]
config file for alias of eth0 dev
Created attachment 111502 [details]
wrong routing table - the result of working of original ifup-aliases script
Created attachment 111503 [details]
correct routing table after workig patched ifup-aliases
Created attachment 111504 [details]
patch for ifup-aliases script - simple workaround
I just tried this on a current release, and it worked fine.
What version of initscripts are you using?
See, for example, bug 125450 or bug 120908.
Created attachment 111526 [details]
patch for ifup-aliases script from initscripts-7.31.18.EL-1
this patch fixes problem with multi-gateway configuration on the same
Yes, sorry, I used old initscripts-7.31.6.EL-1 on RHEL3 and
initscripts-7.42.1 on FC1.
BUT. At first.
I updated (on my RHEL3) my initscript to new initscripts-7.31.18.EL-1.
Ran it and found that script ifup-aliases didn't add default route
rules for another ip-aliases that I had specified for these.
E.g. if you have gateway a.b.c.1 on local network for address from
sub-network a.b.c.0/24, you configure ip-address a.b.c.2/24 as alias
(e.g. ifcfg-eth0:0) and specify correct GATEWAY for this address in
it's config file, new script ifup-aliases doesn't create needed
default route rule for this address such as
0.0.0.0 a.b.c.1 0.0.0.0 UG 0 0 0 eth0
This causes programs that is binded to address a.b.c.2 only to not
communicate with non-local world in case if the gateway box for
a.b.c/24 is not the same as for sub-network of real dev.
In my case, I have different gateways for main 192.168.0.0/24 network
and for 10.1.0.0/16 network. I configured for real dev 192.168.0.1/24
address with gateway 192.168.0.100 and as alias 10.1.0.3/16 with
if I ran nc program with source address 10.1.0.3 network and point for
it to connect to non-local address, my box sends packets to
192.168.0.100 gateway, it's wrong way, gateway 192.168.0.100 does know
nothing about 10.1.0.3.
The patch-file "ifup-aliases-new.patch" fixes this problem and makes
correct work with multipe gateways.
Thanks for the patch, I have implemented something similar in rawhide
This will be fixed in RHEL 5.
Red Hat does not currently plan to provide a resolution for this in a Red Hat
Enterprise Linux update for currently deployed systems.
With the goal of minimizing risk of change for deployed systems, and in response
to customer and partner requirements, Red Hat takes a conservative approach when
evaluating changes for inclusion in maintenance updates for currently deployed
products. The primary objectives of update releases are to enable new hardware
platform support and to resolve critical defects.