[TriLUG] Multiple Public Interfaces == routing confusion

Aaron Joyner via TriLUG trilug at trilug.org
Wed Jun 4 17:52:56 EDT 2025


The name for what you want to do is "policy routing", and often just
knowing how to ask the question is most of the battle to finding how to
solve a problem.  Here's a helpful post from ~2004 on how to do what you're
asking:
https://trilug.org/pipermail/trilug/Week-of-Mon-20040329/025284.html

Subsequent messages in that thread are also helpful.

Best of luck!
Aaron S. Joyner

On Wed, Jun 4, 2025 at 11:23 AM Brian via TriLUG <trilug at trilug.org> wrote:

> Hi Gang,
>
> Recently, I had Lumos install fiber at my house.  Now my router (a
> Debian 11.3 system) has two public interfaces: one for Lumos, and one
> for the Spectrum service I still have.
>
> I am using iptables for firewalling, as I have yet to buckle down and
> learn about firewalld.
>
> The router has a public IP address for each public interface.  From the
> router, I can ping and traceroute out through either interface
> successfully.
>
> I have the IPv4 routing table set up simply with the Spectrum interface
> as a higher-metric default gateway.  I can ping and traceroute through
> either interface without issue.
>
> The trouble, as the astute will have already surmised, is that any
> packets coming in on the Spectrum interface get answered by way of the
> Lumos interface since it has a higher priority in the routing table.
> I've verified this by using logging rules in for ICMP packets in
> iptables; I can clearly see an echo-request come in on the Spectrum
> interface and the echo-reply go out the Lumos interface.  Of course that
> response packet gets dropped by the first stateful firewall it
> encounters on its way back.
>
> What's the secret sauce to ensure services answer packets through the
> correct interface?  The whole reason I've not canned Spectrum
> immediately is that the Lumos connection hasn't proven to be very
> stable, and I want to be able to get in from outside through either
> interface if one happens to be down.  Do I just need to rig up a proper
> failover setup?  How difficult is that to do?
>
> Thanks,
> -Brian
>
>
> --
> This message was sent to: Aaron S. Joyner <aaron at joyner.ws>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> https://www.trilug.org/mailman/options/trilug/aaron%40joyner.ws
> Welcome to TriLUG: https://trilug.org/welcome


More information about the TriLUG mailing list