we have the following issue using respectively configuring further "unlisted interfaces" on the a cluster (GW1/GW2):
we would like the enable respectively configure the already configured unlisted ports via the Policy Manager(Manage Listen Ports).I will try to explain the setup in detail to provide you an exact overview what we have configured.
Current state respectively what we have configured:- we have a cluster configuration with 2 Gateways which is running under Hyper-V as an virtual appliance- on each GW we have configured the "physical interfaces" eth0 to reach the Gateways via the network (it is only allowed to use one interface "eth0" within the virtualization)- on GW1(primary) we have configured additionally unlisted interfaces: eth0:1 to use an "service1" with an dedicated IP (.111) eth0:2 to use an "service2" with an dedicated IP (.113)- on GW2(secondary) we have configured also unlisted interfaces: eth0:1 to use an "service1" with an dedicated IP (.111) eth0:2 to use an "service2" with an dedicated IP (.113)- the communication to the Policy Manager for service1/service2 pass through the Firewall via port 443- port 8443 is the "manage access port" for the Policy Manager on interface eth0 ( which is the physical interface-> cluster/two IPs)
under manage listen ports we have configured the following but it doesn't work:- service1 is configured to use interface eth0:1 (with two IPs-> cluster ) on port 8445. The communication pass through the firewall via port 443 to the virtuell interface and routed intern to port 8445 ( which is configured under managed listen ports->manage firewall rules redirect from 443 to 8445)- service2 is configured to use interface eth0:2 (with two IPs-> cluster ) on port 8444. The communication pass through the firewall via port 443 to the virtuell interface and routed intern to port 8444 ( which is configured under managed listen ports->manage firewall rules redirect from 443 to 8444)
The result respectively issue is that all requests are routed via the physical interface eth0 as you can see in the iptables extract:[ ~]# iptables -t nat -L -vChain PREROUTING (policy ACCEPT 771 packets, 52156 bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- eth0 any anywhere anywhere tcp dpt:opsession-prxy redir ports 3306 0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:http redir ports 8080 0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:https redir ports 8443 0 0 REDIRECT tcp -- eth0 any anywhere anywhere tcp dpt:https redir ports 8445 0 0 REDIRECT tcp -- eth0 any anywhere anywhere tcp dpt:https redir ports 8444
Why we do not seen the interfaces eth0:1 and eth0:2? Do we have such an massive misconfiguration?
Has anybody an idea how to handle the issue or what ist the exact configuration?
From reviewing your post, I found that a case was opened as well to address this. I wanted to make sure that we updated the community post. The underlying OS used within the Gateway Appliance is either Centos or Red Hat which needs some additional configuration or avoid the configuration if 2 network cards on the same appliance are in the same subnet. Red Hat provides some solutions on how to configure this to work either How to connect two network interfaces on the same subnet? - Red Hat Customer Portal or When using two IP addresses in the same subnet on the same system, why can only one interface use the default gateway? -…
In most instance, we have seen customers avoiding using 2 interfaces in the same subnet due to the complexity it creates.
Director, CA Support