Been googling all over the net for a solution and .... still does not work....


I have two Internal Networks 10.1.10.0/16 and 192.168.0.0/16.
My Linux box has TWO network cards:

First card:
eth0: 10.1.10.5
gw0: 10.1.10.1

Secon card:
eth1: 192.168.0.5
gw2: 192.168.0.1




...................._______....................... ............................__________
...................|.......|...................... ...........................|..........|
65.30.41.24.>--.WAN|..GW0..|LAN----------//10.1.1.0/24///---------------ETH0->|..........|.
...................|_______|...................... ...........................|..........|
.................................................. ...........................|.Server...|
...................._______....................... ...........................|..........|
...................|.......|...................... ...........................|..........|
89.12.22.10.>--.WAN|..GW1..|LAN----------//192.168.1.0/24///------------ETH1->|..........|.
...................|_______|...................... ...........................|__________|



Those TWO networks are NOT CONNECTED in any other way and their do not need to be connected. Those two network have their own ISP connections: T1 and DSL - with different providers.


Server has SMTP/POP services running on both network card.

There is no problem to connect to server from those TWO networks.
However, the problem starts where we are trying to access the server from OUTSIDE of those networks.

Here is what I have on the server :

default gw0 eth0
default gw1 eth1

With the above configuration we can access the server from OUTSIDE network only by passing through gw0. [external ip X.X.X.X to network 10.1.10.0]

Whenever we attempt to open a connection to the server from OUTSIDE network through gw1 [external ip Y.Y.Y.Y to network 192.168.0.0] - it will fail to do so. My assumption is that the Server will send reply to establish the connection using first default routing entry - gw0 and as result - a statefull firewall on (10.1.10.0) network will shut that attempt down as some broken traffic, or whatever else happens - it just does not work.

I do understand that when I am trying to connect to IP Y.Y.Y.Y from some PC with IP Z.Z.Z.Z - and even if I would get replay back from the server through IP X.X.X.X - my machine would still refuse to establish connection....

Question - how do I configure the routing in that Linux Box (FC2 - kernel 2.4) to use the same ETH card to establish connection?

Experts, please help to resolve this. I believe it could be done, even if I would need to recompile the kernel...

Not a networking expert but my understanding is you can only have ONE default gateway. You make the other a gateway but do NOT call it "default".

Also you may need to make a static route between the two cards so the second card can see the first one as that first one has the "default" route on it.

For example we have systems that have separate NICs going to separate firewalls (one for internal and one for external):

eth0 Link encap:Ethernet HWaddr noneya
inet addr:10.0.54.62 Bcast:10.0.54.63 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:71397922 errors:0 dropped:0 overruns:0 frame:0
TX packets:75049234 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3474258701 (3313.3 Mb) TX bytes:2872278302 (2739.2 Mb)
Interrupt:5 Base address:0xd000

eth1 Link encap:Ethernet HWaddr noneya
inet addr:10.0.52.57 Bcast:10.0.52.63 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:95003703 errors:0 dropped:0 overruns:0 frame:0
TX packets:140909652 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3093188670 (2949.8 Mb) TX bytes:4044853428 (3857.4 Mb)
Interrupt:5 Base address:0xf000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:149358 errors:0 dropped:0 overruns:0 frame:0
TX packets:149358 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16067354 (15.3 Mb) TX bytes:16067354 (15.3 Mb)

With that setup we have the following routing table:

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.54.56 * 255.255.255.248 U 40 0 0 eth0
10.0.52.56 * 255.255.255.248 U 40 0 0 eth1
10.0.0.0 10.0.52.62 255.0.0.0 UG 40 0 0 eth1
127.0.0.0 * 255.0.0.0 U 40 0 0 lo
default 10.0.54.57 0.0.0.0 UG 40 0 0 eth0

In the above 10.0.54.57 is the gateway for my eth0 IP so it is the "default" route. We manually added a route from the gateway for my eth1 IP (10.0.52.62) to the 10.0.0.0 network so all trafic in 10.0.0.0 (which includes both NICs) could use the default gateway.

We do not have problem to access it from local to those network cards networks.
The problem to access server from OUTSIDE internet - by going through different internal networks and their correspondend external IPs.

What we have simple packets forwarding on FWs:

NETWORK1:
Server IP:10.1.10.5 GW:10.1.10.1 --> does PAT to external IP: 65.30.41.24

NETWORK2:
Server IP:192.168.1.5 GW:192.168.1.1 --> does PAT to external IP: 89.12.22.10

What works :
telnet 65.30.41.24 25 -- works fine

What does not work:
telnet 89.12.22.10 25 -- No error returned - just doesn't work


Question - how do I make SERVER to respond to connection request on 89.12.22.10 to use ETH1?

My point was to make a gateway for your traffic from your second NIC to your internal NIC. Although both my NICs are in 10.0.0.0 they are actually separate networks. We just took the easy way of saying all 10.0.0.0 instead of specifying the small network of the second NIC.

Internal/External is the point here. My second NIC is NATted to an internet IP so traffic to/from the internet must go through that. It seems you should be able to adapt your setup this way even though you're not NATting. Note that I didn't give you my NAT information.

I agree with what do you mean and thanks for trying to help. Sorry for confusion by mentioning NAT. We don't have it - only simple port forwarding on GW.


We just have a bid different problem - don't be confused by using 192.168.X.X and 10.X.X.X - we have TWO fully independend networks - and they BOTH have its own internet connection GW that is PATed to external IP's.

Problem that server doesnt seem to care where from the packet arrives - it does use the firs ETH0 in routing table to respond to foregin IP.

The reason for that configuration is that we have need to set MX records to poing to those IPs - that would connect (using port forwarding) to the Server SMTP service.

my biggest problem has always been this stupid speedtouch modem i use.
I've been using linux for years and always had hassle with these stupid modems...

You're looking in the wrong place, I think. There can only be one default gateway.

You might need to poke around iptables to track which interface an incoming connection came in on and route the outbound through the same interface. NAT might also be causing you grief.

Have a look at routed too, it might help (route daemon).

I am agree.... But need it there for easy switching it to eth1 in case internet connection in eth0 net is down...


With NAT all would be so mach easier.... But all I have is PAT -
all incomming packets on port 25 are forwarded to server...

I am playing and googling with it for a while now.... still have not resolved....

I think that is wat routed is for. Perhaps these pages might steer you in the right direction:

http://www.scit.wlv.ac.uk/cgi-bin/mansec?1M+in.routed
http://developer.apple.com/documenta.../routed.8.html

I must admit that I know very little about it, but hopefully that will steer you in the right direction...

I have only several problems:
1. Driver availability - especially on non standard or old hardware
2. Constant push to be bleeding edge - the program version that has needed functionality needs also latest libraries
3. Document filters (OO is not perfect, but is improving)
4. GUI speed (Minimum workspace needed is 1024x768) - not optimized drivers
5. Lot more small problems