Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've got 2 NIC's that both have Internet connectivity as follows:
- eth0, public static IP (80.x.x.Y)
- eth1, private static IP (192.168.0.x goes through router: router also has a public static IP (80.x.x.Z)
Default route is set through eth0, however I'm trying to set up different services to be available on eth1 as well (or exclusively) - example: ftp server, ssh daemon.
So I connected eth1, assigned a private IP address (192.168.0.2) with a default gateway (/25), set sshd to listen to all interfaces (0.0.0.0 for testing), set port forwarding on router so that ssh connections on 80.x.x.Z would be sent to 192.168.0.2 and got time out when trying to ssh 80.x.x.Z. I also tried ssh to 192.168.0.2 which worked.
I guess I'm missing a step here hopefully (as I hope it's not the cheap router's fault). Could anyone provide a tip ?
Incoming packets hit eth1 but are routed back through eth0, which will prevent the connection from going forward. This isn't a linux configuration issue, rather one of network basics. Basically your inbound paths and outbound paths are not the same, which is a problem when using private IP space and NAT.
Your goals with such a setup are not clear; there are likely better ways to accomplish what you need to do. But if your current setup is necessary, then i see two ways you can get it to work:
1) In addition to port-forwarding the incoming connections on the router, also NAT the connection's source address (at the router) to the 192.168.0.x space (SNAT in iptables nomenclature). Connections received on eth1 will be seen coming from 192.168.0.x and pkts will be returned to the router, which will handle all of the NAT. Most consumer-based broadband routers won't let you do this, but if you have a linux router and are using iptables this should be pretty straight forward.
2) Use policy routing using 'ip rule' and 'ip ro table' configurations. These are advanced networking features so if you aren't familiar with them you will need to spend some time learning about them.
If those options don't work for you, you should re-think your network design (best option in my opinion)
~
Regarding the network setup, actually, I have no specific restrictions: It just happened that eth1 is routed to the internet through a home router (being part of a LAN) so I decided to test it without changing anything; however I can plug in eth1 directly to the internet via the public IP currently used by the router.
As for the goal I'm aiming at, it is to have certain services available on a free interface (eth1). Given that eth0 sometimes gets overloaded by bandwidth consuming services, I'm looking at placing administration services (eg. ssh) on a different interface with more bandwidth availability.
I read some introductions about load balancing, but I wanted to start up with something simple first.
I wonder why was it that when ssh-ing in on 192.168.0.2 from the local machine, the login prompt would show up (meaning that packets were not being routed back out on eth0) - Are local addresses translated to 127.0.0.1 on lo interface ?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.