Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a setup issue that I just can't seem to get my arms around. I attempted to get some clearification once before in the firewall forum but didn't get any sort of useable response. Part of my problem here is that I am relatively new to Linux and still struggle quite a bit just figuring out how to get the various pieces/parts of Linux to work. I will say I had MUCH, MUCH rather use Linus as my server operating system than Windoze. However, I do find it soooo much more difficult trying to determine how to make things work. I do my research, from buying books to searching forums. And I attempt to follow all the instructions step by step. Invariably the end result is the product fails to function. Sometimes I am able to figure out what I did wrong. Other times I just can't figure out why it doesn't work. With all that said, here is my issue.
I have been working on attempting to install RHEL ES v3 for about 6 months. After my 30 day support ran out I floundered for another couple months and then discovered WhiteBox Linux. I am now attempting to install WBEL v4 on my 2 Dell servers and a Compaq desktop also running as a server. I can successfully install the O/S but I am having all sorts of difficulties setting up my network the way I want it. Or anywhere close as far as that is concerned.
I have two DSL connections coming in to my home office. One is the normal home DSL with dynamic IPs. The other is a business DSL with 5 assigned fixed IPs. I have a DSL router connected behind the home DSL modem to which I have our household workstations as well as my business workstations connected. I can't afford a router that handles multiple IP addresses so I am connecting the servers to the business DSL through a standard network switch. Once I get the servers configured in this setup I hope I will be at a point where I can consider a more secure setup. For now this is as much a learning experience as anything.
Each of the servers has two network cards installed. The configuration I am trying to set up is to have one network card connected to the business DSL and claiming one of the available IPs. Through this network card I will be running web servers, application servers, a mail server and an FTP server. I am using the second network card on each server to conect to my "internal" network that is inside the DSL router. I use this to VNC to those machines so I can do all the admin and programming work. I have converted a walk-in closet into a computer room and don't want to have to go in there to work on the machines.
I'll get to the current settings in a moment. But basically I can only get one of the interfaces to work at a time. If I have both activated only one will respond to a ping. If I disable that one then the other will respond to a ping. There have been a couple instances while playing around with the network settings that I have been able to get them both to respond but as soon as I reboot it stops. Obviously, as long as a machine doesn't respond to the ping it won't respond to anything else.
I made the early assumption that my problem was caused by the firewall. However, I have completely disabled the firewall and didn't get a change in the situation as described. I have switched connections multiple times to rule out that I have a bad network card. However, since I have the same problem on both of the machines I have attempted to set up I would have been surprised if it were that.
The goal
Here is the configuration I need to establish:
Code:
Internal External (As provided by ISP)
**Not the real ip
Interface eth1 eth0
IP Address 192.168.1.71 64.191.162.31**
Subnet 255.255.255.0 255.255.255.248
Gateway 192.168.1.1 64.191.162.30**
Broadcast 192.168.1.255 64.191.162.36**
DNS 166.102.165.13 208.235.88.101
166.102.165.11 208.238.88.10
I basically want the machine talking to the internet through the external facing interface. And then the internal interface to only be used for things like VNC and Samba.
I know I will have a ton of firewall issues. However, until I can be sure that both interface cards are working as I expect I have turned off the firewall. (At least I think I have.)
I would appreciate it if someone could take just a little bit of time to help me understand what I am doing and then help me determine what I do wrong when I actually try to set this up. If there are other configurations that you feel are better, safer or more logical I appreciate the feedback. However, I really need to learn HOW to do things first. After over 3 months of reading and researching I must be extremely slow to not be able to figure this out. But, on the other hand, I have found it more than difficult to find ANY reference giving assistance in setting up more than one network card on a single machine.
Any help is greatly appreciated.
Glenn Puckett
Lexington, Ky
Last edited by removed037; 04-10-2006 at 05:21 PM.
Ok... Let me saee if my brain tubes are firing on this one:
2 DSL Connections
Home DSL, Dynamic IP from ISP, cheap router for dhcp, etc
Business DSL w/static IP assigned by ISP, using a switch, not a router. (5 IP addresses)
You want to use one of your business boxes as a gateway for your home internet (Therby eliminating the home DSL), correct?
