On Sun, 26 Jun 2016 20:51:11 -0400 Sam Varshavchik wrote:

This host is using masquerading, with firewalld. I suspect that this is firewalld's doing.

Well, if you suspect firewalld, the simplest solution is to mask every service that shows up with firewalld in the name in a:

systemctl list-unit-files --full

and enable iptable and ip6tables and go back to doing things the old fashioned (and documented :-) way.

On 06/27/16 08:51, Sam Varshavchik wrote:

Not sure if this is known changed behavior in F24, but:

For the longest time I had /etc/sysconfig/network-scripts/eno2 specify:

TYPE=Ethernet BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=wan0 UUID=71e6ac4b-c693-4c20-aa0d-e1a63b7373fe ONBOOT=yes IPADDR1=216.254.115.102 PREFIX1=24 IPADDR2=216.27.136.223 PREFIX2=24 HWADDR=0C:C4:7A:32:C1:83 IPADDR=216.254.115.190 GATEWAY=216.254.115.1 PREFIX=24 IPV6_PEERDNS=yes IPV6_PEERROUTES=yes

This host has three IP addresses, and up until now the default IP address for outgoing IP traffic was always 216.254.115.190, specified by IPADDR.

It appears that, right now, all of my outbound traffic now appears to come from one of the other IP addresses, 216.254.115.102.

Maybe try reordering what is in your /etc/sysconfig/network-scripts/eno2 file?

Currently IPADDR=216.254.115.190 is last. Maybe move it, and associated parameters, above IPADDR1?

Just a shot in the dark....

This is true even if the outgoing socket explicitly binds to 216.254.115.190:

Sending mail to gmail, with an explicit bind(), strace shows:

13232 bind(5, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "::ffff:216.254.115.190", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 13232 fcntl(5, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 13232 getsockopt(5, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 13232 connect(5, {sa_family=AF_INET6, sin6_port=htons(25), inet_pton(AF_INET6, "::ffff:173.194.206.26", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EINPROGRESS (Operation now in progress) 13232 select(6, NULL, [5], NULL, {60, 0}) = 1 (out [5], left {59, 975901}) 13232 getsockopt(5, SOL_SOCKET, SO_ERROR, [0], [4]) = 0 13232 getsockname(5, {sa_family=AF_INET6, sin6_port=htons(41394), inet_pton(AF_INET6, "::ffff:216.254.115.190", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 13232 select(6, [5], [], NULL, {300, 0}) = 1 (in [5], left {299, 975360}) 13232 read(5, "220 mx.google.com ESMTP 92si8123707qkx.29 - gsmtp\r\n", 512) = 51

Gmail still shows 216.254.115.102 as the received-from IP address. I note that getsockname() insists that the socket is 216.254.115.190

This host is using masquerading, with firewalld. I suspect that this is firewalld's doing.

ip addr's output:

2: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 0c:c4:7a:32:c1:83 brd ff:ff:ff:ff:ff:ff inet 216.27.136.223/24 brd 216.27.136.255 scope global eno2 valid_lft forever preferred_lft forever inet 216.254.115.102/24 brd 216.254.115.255 scope global eno2 valid_lft forever preferred_lft forever inet 216.254.115.190/24 brd 216.254.115.255 scope global secondary eno2 valid_lft forever preferred_lft forever inet6 fe80::ec4:7aff:fe32:c183/64 scope link valid_lft forever preferred_lft forever

Anyone knows what could be the reason for this, I'd like to have 216.254.115.190 as the default externally-visible IP address.

-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org

On 06/26/2016 06:44 PM, Ed Greshko wrote:

On 06/27/16 08:51, Sam Varshavchik wrote:

...

Not sure if this is known changed behavior in F24, but:

For the longest time I had /etc/sysconfig/network-scripts/eno2 specify:

TYPE=Ethernet BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=wan0 UUID=71e6ac4b-c693-4c20-aa0d-e1a63b7373fe ONBOOT=yes IPADDR1=216.254.115.102 PREFIX1=24 IPADDR2=216.27.136.223 PREFIX2=24 HWADDR=0C:C4:7A:32:C1:83 IPADDR=216.254.115.190 GATEWAY=216.254.115.1 PREFIX=24 IPV6_PEERDNS=yes IPV6_PEERROUTES=yes

This host has three IP addresses, and up until now the default IP address for outgoing IP traffic was always 216.254.115.190, specified by IPADDR.

It appears that, right now, all of my outbound traffic now appears to come from one of the other IP addresses, 216.254.115.102.

Maybe try reordering what is in your /etc/sysconfig/network-scripts/eno2 file?

Currently IPADDR=216.254.115.190 is last. Maybe move it, and associated parameters, above IPADDR1?

Just a shot in the dark....

I tend to agree. If you look at the output of the "ip addr" output, you'll notice that the .190 address is listed as "global secondary", so it is now the secondary IP address for the NIC in that subnet, and that's probably because it came after the .102 specification. I believe the script just looks for "IPADDR.+" in the config file. It doesn't reorder things based on the ordinal (or lack thereof), it just uses them as they're seen.

...

