how to configure multi-nic routing

meping · 10-17-2005, 03:02 PM

So I'm having a problem with what I now think is routing.
my network:
---------------{eth0}[server]
|
[hub]
|
-------------------------[router]-----[network]

****for some reason formatting was being weird but bewteen sever and router is eth1 the problem*****

I have a server that acts as a bridge between my network and internet. I setup it this way because I wanted to learn linux and this way was something I hadn't done before.

The problem is if I plug in eth0 everything is cool. Can initiate SSH connections, remote into server for anyway on internet. Problem is if I plug in the eth1 I lose all ability to remote in, etc.

I setup a firewall program called firestarter but don't see a way to configure it for other nics.

So this brings me here. I think this maybe a routing issue, but I'm new to linux and have no idea how to proceed how to fix this.

Please HELP!!!

zymurgist · 10-17-2005, 04:14 PM

Can you post your "ifconfig -a" and "netstat -r" info?

meping · 10-18-2005, 10:18 AM

I forgot to copy over info of reports w/ eth1 plugged in provide tonight, only big difference is eth1 becomes default location. If when eth1 is plugged in and it becomes default route would that explain why I'm unable to remote into server since all info is going to eth1?

**********WO/ Eth1 Plugged In*****
ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:60:08:2D:C5:3B
inet addr:24.68.143.20 Bcast:255.255.255.255 Mask:255.255.252.0
inet6 addr: fe80::260:8ff:fe2d:c53b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26888 errors:0 dropped:0 overruns:0 frame:0
TX packets:235 errors:0 dropped:0 overruns:0 carrier:0
collisions:6 txqueuelen:1000
RX bytes:1685816 (1.6 MiB) TX bytes:31107 (30.3 KiB)
Interrupt:10 Base address:0x4840

eth1 Link encap:Ethernet HWaddr 00:20:78:17:99:BB
inet6 addr: fe80::220:78ff:fe17:99bb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:3114 (3.0 KiB)
Interrupt:9 Base address:0x4800

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3619 errors:0 dropped:0 overruns:0 frame:0
TX packets:3619 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4397782 (4.1 MiB) TX bytes:4397782 (4.1 MiB)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
24.68.140.0 * 255.255.252.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 lo
default 24.68.140.1 0.0.0.0 UG 0 0 0 eth0
**********************************************

zymurgist · 10-18-2005, 10:39 AM

Yup, that's your problem. You want your gateway to be the router. What does your ifcfg-eth1 file look like? What are you connecting to that NIC?

meping · 10-18-2005, 10:54 AM

basically the concept behind setting this way was connect everything behind the router and lock it down, no port fowarding, etc. Then have a single box 1/ line connected directly to modem so I could connect to from outside of network. Then other line would be used so that once I've logged into the server I could then vnc into anything on my network.

So basically [eth0] = direct line from [hub/Modem], [eth1]= access to network.

Uhm so how do I configure my default path to run via eth0 or whereever I want it to

zymurgist · 10-18-2005, 11:09 AM

Sounds like you're trying to set up a firewall. You're going to need to use IP forwarding if you want to VNC through it, but you can use iptables to restrict which ports are open.

You're going to have to set up your network into two subnets. If you can post your /etc/sysconfig/network and your /etc/sysconfig/network-scripts/ifcfg-eth0, ifcfg-eth1, we can see what you have to tweek.

ken

meping · 10-18-2005, 11:11 AM

ideally what I want to is setup a firewall on eth0 allowing SSH & VNC connection and block all traffic except for vnc on eth1

zymurgist · 10-18-2005, 11:23 AM

Quote:

Originally posted by meping
ideally what I want to is setup a firewall on eth0 allowing SSH & VNC connection and block all traffic except for vnc on eth1

iptables will handle that well.

meping · 10-18-2005, 11:30 AM

sweet so recap. what commands/info do you mean to get?

zymurgist · 10-18-2005, 11:50 AM

Quote:

Originally posted by meping
sweet so recap. what commands/info do you mean to get?

To get started, post:
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-eth1

Are you using static IPs, or are you using DHCP? I recommend the IP for eth1 be static for your network side.

meping · 10-18-2005, 12:19 PM

if there any sorta command I should be running on

/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-eth1

or am I just typing in the directory?

Thanks for the help

zymurgist · 10-18-2005, 12:31 PM

Just cat them so we can see the contents. You're probably going to have to modify them. Do you have a favorite editor?

meping · 10-18-2005, 12:37 PM

whenever is installed by default in fedora core. Sorry cat them? what does that mean?

Like what do I need to do to get this info, like what commands?

zymurgist · 10-18-2005, 01:15 PM

'cat' is like 'type' in DOS.
cat <filename>
then cut and paste.

meping · 10-18-2005, 01:24 PM

so:
cat /etc/sysconfig/network
cat /etc/sysconfig/network-scripts/ifcfg-eth0
cat /etc/sysconfig/network-scripts/ifcfg-eth1

???

anything else?