Today has been a journey of discovery, learning all about Linux routing infrastructure and the ip route command. Sadly, that learning has thus far been fruitless as I have failed to render my box contactable via a new IP address that I provisioned from the GUI.
As far as I can tell, this should be a straightforward thing to do. Once the address was assigned to the machine in question, I added the address to eth0 using:
ip addr add x.x.x.x/32 dev eth0
That allowed me to ping the primary machine IP from the new IP with
ping -4 [PRI_IP] -I [NEW_IP]
But nothing else.
So began the journey into ‘ip route’ and its chums.
My understanding is that the /32 addresses assigned by Bytemark should be routed through the primary interface. On that basis, I ended up with the following (note that the purpose of the second IP is for mail):
echo ‘200 mail’ >> /etc/iproute/rt_tables
ip route add [NEW_IP]/32 dev eth0 src [NEW_IP] table mail
ip route add default via [PRI_IP] table mail
ip rule add from [NEW_IP] lookup mail
ip rule add to [NEW_IP] lookup mail
root@[HOST]:~# ip route show
default via [PRI_GW] dev eth0 onlink
[PRI_SN]/24 dev eth0 proto kernel scope link src [PRI_IP]
root@[HOST]:~# ip route show table mail
default via [PRI_IP] dev eth0 proto static
[NEW_IP] dev eth0 scope link src [NEW_IP]
root@[HOST]:~# ip rule show
0: from all lookup local
32763: from all to [NEW_IP] lookup mail
32765: from [NEW_IP] lookup mail
32766: from all lookup main
32767: from all lookup default
To essentially no effect. When I ping [NEW_IP] from another machine, I can see both ICMP requests and replies on the eth0 interface but nothing makes it out of the machine. When I ping from the machine to an external IP address (from the new IP address - # ping -4 -I [NEW_IP] [DST_IP]), I get no response tcpdump shows the ICMP request but not the reply. Evidently packets are being routed to the machine correctly from the outside world but are failing to make it through the kernel routing tables locally.
I checked iptables rules and added a rule to permit forwarding and enabled forwarding in the kernel. Tailing /var/log/syslog doesn’t show anything getting caught in iptables rules.
I have a sense that I may be overthinking this…