The bus. box has 2 net cards. You want to connect home network thru business network to internet.
Am I right so far?
If so, no problem. But I may suggest a different setup for you, if that is true. Let me know if I'm correct. (I think you'll like it, and it'll be easy as pie)
Assign the router a static IP that was assigned by your ISP to one of your boxes. As far as the ISP would be concerned, it would only be one computer. Connect the WAN/Internet port of router to the business switch, and you're up and running with the home network on the business line. And you still have 4 more static IP's to go.
The hardware firewalls on most modems are not too bad, so...
You can actually connect all your computers behind the router, using the switch.
Example:
Internet DSL=>Router=>Switch=>All your PCs
You can then tell the router which IP address to send webserver requests to (port 80, ip address 192.168.1.180), which one for port 110 (ip address 192.168.1.110) All are only examples.
Your gateway settings are not correct but let's start at the beginning.
You cannot have 2 gateways. The gateway for the box above will be the ip address to which eth0 is connected. If you want to use the box to route to the internet then you will need install ip-masquerading and forwarding using iptables. You will find useful info on this here.
Ok... Let me saee if my brain tubes are firing on this one:
2 DSL Connections
Home DSL, Dynamic IP from ISP, cheap router for dhcp, etc
Business DSL w/static IP assigned by ISP, using a switch, not a router. (5 IP addresses)
You want to use one of your business boxes as a gateway for your home internet (Therby eliminating the home DSL), correct?
The bus. box has 2 net cards. You want to connect home network thru business network to internet.
Am I right so far?
If so, no problem. But I may suggest a different setup for you, if that is true. Let me know if I'm correct. (I think you'll like it, and it'll be easy as pie)
Assign the router a static IP that was assigned by your ISP to one of your boxes. As far as the ISP would be concerned, it would only be one computer. Connect the WAN/Internet port of router to the business switch, and you're up and running with the home network on the business line. And you still have 4 more static IP's to go.
The hardware firewalls on most modems are not too bad, so...
You can actually connect all your computers behind the router, using the switch.
Example:
Internet DSL=>Router=>Switch=>All your PCs
You can then tell the router which IP address to send webserver requests to (port 80, ip address 192.168.1.180), which one for port 110 (ip address 192.168.1.110) All are only examples.
Thanks for the feedback. But that's not my issue. I am simply trying to get BOTH interfaces working. Either one will work as long as the other is inactivated. But when both are activated the machine will only pass traffic on one of them. (Basically I test this using ping.) I'll take a new look at my initial post and try to make it a bit more clear.
I have found a link to a document that describes how to configure load balancing across two high speed connections. With all connections to the internal network going through a third network card. This is definitely NOT what I want to do. However, it does go into a description of using advanced routing to set up multiple interfaces. I'm not entirely sure advanced routing is what I need here but it appears closer than where I was.
I don't mind at all to do the reading needed to complete this. I just haven't been able to determine what is the right tools to use.
Thanks again....
Last edited by removed037; 04-10-2006 at 09:20 AM.
Your gateway settings are not correct but let's start at the beginning.
You cannot have 2 gateways. The gateway for the box above will be the ip address to which eth0 is connected. If you want to use the box to route to the internet then you will need install ip-masquerading and forwarding using iptables. You will find useful info on this here.
hmmmm..
I really didn't think this topic would be so difficult to make clear. I have several server class boxes that will be acting as web servers. The machines are on the DMZ and has each claimed one of the fixed IPs. That is all these machines will be doing. They will not be acting as a proxy or gateway or anything else for ANY of the machines on the internal network.
The three servers are in a converted walk-in closet in racks with all the routers, modems, switches, etc. There is not enough room to go in there and work on the machines. So I need to be able to connect to these machines from my home office through the internal network (it's much faster). I do have a monitor and keyboard hooked up through a KVM switch for times that I have VNC down, but there is no place to sit so I have to perform that work standing up.
