Quote:
Originally Posted by BWestOz
My first question is how can I get Debain to set the ip address and netmask for the second NIC (eth1) at boot?
I've appended /etc/network/interfaces
with
iface eth1 inet static
address 10.1.2.50
netmask 255.255.255.0
gateway 10.1.1.100
|
As you say, this is a Debian-specific question; you know how to assign an IP address to an interface, you just don't know how to make Debian do this automatically at boot.
In most of the example configurations I've seen, the "iface" statement is preceded by an an "auto" statement, like this:
Code:
auto eth1
iface eth1 inet static
[... other parameters go here ...]
You could try that and see if it works.
Also, be aware that:
- gateways can never be in a non-connected subnet (OK, in this case the subnet is actually connected, but not to the interface where you've put the "gateway" parameter), and
- you don't specify gateways on a per-interface basis; gateways are per-routing table (and you usually only have one of those)
In other words, remove the gateway parameter from the eth1 section.
Quote:
Originally Posted by BWestOz
The second problem I have is trying to modify kernel routes.
I can see the exisiting routes with ip route show:
default via 10.1.1.1 dev eth0
10.1.1.0/24 dev eth0 proto kernel scope link src 10.1.1.100
10.1.2.0/24 dev eth1 proto kernel scope link src 10.1.2.50
I think I need to add a default for eth1 (Lan side) pointing back to the upside NIC eg:
default via 10.1.1.100 dev eth1
|
No, you shouldn't do that. Your Debian router should have exactly 1 default gateway, and that should be the ISP router.
You may have to enable routing manually, though. Make sure the
/etc/sysctl.conf file contains the line “net.ipv4.ip_forward = 1″ (and if you have to add it, run
sysctl -p /etc/sysctl.conf afterwards).
Quote:
Originally Posted by BWestOz
ISP/router with NAT (10.1.1.1/24)
|
Debain dual nic eth0 10.1.1.100/24
Debain dual nic eth1 10.1.2.50/24
|
clients 10.1.2.0/24
|
The only problem you'll run into is how to make sure return traffic from the Internet to 10.1.2.0/24 are sent via 10.1.1.100 by the ISP router. Either you'll have to add a static route to the ISP router (10.1.2.0/24 via 10.1.1.100), or the Debian router will have to NAT overload outgoing traffic behind 10.1.1.100, in which case
Code:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
should do the trick, but you'll need to save the
iptables ruleset to a Debian-specific file to make sure it gets reapplied at bootup. (I think the correct command is
iptables-save > /etc/iptables.up.rules, but don't quote me on that; check the Debian documentation.)