== How not to set up IP aliases on Ubuntu (and probably Debian) Suppose that you need some IP aliases on an Ubuntu machine. So you go to _/etc/network/interfaces_ and slavishly make yourself some, copying the main stanza a number of times to make entries that looks like this: > auto eth0:0 > iface eth0:0 inet static > address 128.100.1.A > network 128.100.1.0 > netmask 255.255.255.0 > broadcast 128.100.1.255 > gateway 128.100.1.254 (repeat for every additional IP alias, increasing the number and replacing _A_ with _B_ and so on for all of the different IP aliases.) What's wrong here is the additional _gateway_ statements for each IP alias; ~~you do not want to specify gateways for IP aliases~~. The problem with all of these _gateway_ statements is that they create multiple default routes: > _$ ip route list | fgrep default \\ > default via 128.100.1.254 dev eth0 ~~src 128.100.1.A~~ metric 100 \\ > default via 128.100.1.254 dev eth0 ~~src 128.100.1.B~~ metric 100 \\ > default via 128.100.1.254 dev eth0 ~~src 128.100.1.C~~ metric 100 \\ > default via 128.100.1.254 dev eth0 metric 100_ (You have to use '_ip route list_' to see this; '_nestat -nr_' will tell you that you have multiple default routes but not how they differ.) These routes differ only in that three of the four specify that the local IP address is something besides the machine's primary IP address (the '_src _' bit). When you have multiple default routes with the same metric, Linux picks which one to use semi-randomly (and it will change which one it uses from time to time). Since different default routes come with different local IP addresses, your outgoing connections (and UDP requests) will periodically come from a different IP address. This is comedy gold, especially when combined with a cautiously configured firewall that hasn't been configured to pass outbound traffic from some (but not all) of those IP addresses. Troubleshooting this is part of where the comedy gold comes in; things will work sometimes and not at other times, with the problem coming and going randomly (in reality it comes and goes as the machine chooses different default routes to use, with different local IP addresses). You can have a '_telnet outside-host port_' command fail and then your TCP-based _traceroute_ succeed and look fine, for example. (This happened to us on an Ubuntu 8.04 system. Since Ubuntu and Debian use basically the same system for handling network configuration, I suspect that it would also happen on a Debian machine. It may also happen in other distributions, depending on what they do when you give an IP alias a gateway.)