I have a second network card in each machine that I want to use EXCLUSIVELY for connecting to that machine for support purposes. I need to connect via VNC to work on the machine. I also want to have Samba running so I can transfer files between the machines through the internal network. (My development machine is XP) I would prefer to set up that interface to ONLY allow those specific connections. I don't want the machine talking to the external network through the internal interface.
I do realize I gave more information than needed for this configuration in my original note. I was just trying to be as complete as possible in describing what I have.
I want to set up my machine such that eth0 is the primary/only interface to the external network. It will perform ALL activity through that interface. But I also want to set up eth1 so that it will accept traffic for VNC, Samba and any other services/ports necessary to support the machine itself.
So far I haven't even been able to get both interfaces functioning at the same time. Either will respond to a ping as long as the other is disabled. With both enabled only one responds to a ping. That is my first goal. Just getting that to work. I have even turned off the firewall just to see if it is what is causing the problem. It wasn't.
I have researched this for months and have tried many different configurations and command sets. So far nothing has gotten me past the simple fact that, except for brief periods, both interfaces refuse to work at the same time.
I really do appreciate the interest and input from the group. I hope someone soon can point me in the right direction.
Give all the boxes eth1 192.168.1.X addresses. Hook them up to a hub or switch box and define the names in /etc/hosts. Provided eth0 and eth1 are on differeent subnets you should be fine. I would suggest starting the ip numbers from 1 e.g. 192.168.1.1
Give all the boxes eth1 192.168.1.X addresses. Hook them up to a hub or switch box and define the names in /etc/hosts. Provided eth0 and eth1 are on differeent subnets you should be fine. I would suggest starting the ip numbers from 1 e.g. 192.168.1.1
eth0 MUST use the fixed IP address from the business DSL through the DMZ. Something else is not an option. I can't afford a router that can handle multiple IP addresses. I've seen this setup a number of times in the windows envrionment. Surely it is more than possible using Linux.
eth0 MUST use the fixed IP address from the business DSL through the DMZ. Something else is not an option. I can't afford a router that can handle multiple IP addresses. I've seen this setup a number of times in the windows envrionment. Surely it is more than possible using Linux. Thanks for the try, Glenn
Then use a different private range like 192.168.0.X for the eth1 addresses. If you number the eth1 cards sequentially and hook them all on to a switch or hub then they can talk to one another on this lan. If you are purely communicating with each box and no external routing is necessary then you won't need a gateway. I have a similar setup with one box hooked to a modem/router and static ip hosting a webserver and then a number of boxes, including the server, hooked to a hub. I maintain the server remotely with KBear (ftp client) and Konqueror.
I have drawn a small diagram which you can see here.
Then use a different private range like 192.168.0.X for the eth1 addresses. If you number the eth1 cards sequentially and hook them all on to a switch or hub then they can talk to one another on this lan. If you are purely communicating with each box and no external routing is necessary then you won't need a gateway. I have a similar setup with one box hooked to a modem/router and static ip hosting a webserver and then a number of boxes, including the server, hooked to a hub. I maintain the server remotely with KBear (ftp client) and Konqueror.
I have drawn a small diagram which you can see here.
Sorry it takes some time for me to reply. My new job has me severely limited in what I can work on my network. Which is getting me even further behind with what I need to accomplish.
Here is an image of the network I am trying to configure. Basically everything on the left side of the configuration (Servers) should talk to the internet through the business DSL. Everything on the right side of the configuration (Home/Office Computers) should talk to the internet through the aDSL. The three connections from the business machines to the switch in the middle should ONLY be used for VNC and shared files and, in the case of one of the business machines, shared printing. No traffic should go to the switch unless responding to connections from that side.
The Home/Office computers are fine. No problems there. I can't get the Servers to function properly at all. If I disable the network card connected to the switch then the machines work fine over the business DSL. If I disable the network card connected to the business DSL the servers talk to the switch appropriately. But when both network cards are enabled, one of them is ignored, typically the external connection (eth0).
