# Can't ping virtual ip from host on different subnet

## m_sandwich

I'm using iproute2, and I'll throw up the disclaimer, I'm not that proficient with it's usage.  I've been reading and studying, but I'm stuck on this one particular that I'm hoping someone can help me out with.

I have one externally facing NIC and one internally facing NIC. The internally facing NIC has two ip addresses associated with it.  One is the ip that serves up my administrative web pages (10.90.10.100) and the other is the ip which serves my mail (10.90.10.103).  From a different subnet (172.23.x.x), I can ping 10.90.10.100 just fine, but I cannot ping 10.90.10.103; the pings just time out.  I can ping both IPs just fine from anywhere within 10.x.x.x.    I feel like I'm simply missing a line in the routes_eth0 section, but since every reload of the routing tables disrupts the business, I can't go dinking around without being somewhat sure of the results.  (Otherwise, I'd just play around with it until I got it).

Here's my /etc/conf.d/net file (edited for privacy):

```

modules=( "iproute2" )

dns_domain="example.com"

dns_servers="10.90.10.231 10.70.10.245"

dns_search="example.com xxx.example.com yyy.example.com"

config_eth0=(

    "10.90.10.100/24"

    "10.90.10.103/24"

)

routes_eth0=(

    "10.0.0.0/8 src 10.90.10.100 table eth0"

#   "12.34.56.232/29 dev eth1 table eth0"    # commented out because I'm not sure if this would be correct

    "10.0.0.0/8 via 10.90.10.1 dev eth0"

    "default via 10.90.10.1 table eth0"

)

rules_eth0=( "from 10.90.10.100 table eth0" )

config_eth1=( "12.34.56.234/29" )

routes_eth1=(

    "12.34.56.232/29 src 12.34.56.234 table eth1"

#    "10.0.0.0/8 dev eth0 table eth1"         # commented out because I'm not sure if this would be correct

    "default via 12.34.56.233 table eth1"

    "default via 12.34.56.233"

)

rules_eth1=( "from 12.34.56.234 table eth1" )

```

Here's an example ping from an XP machine via the 172.x.x.x subnet:

```

C:\>ping 10.90.10.103

Pinging 10.90.10.103 with 32 bytes of data:

Request timed out.

```

I fugure the problem is either in my routing configuration above, or is some sort of ACL or access rule that only allows pings from the 10.x.x.x subnet, but if it's the latter, I can't figure out where it's coming from.  I'm not running iptables, or any firewall on this server.  I don't have any specific "allow from" or "deny from" clause in any config file that I know of...  So my gut tells me it's gotta be the routing rules.  Am I off base here?  Anyone have any comments on my /etc/conf.d/net file above?  Any comments in general would be welcome -- I'd love to be critiqued on anything you see.  Thanks ahead of time.

----------

## Hu

Is there a reason you have the internal routes configured to have special tables?  If I recall correctly, I have had working configurations where the interface has two IP addresses assigned and no other special configuration: no rules_ blocks and no specific routing tables.

----------

## nativemad

It seems that you forgot the table-lookup-rule for the alias-ip

```
rules_eth0=( "from 10.90.10.103 table eth0" ) 
```

But a subnet-rule would probably be better!?

```
rules_eth0=( "from 10.90.10.0/8 table eth0" ) 
```

Without it, it doesn't know about its gateway, unless you define just the right one (now its the other gateway) within the main table.  :Wink: 

Cheers

----------

