Assigning default route/gateway for Linux box w/ 2 NIC's

n9nu · 02-23-2010, 09:31 AM

Hi

I have a question in regards to assigning Gateway(s) or routes to two of the NIC's I have on board a Linux box which is also acting as a FQDN FTP/HTTP server.

The source fibre comes in and initially routes to my Smoothwall box which acts as a router/gateway/firewall. From there the LAN side NIC is directed to a managed 18 port HP Gigabit switch which in turn connects to the various PC's and printers behind the Smoothwall box (my LAN).

The Linux box in which I have the servers on is connected directly to the Internet via the same fibre via a switch which is BEFORE the Smoothwall box so it will bypass everything at the moment. That NIC (eth1) is assigned one of several static IP's I have with a gateway of 208.71.147.xxx.

Now...I was told the machine can only have ONE gateway assigned to it rather than assigning 2 different ones (different subnet) for each NIC. The 2nd NIC in this case (eth1) is for accessing the local LAN (same system as above) and is assigned an IP of 192.168.0.2; mask of 255.255.255.0 and DNS of 192.168.0.1 (Smoothwall box).

My question is, how can I specify that traffic I want to route to the LAN side (eth1 to say...HP Network printer, FreeNAS box, etc.) is sent via the correct NIC (this case eth1) without setting a gateway for this NIC...as the WAN NIC is assigned a gateway already?

DO I even need to assign a gateway for the LAN side?

I had assigned it 192.168.0.1 and noticed that I have substantial delays when trying to access the Inet because (I assume) it is receiving conflicting routing information. Both NIC's will only 'activate' or start when I have the gateway field filled in.....the LAN side will not start when there is no gateway entered.

I was also just told that I need to 'add' a route so that LAN traffic (eth0) will be directed to the appropriate NIC and thus will fix the delay issues. To where do I add this route?

Tim

nimnull22 · 02-23-2010, 11:03 AM

Gateway = router in most cases. If you talk about LAN (192.168.0.x) GW is not needed. But you have to make sure you can ping clients in this LAN. Packets in the LAN should go directly to destination.

GW is needed when you want to send you packet to different network, which is not included in network mask.

Rush_898 · 02-23-2010, 03:28 PM

Hey, I think I see what you are asking. Yeah so you don't need a 'gateway' for directly connected networks. So if you printer is on 192.168.1.0/24 and your box has a interface is that LAN they will be able to talk without routing through a gateway. It sounds like you want to have your server sit outside of the firewall, and have that serve stuff to the internet, and then have it also be connected to your internal network. Do not configure your network this way. Repeat. Do not configure your network this way. Put your server behind your firewall in a DMZ (a separate network off of your firewall from internal). If you do what you are saying you basically give complete access to anyone who comprises your server.

jvaldivia · 02-26-2010, 02:07 PM

What you need is Iproute version 2, you can have 2 gateways on the same box, I wrote a blog entry about all this matters, give it a look:

http://soad1982.blogspot.com/2010/02...-on-linux.html

catkin · 02-26-2010, 09:40 PM

Here's a very simple routing table showing that no gateway is used (Gateway = 0.0.0.0) for the LAN (192.168.1.0) and that packets for any network (0.0.0.0) other than the specified LAN (192.168.1.0) and loopback (127.0.0.0) should be sent to 192.168.1.1 for forwarding

Code:

root@CW8:/lib/udev# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.1.1     0.0.0.0         UG    1      0        0 eth0