Help. See my dual-homed setup below.

Netgear Router: IP address 192.168.0.1, subnet mask 255.255.255.0
Eth1: IP address 192.168.0.10, subnet mask 255.255.255.0, gateway 192.168.0.1
Eth0: IP address 10.0.0.10, subnet mask 255.0.0.0, no gateway set.
Dlink Router: IP address 10.0.0.1, subnet mask 255.0.0.0

The RH8 Server always accesses the WAN via DSL. The windoze boxes always access the WAN via cable. The purpose of linking the two networks is to allow local access to the RH8 server from the windoze boxes. Also, I wish to access the server from a remote location through either DSL or cable. DSL works fine for this, but I prefer cable because it's superfast (5M).

The problem: The server ignores me when I try to connect remotely through the cable connection. I can forward ports from the DLINK router and remotely access the Windoze boxes without any problem, but when I forward a port to 10.0.0.10 there is no response. IPTABLES is not running. The RH8 Server is not set up as a router. I can access the RH8 Server (10.0.0.10) just fine locally from the windoze boxes. I can access 192.168.0.10 just fine externally via DSL. It's when I try to access 10.0.0.10 from outside (via cable) that I have this problem. I cannot seem to find anything in the logs to help.

What's wrong? How do I fix this? I suspect it's got something to do with subnet mask and/or ip forwarding (not currently on) and/or static routes, but I do not understand any of these topics well. Please help.

Thanks,
Apollo

One more nugget of information: If I shut down eth1 (192.168.0.10) then the problem vanishes and I can get into the server at 10.0.0.10 externally via cable with no problem.

Still have not solved this one, but I have one more clue. The Netgear router is dropping packets due to "IP Spoofing" and it's indicating the LAN address (10.0.0.x) and the WAN cable ip address. I don't quite understand why these packets would even be hitting the Netgear router.

Does that trigger any thoughts?

How or what program are you using to connect remotely? Sounds to me like there is a binding issue on the RH server and what ever method you are using to connect.

I have tried 2 different ways ...
- to a webpage on the server (port 80 and 443 and a non-standard port).
- SSH on various different ports (22 and others).

Same result. It works from the LAN (windoze boxes), but not from the WAN (and yes ports on the router were open and directed to the server).

... ssh connection was from putty (windoze box) and terminal from a linux box -- same problem from both boxes.

That is definitely the problem ... for some reason packets coming in through 10.0.0.10 are hitting the Netgear router and being dropped because it thinks they are "ip spoofing".

Now I just need to figure out why they are even hitting the Netgear at all. I don't think they should.

I think you may need a routing table. To route all 10.x.x.x traffic thru your 10.x.x.x interface. I think we are on the same page in thinking that the server is accepting connections but routing to the wrong interface and bouncing off the Netgear. It's been a while since I altered a router table. Basically route all 10.0.0.0/255.255.255.0 thru 10.0.0.x (eth1).

Thanks for hanging in there member57 -- I appreciate the help.

Ok, I do not have a full grasp of this stuff, but I'm starting to make progress. The problem seems to be related to gateways. I need 2 active gateways (10.0.0.1 for eth0 and 192.168.0.1 for eth1), but I can only have one active at a time, it seems. Here's what I mean ...
The eth1 gateway is active by default. However, if I shut down eth0 and restart it, then eth0's gateway takes over (and that interface starts behaving normally -- no bouncing off the Netgear -- but now eth1 doesn't function correctly). Likewise, if I then stop and start eth1, I am back to eth1's gateway. I need both gateways, I think. How do I do that? A static route?

... which leads to another question:

If I get 2 gateways working, how do I control which gateway gets used by the server by default (when the server send email out on port 25, for example)?

One last try on this. I've probably written so much that everything is getting ignored.

Cable line comes into the server on eth0 (via a router). DSL line comes into the server on eth1 (via a router). Locally, I have the access I need. That is, I can access 10.0.0.10 (eth1's ip address) from boxes on my LAN. However, if I try to access 10.0.0.10 from the WAN (ie. from a remote location), the packets flow right through 10.0.0.10 without being recognized as being destined for eth1. Presumably, because I do not have a gateway set on eth1, the interface does not recognize the packets as being for it because they are labelled as being destined for the external cable WAN ip address. If I add a gateway (10.0.0.1) for eth1 then that solves the problem. However, then the gateway for eth0 is gone and the same problem is created at eth0. I want to be able to get into the server from both sides (cable and dsl) from the WAN (not just the LAN). What to do?

Whoops, I mixed up eth1 and eth0 in some of that last post. Arrgggh. Ignore it. Here is the correct post:

Cable line comes into the server on eth0 (via a router). DSL line comes into the server on eth1 (via a router). Locally, I have the access I need. That is, I can access 10.0.0.10 (eth0's ip address) from boxes on my LAN. However, if I try to access 10.0.0.10 from the WAN (ie. from a remote location), the packets flow right through 10.0.0.10 without being recognized as being destined for eth0. Presumably, because I do not have a gateway set on eth0, the interface does not recognize the packets as being for it because they are labelled as being destined for the external cable WAN ip address. If I add a gateway (10.0.0.1) for eth0 then that solves the problem. However, then the gateway for eth1 is gone and the same problem is created at eth1. I want to be able to get into the server from both sides (cable and dsl) from the WAN (not just the LAN). What to do?

Sorry, been away for a few days, I am still processing your situation...

Basically route all traffic going to network 10.0.0.0 thru eth0 (10.0.0.10) gateway being 10.0.0.1
Route all traffic going to 0.0.0.0 and 192.168.0.0 thru eth1 (192.168.0.10) gateway being 192.168.0.1.

Let me look at the route man pages tomorrow, I think we can get this beat... I am a little bit rusty on routing, been about 3 years since I messed with routing.

You will need to add manual routing tables to make sure the routing stays correct. Default routing tables will adapt if a link goes down, but not correct if it comes back up, or alteast until the roting table is reset. If I am not mistaken anyway..

Well, I have sort of found a workaround for this. It's not ideal, but pretty good. I'm coming in through the cable line by ssh into another linux box on my LAN (which has one nic ... with one gateway of 10.0.0.1). The ssh connection includes a tunnel to the server at 10.0.0.10 . I do not really like being dependent on that 2nd linux box, but it works fine and gets me into the server.