LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 11-27-2003, 06:47 PM   #1
matt80
LQ Newbie
 
Registered: Nov 2003
Posts: 15

Rep: Reputation: 0
2 Ethernet Cards


Maybe this is the best place to post this, instead of General. I'm in need of help getting this problem solved if possible, please.

I have two ethernet cards in my Redhat 8 Linux box, I want to try to keep
eth0 strictly for apache http/master system resources, but want to bind eth1 to shoutcast. I don't want shoutcast to broadcast over eth0 at all. I've not had any success on trying to have this happen. I have two valid IP's known to the world. I am using MRTG to monitor traffic on the two cards to my switch, and eth1 takes over total control of the system, and then suddenly eth0 has no data, or very little data coming into the system. All data, for Shoutcast or apache, any data, is coming through eth1. Very little, if any data comese from eth0 when eth1 is enabled. if I disable eth1, then eth0 is at full control again.

Anyone have any suggestions on how to solve this? Your help is greatly appreciated.
 
Old 11-27-2003, 08:38 PM   #2
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
in this case u need two machines.
1.for firewall
2. for webserver and streaming server.

and need only one pubic ip address.which will be assigned to firewall.ie.200.200.200.200

now the firewall has two interfaces
1. connected to internet , ip address e.g 200.200.200.200
2. on lan, ip address e.g 192.168.100.1/24

and ur dual server has two ethernet interfaces
1. ip 192.168.100.10/24
2. ip 192.168.100.20/24

now on firewall u need the rule

for redirecting all port 80 traffic to first interface of server

iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 200.200.200.200 --dport 80 -j REDIRECT --to 192.168.100.10:80

to redirect all shoutcast traffic to secod interface
which i guess uses port 8000.

iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 200.200.200.200 --dport 8000 -j REDIRECT --to 192.168.100.20:8000

may be someone will tell a better solution and there should be.
 
Old 11-27-2003, 08:45 PM   #3
jcookeman
Member
 
Registered: Jul 2003
Location: London, UK
Distribution: FreeBSD, OpenSuse, Ubuntu, RHEL
Posts: 417

Rep: Reputation: 33
Could you give us a little info on your setup and an ifconfig and route output?
 
Old 11-28-2003, 01:29 AM   #4
matt80
LQ Newbie
 
Registered: Nov 2003
Posts: 15

Original Poster
Rep: Reputation: 0
Thanks both for the reply!

newpenguin: Unfortunately, I do not have any access to a second machine for means of a firewall, nor an actual hardware firewall.. Would this scenerio be the same by redirecting traffic to a certain port to the real world IP?

jcookeman: Are you looking for both eth0 and eth1? if so, I'll have to get that for ya tomorrow as I have the eth1 disabled and unplugged from the switch. Either way, I'll post tomorrow

I really appreciate both of you helping.
 
Old 11-28-2003, 08:57 AM   #5
jcookeman
Member
 
Registered: Jul 2003
Location: London, UK
Distribution: FreeBSD, OpenSuse, Ubuntu, RHEL
Posts: 417

Rep: Reputation: 33
Yes...both
 
Old 11-28-2003, 03:15 PM   #6
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
hmm i think u have both ips of same subnet. and thats a gateway problem.

if ur eth has ip address 200.200.200.200
and eth 1 has 200.200.200.222
do a thing

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport !80 -j DROP
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport !8000(shoutcast port) -j DROP


give ur both ethernet interfaces a netmask of 255.255.255.255

now third step

route add -net 200.200.200.200 netmask 255.255.255.255 dev eth0

route add -net 200.200.200.222 netmask 255.255.255.255 dev eth1

replace ip addresses with your correct ones.

make sure u do permanent changes in proper configuration files.

as ur are using redhat so edit ur
/etc/sysconfig/networking-scripts/ifcfg-eth0 and ifcfg-eth1
and change here the subnetmask.
then restart the network service

service network restart.
 
Old 11-28-2003, 08:35 PM   #7
matt80
LQ Newbie
 
Registered: Nov 2003
Posts: 15

Original Poster
Rep: Reputation: 0
jcookman: Heres my route and ifconfig:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
***.2.72.0 * 255.255.255.0 U 0 0 0 eth1
***.2.72.0 * 255.255.255.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 72router.***.** 0.0.0.0 UG 0 0 0 eth1


eth0 Link encap:Ethernet HWaddr 00:B00:FE:8B:C8
inet addr:***.2.72.145 Bcast:***.2.72.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5418 errors:0 dropped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:338418 (330.4 Kb) TX bytes:2032 (1.9 Kb)
Interrupt:16 Base address:0xb000

eth1 Link encap:Ethernet HWaddr 00:C0:F0:30:09:36
inet addr:***.2.72.95 Bcast:***.2.72.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9410 errors:1 dropped:0 overruns:0 frame:0
TX packets:5767 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:899819 (878.7 Kb) TX bytes:2872480 (2.7 Mb)
Interrupt:28 Base address:0x9000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:52 errors:0 dropped:0 overruns:0 frame:0
TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2696 (2.6 Kb) TX bytes:2696 (2.6 Kb)

Noticed on my route output that there is nothing for eth0...? Both cards were fully enabled, and I was able to ping both IP Addresses w/ no problems.

newpenguin: Tried that to no avail -- knocked my system offline and had to set it back to 255.255.255.0 .. Tried it a few times.. I'm tellin ya, my system doesn't like me, lol.
 
