3 NICS on a server

spank · 09-27-2005, 02:24 PM

I have a FC 3 server with 3 nics on it. I have the following config:

eth0:
IP: 80.80.80.1
NETMASK: 255.255.255.0
GATEWAY: 80.80.80.1

eth1:
IP: 80.80.80.2
NETMASK: 255.255.255.0
GATEWAY: 80.80.80.2

eth2
IP: 192.168.1.128
NETMASK: 255.255.255.0
GATEWAY: 192.168.1.1

(I have a masq that links the internal network to the outside one)

on eth2 is the outside network and on eth0 and eth1 i want to connect two WinXP clients.

the first client (on eth0) has the following config:
IP: 80.80.80.3
GATEWAY: 80.80.80.1

the second client (on eth1):
IP: 80.80.80.4
GATEWAY: 80.80.80.2

the problem is that i can't get the two clients conected at the same time... if eth0 is up the client connected to eth1 can't even ping anything beside it's own ip.
if i disable eth0 from boot time then eth1 works.

this is very urgent... please please help me!
thank you very much!!!

NOTE: None of the ip's i use are real... they are only for the intranet. And i can control only the 80.80.80.0 class, the 192.168.1.0 was given to me by an isp.

spank · 09-28-2005, 03:47 PM

i figured i way to solve this problem... i`ll try to bridge eth0 and 1. How can I do that ?

homey · 09-28-2005, 04:12 PM

I would be inclined to use only two nics and a switch/hub. You might have success by adjusting the iptables script. For example...

#!/bin/sh
#
# The location of the iptables binary file on your system.
IPTABLES="/sbin/iptables"

EXT="eth2"

# Use this for NAT or IP Masquerading.
echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -t nat -A POSTROUTING -o $EXT -j MASQUERADE

# This rule protects your fowarding rule.
$IPTABLES -A FORWARD -i $EXT -m state --state NEW,INVALID -j DROP

# This rule will accept connections from local machines.
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -s 80.80.80.0/24 -d 0/0 -p all -j ACCEPT

spank · 09-28-2005, 04:25 PM

i cannot alter the server config... and i can't get a switch/hub don't have the money for it. so i have to do only with what i have.
The problem is that the second client on eth1 can't get into the network (can't even ping the server).

(((

homey · 09-28-2005, 06:40 PM

Ok, I put a third nic in my server and tried a similar setup to yours. I suspect the problem comes from putting two nics on the same subnet of your server/router.

Here is what my FC4 setup looks like and you can adjust it for your system.
eth1 is connected to the internet and gets an address automatically

Code:

DEVICE=eth1
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
PEERDNS=no
IPV6INIT=no

Code:

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
PEERDNS=no
IPV6INIT=no
IPADDR=192.168.0.1
NETMASK=255.255.255.0

This is the new nic I added....

Code:

DEVICE=eth2
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
PEERDNS=no
IPV6INIT=no
IPADDR=192.168.2.1
NETMASK=255.255.255.0

My server is setup with named ( dns ) and dhcpd severs on eth0 .
I added the new subnet to my dhcp server so the dhcpd.conf looks like this. The new subnet needs to be authoritative.

Code:

ddns-update-style interim;
ddns-updates on;
ddns-domainname "mydomain.com";
server-name "192.168.0.1";
max-lease-time 604800;
default-lease-time 604800;
allow booting;
allow bootp;

subnet 192.168.0.0 netmask 255.255.255.0 {
	ddns-updates on;
	option domain-name-servers 192.168.0.1;
	option domain-name "mydomain.com";
	option broadcast-address 192.168.0.255;
	option subnet-mask 255.255.255.0;
	option routers 192.168.0.1;
	range 192.168.0.2 192.168.0.50;
	}

subnet 192.168.2.0 netmask 255.255.255.0 {
	authoritative;
	range 192.168.2.2 192.168.2.50;
	}

Next, I added the new subnet into my iptables script and restarted iptables.

Code:

# This rule will accept connections from local machines.
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -s 192.168.0.0/24 -d 0/0 -p all -j ACCEPT
$IPTABLES -A INPUT -s 192.168.2.0/24 -d 0/0 -p all -j ACCEPT

Then, I had to restart networking and dhcpd. You may find it just as easy to restart the server.

Both client machines are then connected by crossover cable as you don't have a switch/hub.
On the client which is connected to the new server nic, I also added 192.168.2.1 as the gateway. That is the only gateway address that I needed to put in.

spank · 09-29-2005, 01:58 PM

thank you.... by changing classes i solved the problem... but i'm still intriqued why it doesnt work by tring the same class ip on both nics