Linux – Ubuntu IP Configuration – multiple subnets & interfaces

iplinuxUbuntu

Have a 'new' mailserver running postfix on Ubuntu.

We are having some problems configuring the subnets & interfaces.

Basically 2 subnets (.253. & .254.) need to be connected through the 3rd subnet (.252.) where the Router is residing.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 10.62.254.199
        netmask 255.255.0.0
        network 10.62.254.0
        broadcast 10.62.255.255
        #gateway 10.62.252.138
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 10.62.252.138
        dns-search ***.com

auto eth1
iface eth1 inet static
        address 10.62.253.199
        netmask 255.255.0.0
        network 10.62.253.0
        broadcast 10.62.255.255
        #gateway 10.62.252.138
        #dns-nameservers 10.62.254.199 10.62.253.199 10.62.252.199
        dns-nameservers 10.62.252.138
        dns-search ***.com


auto eth2
iface eth2 inet static
        address 10.62.252.199
        netmask 255.255.0.0
        network 10.62.252.0
        broadcast 10.62.255.255
        gateway 10.62.252.138
        #dns-nameservers 10.62.254.199 10.62.253.199 10.62.252.199
        dns-search ***.com

I have an external support company who are looking into this (they built and configured this server), but it's taking far too long… So I'm looking to highlight the mistake!

Network Diagram

Best Answer

The most likely scenario here is that the subnet masks are incorrect, and should be 24 bit masks: 255.255.255.0

As the configuration stands right now, the server believes there is a single network - 10.62.0.0/16. This means that it may use any of its interfaces to talk to any of the machines on 10.62.252, 10.62.253 or 10.62.254 - not necessarily the one with a matching IP address. This is because it thinks it can get to all of these networks through the first interface that gets activated (which can be different each boot).

If this server is replacing another server that was acting as a gateway for the three subnets, you need to:

  1. Change the subnet masks to 255.255.255.0
  2. Enable ip routing in /etc/sysctl.conf by uncommenting (or making sure it is set) net.ipv4.ip_forward=1

If the 255.255.255.0 subnets are right, as in they match the subnet masks used on other devices, then we would also need to look at layer 2. Traditionally, when you subnet, you also VLAN, which is to configure sets of ports on the switches to only communicate with each other. This means that you have to make sure that the mail server is in the right ports on the switch, or confirm that the ports it is plugged into are in the correct vlans.

Related Topic