Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-09-2013, 05:15 PM
|
#1
|
Member
Registered: May 2006
Location: the land of confusion
Distribution: slackware-current
Posts: 220
Rep:
|
1 server, 2 nics, 2 networks
I've got a CentOS 6.4 x64 on a server that I'm trying to put 2 networks on. The eth0 is accessible from outside, but eth1 is only accessible from servers on the same network. Here's the routes and interfaces and iptables:
Code:
[root@server1 ~]# route -nee|grep -v UH
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt
10.0.16.0 0.0.0.0 255.255.255.252 U 0 0 0 tun16 0 0 0
bbb.bbb.96.0 bbb.bbb.111.254 255.255.240.0 UG 0 0 0 eth1 0 0 0
bbb.bbb.96.0 0.0.0.0 255.255.240.0 U 0 0 0 eth1 0 0 0
aaa.aaa.0.0 0.0.0.0 255.255.224.0 U 0 0 0 eth0 0 0 0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 0 0 0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1 0 0 0
0.0.0.0 aaa.aaa.31.254 0.0.0.0 UG 0 0 0 eth0 0 0 0
[root@server1 ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:25:90:AE:B0:1D
inet addr:aaa.aaa.20.1 Bcast:aaa.aaa.31.255 Mask:255.255.224.0
inet6 addr: fe80::225:90ff:feae:b01d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3074444 errors:0 dropped:0 overruns:0 frame:0
TX packets:2915178 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:304369712 (290.2 MiB) TX bytes:980942806 (935.4 MiB)
Interrupt:20 Memory:dfa00000-dfa20000
[root@server1 ~]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:25:90:AE:B0:1C
inet addr:bbb.bbb.100.239 Bcast:bbb.bbb.111.255 Mask:255.255.240.0
inet6 addr: fe80::225:90ff:feae:b01c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5212839 errors:0 dropped:0 overruns:0 frame:0
TX packets:2677 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1039049399 (990.9 MiB) TX bytes:113766 (111.0 KiB)
Interrupt:16 Memory:df900000-df920000
[root@server1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Does anyone know how to do this?
Both of these networks have gateways and can be accessed from the internet. But on this server only, the IP on eth1 can't be reached from outside of it's network while all the IPs on eth0 can.
|
|
|
12-10-2013, 02:52 AM
|
#2
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep:
|
The reason Internet clients can't reach the server via the 2nd network has to do with the routing table on the server. Specifically, the default route (gateway).
Since the default route points to the gateway router in network "a", any replies to non-local clients will be sent to that gateway. This will work fine as long as that gateway actually knows how to reach the client in question, but will fail if a client can only be reached via the gateway in network "b".
You might think that hosts on the Internet shouldn't be affected by this, since they can in theory be reached using either Internet connection. Unfortunately, NAT and/or firewalls gets in the way: - If the Internet routers are performing NAT (which they probably are), clients aren't actually connecting to your server, but to the external IP address of the gateway router which then forwards the relevant port/protocol to the server. Replies have to be sent through the same NAT router for this to work.
- Even if NAT is not involved, a stateful firewall on the router on network "a" may still be reluctant to forward reply packets for which it has no matching session in its connection tracking table.
To fix this, you'll have to create a second routing table on the server with the router on the "b" network as a default gateway, and then use IP rules to make sure all traffic with a source address of "bbb.bbb.100.239" is processed by that table.
Alternatively, you could make the router on the "b" network do source NAT overloading ("masquerading") on all traffic going to the server. That way, incoming traffic from the Internet will appear to originate from the router itself, which has an IP address in a local, connected network.
|
|
1 members found this post helpful.
|
12-10-2013, 02:54 AM
|
#3
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
A second routing table? He just needs to add routes to the relevant internal networks to go via the "b" router.
|
|
1 members found this post helpful.
|
12-10-2013, 03:01 AM
|
#4
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep:
|
Quote:
Originally Posted by acid_kewpie
A second routing table? He just needs to add routes to the relevant internal networks to go via the "b" router.
|
He did say that both networks were connected to the Internet, but you're right that he didn't specifically say he wanted the server to be reachable from the Internet using the Internet connection in network "b".
If the problem is related solely to internal networks behind the router in network "b" then yes, adding entries for these networks to the routing table is all that's needed.
|
|
|
12-10-2013, 08:48 AM
|
#5
|
Member
Registered: May 2006
Location: the land of confusion
Distribution: slackware-current
Posts: 220
Original Poster
Rep:
|
Quote:
Originally Posted by Ser Olmy
He did say that both networks were connected to the Internet, but you're right that he didn't specifically say he wanted the server to be reachable from the Internet using the Internet connection in network "b".
If the problem is related solely to internal networks behind the router in network "b" then yes, adding entries for these networks to the routing table is all that's needed.
|
Both networks a and b need to be reachable from the internet. It appears that only one or the other can be accessed from outside it's own network depending on the default gateway. If there a way to set up the routing table so that there are 2 gateways, but no default gateway?
|
|
|
12-10-2013, 08:54 AM
|
#6
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
I think you really need to describe in much more detail what you specifically want to achieve. Whilst it's technically possible to reach a single server directly from two different internet entry points, it's VERY uncommon and pretty horrible a thing to do in any direction.
|
|
|
12-10-2013, 09:24 AM
|
#7
|
Member
Registered: May 2006
Location: the land of confusion
Distribution: slackware-current
Posts: 220
Original Poster
Rep:
|
Thanks for both of your help. After realizing that I need 2 default gateways and 2 routing tables I did a little more Googling and found this article:
http://kindlund.wordpress.com/2007/1...utes-in-linux/
The server is online and accessible correctly on both networks.
|
|
|
12-10-2013, 09:56 AM
|
#8
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
I very very much doubt you do need two default gateways, and there were much more conventional ways to do what you want, but either way, working is working.
|
|
|
All times are GMT -5. The time now is 03:24 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|