[TriLUG] Routing...once again.
Greg Brown
gwbrown1 at gmail.com
Tue Aug 8 09:02:27 EDT 2006
Brian:
You should have a default gateway for each nic, not just one for the entire
machine. I assume there is a dual port fireall with 1.1 and 10.1 and a
single Internet connection?
I have the same kind of configuration at one of my beach networks. It looks
like this. We'll call my machine bill:
Internet -> Firewall -> 192.168.15.0/24 (15.1 is the router port) ->
192.168.15.50 (eth1)
-> 192.168.17.0/24 (17.1 is the router port) ->
192.168.17.50 (eth0)
No routing on server "bill" takes place. It simply has two cards each with
thier own settings in /etc/network/interfaces. For the record, squid, ssh
and www resides on 15.50 while a couple other services reside on 17.50. My
firewall forwards services to one port or the other depending on the service
(i.e. it knows to forward ssh, web, and so forth to 15.50, etc)
The following is my /etc/network/interfaces:
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.17.50
netmask 255.255.255.0
up flush-mail
gateway 192.168.17.1
auto eth1
iface eth1 inet static
address 192.168.15.50
netmask 255.255.255.0
up flush-mail
gateway 192.168.15.1
I think I could do without the "up flush-mail" the system seems to be
working.
Hope this helps.
Greg
On 8/8/06, Brian Henning <brian at strutmasters.com> wrote:
>
> Hi Gang,
> I know y'all are probably tired of hearing me ask about this stuff,
> but for some reason it's just one thing I'm having a heck of a time
> really grasping. I think it's because I'm missing some fundamental
> understanding, some important piece of info, which is leaving the rest
> of it shaky. Anyway:
>
> I have a machine (let's call it "bob") with two NICs, on two subnets,
> for argument's sake 192.168.1.0/24 and 192.168.10.0/24. eth0 is on
> .1.0, eth1 is on .10.0. Both subnets have their own gateways, located
> at .1.1 and .10.1.
>
> Because of certain important services that come in through the gateway
> on the .1.0 subnet (such as SMTP, httpd, ssh, etc.), I need bob's
> default gateway to be .1.1. However, I really really really want to run
> OpenVPN on bob and have it move traffic solely in and out through the
> .10.1 gateway. That service on that machine never needs to move a
> single packet out of the default gateway.
>
> I know that that's impossible without some sort of fiddling; even if UDP
> packets come in to OpenVPN via the correct gateway (.10), the responses
> are routed out through the .1 gateway and dropped somewhere along the
> way (or ignored, if they make it all the way back to the client).
>
> I figure it must be doable, though, right? I shouldn't have to have a
> separate box to provide the exact same services through two different
> gateways, should I? So what's the magic incantation? route tricks?
> iptables tricks? Clever misuse of load-balancing software? I'm open to
> all suggestions.
>
> Thanks!
>
> Cheers,
> ~Brian
>
>
> --
> ----------------
> Brian A. Henning
> strutmasters.com
> 336.597.2397x238
> ----------------
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
More information about the TriLUG
mailing list