[Madlug] Two NICs in a Linux box

Martin A. Brown martin-madlug at wonderfrog.net
Wed Jan 7 20:47:17 CST 2004


 : Thanks, it worked. Now, tell me how it is working. When the box
 : had one NIC and port scanning was echoing to that NIC's port, I
 : could not ping that NIC's IP address. Now with the two NICs, I
 : can ping both IP addresses, and both Etherape and tn5250 are
 : working perfectly. How do the programs know which NIC to use? Or
 : don't they care?

These anthropomorphized programs do not themselves select or use
particular NIC nor do they care which physical device or logical
interface is selected.  A program may bind to a specified address
using the bind system call.  This will cause packets generated by
that program to use the desired IP for outbound connections.

Otherwise, and for general usage, see the rules for source address
selection [0].

Depending on your IP address ranges, your kernel, and sysctl options
your IPs may both be visible and reachable on one NIC or the other
(or BOTH!).  You will know by consulting the ARP table on the box
itself and its conversational partners in the same broadcast domain.

If the IPs are both inside the same subnet, you will likely run into
the ARP flux problem [1].  In many cases, this should present no
problem at all.  If you know exactly what you want, you should be
able to convince Linux to do your bidding.

To return to your situation, Vaughn--I think you had described that
your switch was in mirror or port spanning mode for one of the Linux
system interfaces.  If so, it is rather unlikely that traffic will
be transmitted to/from this particular interface, since the switch
port is in mirror mode.  Thus, all of the traffic to and from both
IPs hosted on your Linux box are likely passing through the other


  [0] http://linux-ip.net/gl/ip-cref/node155.html
  [1] http://linux-ip.net/html/ether-arp.html#ether-arp-flux

Martin A. Brown --- Wonderfrog Enterprises --- martin at wonderfrog.net

More information about the Madlug mailing list