[TriLUG] Routing...once again.
Brian Henning
brian at strutmasters.com
Tue Aug 8 09:09:15 EDT 2006
Greg,
Sounds promising, but to answer your first question: No. Two
separate firewalls, two separate internet connections, two separate
ISPs, even two separate delivery technologies (DSL and cable). So there
are two (very) separate public IPs.
Does that change anything?
~Brian
Greg Brown wrote:
> Brian:
>
> You should have a default gateway for each nic, not just one for the entire
> machine. I assume there is a dual port fireall with 1.1 and 10.1 and a
> single Internet connection?
>
> I have the same kind of configuration at one of my beach networks. It
> looks
> like this. We'll call my machine bill:
>
> Internet -> Firewall -> 192.168.15.0/24 (15.1 is the router port) ->
> 192.168.15.50 (eth1)
> -> 192.168.17.0/24 (17.1 is the router port) ->
> 192.168.17.50 (eth0)
>
>
> No routing on server "bill" takes place. It simply has two cards each with
> thier own settings in /etc/network/interfaces. For the record, squid, ssh
> and www resides on 15.50 while a couple other services reside on 17.50. My
> firewall forwards services to one port or the other depending on the
> service
> (i.e. it knows to forward ssh, web, and so forth to 15.50, etc)
>
> The following is my /etc/network/interfaces:
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> # The primary network interface
> auto eth0
> iface eth0 inet static
> address 192.168.17.50
> netmask 255.255.255.0
> up flush-mail
> gateway 192.168.17.1
>
> auto eth1
> iface eth1 inet static
> address 192.168.15.50
> netmask 255.255.255.0
> up flush-mail
> gateway 192.168.15.1
>
> I think I could do without the "up flush-mail" the system seems to be
> working.
>
> Hope this helps.
>
> Greg
>
> On 8/8/06, Brian Henning <brian at strutmasters.com> wrote:
>>
>> Hi Gang,
>> I know y'all are probably tired of hearing me ask about this stuff,
>> but for some reason it's just one thing I'm having a heck of a time
>> really grasping. I think it's because I'm missing some fundamental
>> understanding, some important piece of info, which is leaving the rest
>> of it shaky. Anyway:
>>
>> I have a machine (let's call it "bob") with two NICs, on two subnets,
>> for argument's sake 192.168.1.0/24 and 192.168.10.0/24. eth0 is on
>> .1.0, eth1 is on .10.0. Both subnets have their own gateways, located
>> at .1.1 and .10.1.
>>
>> Because of certain important services that come in through the gateway
>> on the .1.0 subnet (such as SMTP, httpd, ssh, etc.), I need bob's
>> default gateway to be .1.1. However, I really really really want to run
>> OpenVPN on bob and have it move traffic solely in and out through the
>> .10.1 gateway. That service on that machine never needs to move a
>> single packet out of the default gateway.
>>
>> I know that that's impossible without some sort of fiddling; even if UDP
>> packets come in to OpenVPN via the correct gateway (.10), the responses
>> are routed out through the .1 gateway and dropped somewhere along the
>> way (or ignored, if they make it all the way back to the client).
>>
>> I figure it must be doable, though, right? I shouldn't have to have a
>> separate box to provide the exact same services through two different
>> gateways, should I? So what's the magic incantation? route tricks?
>> iptables tricks? Clever misuse of load-balancing software? I'm open to
>> all suggestions.
>>
>> Thanks!
>>
>> Cheers,
>> ~Brian
>>
>>
>> --
>> ----------------
>> Brian A. Henning
>> strutmasters.com
>> 336.597.2397x238
>> ----------------
>> --
>> TriLUG mailing list :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
--
----------------
Brian A. Henning
strutmasters.com
336.597.2397x238
----------------
More information about the TriLUG
mailing list