dual homed centos

wsmwk · 02-22-2012, 06:56 AM

newbie networker on centos 6. server has two virtual nics in vmware and DNS has two addresses on *same* network, *same* gateway address. one nic will be firewalled from the outside world.

short story - Today to my surprise ssh to eth0 is working (or at least it appears to be), but yesterday it was not. I don't know if the passage of time resulted in a change at the server, or in the switch. So I'm looking to better understand this issue and how this could now be working when yesterday it was not.

long story - Prior to adding the second nic, eth0 was specified as BOOTPROTO dhcp. Then I added eth1 per config files below. Yesterday ssh and ping worked going in to eth0, but not in to eth1. I tried several variations of config without success. I was told on irc that my routing list looks fine (below) - that I should have only one 0.0.0.0 line and that eth1 will use that gateway. Is that true? In other words since both eth are using the same gateway addresses eth1 should default default to eth0's gateway. (my debian neighbor has two gateway lines, including one for eth1, which I don't have) The same person suggested I do http://kindlund.wordpress.com/2007/1...utes-in-linux/

But then today, it seems to be working and I didn't change anything since last night. Why might it be working now?

Destination Gateway Genmask Flags Metric Ref Use Iface
128.180.2.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
128.180.2.0 0.0.0.0 255.255.254.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
0.0.0.0 128.180.3.254 0.0.0.0 UG 0 0 0 eth0

eth0 Link encap:Ethernet HWaddr 00:0C:29:45:B0:9F
inet addr:128.180.2.32 Bcast:128.180.3.255 Mask:255.255.254.0
inet6 addr: fe80::20c:29ff:fe45:b09f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:475299 errors:0 dropped:0 overruns:0 frame:0
TX packets:341257 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:33813005 (32.2 MiB) TX bytes:3183249342 (2.9 GiB)

eth1 Link encap:Ethernet HWaddr 00:0C:29:45:B0:A9
inet addr:128.180.2.80 Bcast:128.180.3.255 Mask:255.255.254.0
inet6 addr: fe80::20c:29ff:fe45:b0a9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:197846 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:13778455 (13.1 MiB) TX bytes:636 (636.0 b)

/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=cas2.lehigh.edu
GATEWAY=128.180.3.254

DEVICE="eth0"
HWADDR="00:0C:29:45:B0:9F"
NM_CONTROLLED="yes"
ONBOOT="yes"
BOOTPROTO="static"
IPADDR=128.180.2.32
NETMASK=255.255.254.0
GATEWAY=128.180.3.254

DEVICE="eth1"
HWADDR="00:0C:29:45:B0:A9"
NM_CONTROLLED="yes"
ONBOOT="yes"
BOOTPROTO="static"
IPADDR=128.180.2.80
NETMASK=255.255.254.0
GATEWAY=128.180.3.254

acid_kewpie · 02-22-2012, 07:18 AM

do not do this. one subnet = one IP. Firewalling one makes no logical sense and provides no security compared to just having one interface in the first place.

wsmwk · 02-22-2012, 07:22 AM

Quote:

Originally Posted by acid_kewpie

do not do this. one subnet = one IP. Firewalling one makes no logical sense and provides no security compared to just having one interface in the first place.

thanks, but multiple subnet connection is not possible. plus, we already have it working for a debian host - one IP is firewalled in the cisco switch and the other is not.

acid_kewpie · 02-22-2012, 07:23 AM

don't use multiple subnets. just get rid of the other interface. Then you have a technically correct system which works properly. You can put an IP alias on an existing interface if need be, but it's the routing side of things that is just a mess.