On the Servers the yellow IP address represents the connection to the business DSL through eth0. The green IP address represents the connection to the internal network through the switch.
I want the servers talking to the internet through the eth0 connections and not handeling any sort of traffic from the internal network. They have their own path to the internet. I just want to be able to connect to the servers from my home office computer in order to support the web applications I have running on them. That minimizes the traffic on the "production" interface and gives me good responsiveness for VNC.
Are you saying that changing the three IP addresses on the servers from a 192.168.1.x address will fix the problem? I will give that a try as soon as I can manage the time. It would be nice to understand why that would make a difference.
Just looking at the diagram there is no reason why the setup should not be working correctly. The network addresses of eth0 and eth1 on the server side are on different subnets and this should not pose a normal resolution problem.
Can you clarify exactly what the modem does. Is it purely a connection with no routing or is there a router that performs address translation and if so on what range?
Just looking at the diagram there is no reason why the setup should not be working correctly. The network addresses of eth0 and eth1 on the server side are on different subnets and this should not pose a normal resolution problem.
Can you clarify exactly what the modem does. Is it purely a connection with no routing or is there a router that performs address translation and if so on what range?
Thanks for your reply.
I do not have a router between the servers and the internet. The servers are connected to a network switch that is connected directly to the dsl modem. Therefore they have the ability to grab the specific fixed ip address allocated by the business ISP without any filtering or translations happening in between.
On the other side I have a dsl router connected to the dsl modem. This way I can use the internal firewall built into the router. Basically I allow very little traffic to enter my home office network outside that of active connections initiated by a web browser, ftp tool or similar function on the home office machines.
I have a mix of fixed ip addresses and dhcp assigned addresses on the home office side.
My final configuration will be to not allow the servers to initiate any traffice through the internal facing interfaces. They will only be able to respond to incomming traffic from my home office machines. And then only to specific activity, ie VNC and SMBA. Hopefully this will prevent any further polution of my internal machines should a virus make it past the firewall into a specific machine. The servers will also have a very specific configuration for how they talk to the internet based on the services that I am using for web pages, etc.
I just need to get past this issue of getting both interfaces to work at the same time.
Last edited by removed037; 05-14-2006 at 09:54 AM.
This is an example of what is going on with my servers that I just can't understand.
I had the external interface (ent0) enabled and the internal interface (eth1) disabled. I wanted to use VNC so I went in and reversed that on the server and rebooted. Also I changed eth1 to "Trusted" on the network configuration so it would bypass my current iptables rules.
At that point I could access the server through VNC but eth0 was not functional. I wanted to check some settings with both interfaces activated so I brought the Network Configuration tool back up and activated eth0.
Just for grins I attempted to ping the server through eth0 and it actually responded. At this point the server is actually allowing traffic on both eth0 AND eth1.
I decided to reboot the server and see what happens. I didn't change anything. I just rebooted. Now the server no longer responds to a ping to eth0.
In checking the settings I see one thing that changed. After I activated eth0 "netstat -r" returned
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
64.191.162.29 0.0.0.0 255.255.255.248 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 64.191.162.30 0.0.0.0 UG 0 0 0 eth0
After the reboot the same command returned.
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
64.191.162.29 0.0.0.0 255.255.255.248 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
Notice on the last line that the gateway address had changed. That appears to be the key here. It seems to me I need to configure the system to know which gateway to use for each interface. How do I do that?
I finally came across something and gave it a try.
Since it appears that I MUST use the gateway for the external interface I have been trying to find a way to force the external interface's gateway address.
I have updated /etc/sysconfig/network with the following 2 lines:
GATEWAY=64.191.162.30
GATEWAYDEV=eth0
And rebooted. Now I can connect to the server from my home office machine through the internal interface (eth1) and the server will respond to a ping on the external interface (eth0).
So now I am past this issue (took 9 months). The next step is to finally get my firewall configured the way I want and then I will be ready retest. Hopefully I am now past all this mess!!!!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