This is true even if the outgoing socket explicitly binds to 216.254.115.190:

Sending mail to gmail, with an explicit bind(), strace shows:

13232 bind(5, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "::ffff:216.254.115.190", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 13232 fcntl(5, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 13232 getsockopt(5, SOL_SOCKET, SO_TYPE, [1], [4]) = 0 13232 connect(5, {sa_family=AF_INET6, sin6_port=htons(25), inet_pton(AF_INET6, "::ffff:173.194.206.26", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EINPROGRESS (Operation now in progress) 13232 select(6, NULL, [5], NULL, {60, 0}) = 1 (out [5], left {59, 975901}) 13232 getsockopt(5, SOL_SOCKET, SO_ERROR, [0], [4]) = 0 13232 getsockname(5, {sa_family=AF_INET6, sin6_port=htons(41394), inet_pton(AF_INET6, "::ffff:216.254.115.190", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 13232 select(6, [5], [], NULL, {300, 0}) = 1 (in [5], left {299, 975360}) 13232 read(5, "220 mx.google.com ESMTP 92si8123707qkx.29 - gsmtp\r\n", 512) = 51

Gmail still shows 216.254.115.102 as the received-from IP address. I note that getsockname() insists that the socket is 216.254.115.190

This host is using masquerading, with firewalld. I suspect that this is firewalld's doing.

ip addr's output:

2: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 0c:c4:7a:32:c1:83 brd ff:ff:ff:ff:ff:ff inet 216.27.136.223/24 brd 216.27.136.255 scope global eno2 valid_lft forever preferred_lft forever inet 216.254.115.102/24 brd 216.254.115.255 scope global eno2 valid_lft forever preferred_lft forever inet 216.254.115.190/24 brd 216.254.115.255 scope global secondary eno2 valid_lft forever preferred_lft forever inet6 fe80::ec4:7aff:fe32:c183/64 scope link valid_lft forever preferred_lft forever

Anyone knows what could be the reason for this, I'd like to have 216.254.115.190 as the default externally-visible IP address.

-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org

-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org

On Mon, Jun 27, 2016 at 12:44 PM, Rick Stevens ricks@alldigital.com wrote:

On 06/26/2016 06:44 PM, Ed Greshko wrote:

...

On 06/27/16 08:51, Sam Varshavchik wrote:

...

For the longest time I had /etc/sysconfig/network-scripts/eno2 specify:

IPADDR1=216.254.115.102 PREFIX1=24 IPADDR2=216.27.136.223 PREFIX2=24 IPADDR=216.254.115.190 PREFIX=24

Maybe try reordering what is in your /etc/sysconfig/network-scripts/eno2 file?

Currently IPADDR=216.254.115.190 is last. Maybe move it, and associated parameters, above IPADDR1?

Just a shot in the dark....

I tend to agree. If you look at the output of the "ip addr" output, you'll notice that the .190 address is listed as "global secondary", so it is now the secondary IP address for the NIC in that subnet, and that's probably because it came after the .102 specification. I believe the script just looks for "IPADDR.+" in the config file. It doesn't reorder things based on the ordinal (or lack thereof), it just uses them as they're seen.

I'd missed the output of "ip a" and the "global secondary".

ifup-eth has

for idx in {0..256} ; do ... if ! ip addr add ${ipaddr[$idx]}/${prefix[$idx]} \ brd ${broadcast[$idx]:-+} dev ${REALDEVICE} ${SCOPE} label ${DEVICE}; then net_log $"Error adding address ${ipaddr[$idx]} for ${DEVICE}." fi ...

so you could try

IPADDR0=216.254.115.190 PREFIX0=24 IPADDR1=216.254.115.102 PREFIX1=24 IPADDR2=216.27.136.223 PREFIX2=24

(or #1/#2/#3) even though network-functions has

for idx in '' {0..255} ; do ipaddr[$i]=$(eval echo '$'IPADDR$idx) ...

so this shouldn't be necessary.

Tom H writes:

On Sun, Jun 26, 2016 at 8:51 PM, Sam Varshavchik mrsam@courier-mta.com wrote:

...

For the longest time I had /etc/sysconfig/network-scripts/eno2 specify:

TYPE=Ethernet BOOTPROTO=none DEFROUTE=yes NAME=wan0 UUID=71e6ac4b-c693-4c20-aa0d-e1a63b7373fe ONBOOT=yes IPADDR1=216.254.115.102 PREFIX1=24 IPADDR2=216.27.136.223 PREFIX2=24 HWADDR=0C:C4:7A:32:C1:83 IPADDR=216.254.115.190 GATEWAY=216.254.115.1 PREFIX=24

This host has three IP addresses, and up until now the default IP address for outgoing IP traffic was always 216.254.115.190, specified by IPADDR.

It appears that, right now, all of my outbound traffic now appears to come from one of the other IP addresses, 216.254.115.102.

This is true even if the outgoing socket explicitly binds to 216.254.115.190:

What's the output of "ip r"?

# ip r default via 216.254.115.1 dev eno2 proto static metric 100 192.168.0.0/24 dev eno1 proto kernel scope link src 192.168.0.1 metric 100 216.27.136.0/24 dev eno2 proto kernel scope link src 216.27.136.223 metric 100 216.254.115.0/24 dev eno2 proto kernel scope link src 216.254.115.102 metric 100

If the default route's not from "190", you should be able to force it with "SRCADDRC=".

The default route appears to be set by add_default_route() in network- functions.

The "# Set a default route." blurb in ifup-eth, that you are referring to, is not being used for some reason I have not been able to determine. Putting "SRCADDR=216.254.115.190" made no difference. Neither is using IPADDR0 and PREFIX0 instead of IPADDR and PREFIX; nor ordering IPADDR/PREFIX before IPADDR[12] and PREFIX[12].

The path of least resistance for me appears to be is to swap the .102 IP address on this machine with another IP address, leave only one assigned IP address in this /24. With the default route to this /24, the kernel will have no choice but to use the other IP address.