Old 11-28-2003, 09:07 PM   #8
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
sorry thats not p-to-p network.

now do a thing just escape step 2 (changing netmask) and do all the same thing.

these 2 commands must be like this
route add -net 200.200.200.200 netmask 255.255.255.255 dev eth0

route add -net 200.200.200.222 netmask 255.255.255.255 dev eth1
 
Old 11-28-2003, 09:50 PM   #9
jcookeman
Member
 
Registered: Jul 2003
Location: London, UK
Distribution: FreeBSD, OpenSuse, Ubuntu, RHEL
Posts: 417

Rep: Reputation: 33
Both IP Addrs are on the same network. You are going to have problems with your kernel routing table. I suggest that you look into IP Aliasing. This will probably be your best bet for the setup that you are looking for.

Otherwise, I would see if you can get these cards on different networks.

If you are feeling adventurous then take a look at http://www.linuxgrill.com/iproute2-toc.html . You could probably get this to work with iproute2, but I would seriously go with aliasing for the meantime.
 
Old 11-28-2003, 10:01 PM   #10
matt80
LQ Newbie
 
Registered: Nov 2003
Posts: 15

Original Poster
Rep: Reputation: 0
Still no go newpenguin, keep getting an iptables error when doing those commands.

jcookman: I have access to 3 other entire IP blocks (***.43.192.0, ***.43.193.0, ***.2.73.0) I know I tried to get it on the .73.0 block, but I think I ran into the same problem. Which block would you suggest changing it eth1 to? If I change eth1 to another full block, are you thinking this should solve the problem i'm having, or somewhat? I don't think I've tried using the 192.0 block, don't remember, lol.. Are there any commands that I will need to issue to the system after changing the IP of eth1?

Thanks both very much for your help!
 
Old 11-28-2003, 11:37 PM   #11
matt80
LQ Newbie
 
Registered: Nov 2003
Posts: 15

Original Poster
Rep: Reputation: 0
Here's an updated route with another block of IP.

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
***.43.192.0 * 255.255.255.0 U 0 0 0 eth1
***.2.72.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default bigroute.***.** 0.0.0.0 UG 0 0 0 eth1

eth0 Link encap:Ethernet HWaddr 00:B00:FE:8B:C8
inet addr:***.2.72.145 Bcast:***.2.72.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2636 errors:0 dropped:0 overruns:0 frame:0
TX packets:468 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:165298 (161.4 Kb) TX bytes:587021 (573.2 Kb)
Interrupt:16 Base address:0xb000

eth1 Link encap:Ethernet HWaddr 00:C0:F0:30:09:36
inet addr:***.43.192.211 Bcast:***.43.192.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19813 errors:3 dropped:0 overruns:0 frame:2
TX packets:20217 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2310338 (2.2 Mb) TX bytes:12716116 (12.1 Mb)
Interrupt:28 Base address:0x9000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:36 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2172 (2.1 Kb) TX bytes:2172 (2.1 Kb)
 
Old 11-29-2003, 04:06 PM   #12
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
now i am sure your problem is solved.
 
Old 11-29-2003, 08:28 PM   #13
matt80
LQ Newbie
 
Registered: Nov 2003
Posts: 15

Original Poster
Rep: Reputation: 0
lol actually no, it still doesn't work right!!! Very weird indeed!! ALL Traffic STILL Gets shifted to eth1 and eth0 has -0- traffic what so ever.. im all confused.. hmm..
 
Old 12-01-2003, 01:52 PM   #14
matt80
LQ Newbie
 
Registered: Nov 2003
Posts: 15

Original Poster
Rep: Reputation: 0
Everytime I do:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport !80 -j DROP


I get the following error, and if I recall the previous settings, it comes up as:

RECALL: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport ls -o-i -j DROP
ERROR: iptables v1.2.8: invalid TCP port/service `ls' specified
 
Old 12-01-2003, 04:19 PM   #15
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
it means the traffic is only coming to eth1.

try this
a space between "!" and "80"

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport ! 80 -j REJECT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Two ethernet cards Scorper Linux - Hardware 1 06-05-2005 08:38 AM
using 2 ethernet cards one Tx and one Rx kayser Linux - Networking 11 05-03-2004 03:03 PM
2 ethernet cards.. Nyybai Slackware 8 04-12-2004 12:49 PM
Old ethernet cards rsbecker007 Linux - Networking 1 07-31-2002 11:21 PM
Ethernet Cards and Sound Cards SchizoIV Linux - Newbie 2 07-05-2002 10:10 PM


All times are GMT -5. The time now is 04:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration