I'm confused about how to do this routing:>

stardotstar · 07-10-2006, 09:20 PM

I have two network interfaces:

eth0 - wired
eth1 - wireless

I have two networks

corp (heavily firewalled and requiring proxy settings and authentication for browsing)
sentinel AP (our dev network which is broadband from the lab, no firewalling)

These networks are obviously completely different, different name servers, gateways, subnets etc...

I have a requirement to access the intranet for certain webpages which only run ActiveX content from a bridged WinXP VM. This is a webpage that is resolved on the corp lan (but does not require proxy settings - proxy needed only for outside browsing). I also need to be able to resolve the 172.27.x.y network addresses on the corp lan for shares, netware login, notes servers etc.

So...

I want to set up a way that I automatically route all traffic for the corporate network via eth0 (wired) and all other traffic (that is otherwise proxied on the corp lan or blocked completely (ssh for example)) to eth1 the wireless network.

This is what the two ifconfigs look like when attached:

Code:

geko stardotstar # ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:12:F0:35:4E:7E
          inet addr:192.168.100.207  Bcast:192.168.100.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:52 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:29907974 (28.5 Mb)  TX bytes:2014426 (1.9 Mb)
          Interrupt:11 Base address:0xe000 Memory:c0214000-c0214fff

geko stardotstar # cat /etc/resolv.conf
# Generated by net-scripts for interface eth1
search BigPond
nameserver 61.9.211.33
nameserver 61.9.211.1

this is the Sentinel Wireless AP which requires specific nameservers and a default gateway of 192.168.100.1 (the wireless router). The scripts I use write the /etc/resolv.conf file upon starting the interface.

Code:

geko stardotstar # ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:11:25:86:38:74
          inet addr:172.27.14.15  Bcast:172.27.14.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6795 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4353 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7558109 (7.2 Mb)  TX bytes:398328 (388.9 Kb)
          Base address:0x8000 Memory:c0220000-c0240000

geko stardotstar # cat /etc/resolv.conf
# Generated by dhcpcd for interface eth0
search a.corp.com.au
nameserver 172.27.9.230
nameserver 172.17.9.244
nameserver 172.17.9.150

this is the corp lan wired connection and uses resolv.conf as shown too.

So... I thought I could set up what I wanted by putting my internal intranet hosts in /etc/hosts and relying on:

order hosts, bind

but that made no difference,

infact it seems that no matter what order I start the interfaces it is the first default route that gets used and the second never comes into play.

So I have to stop eth0 every time I want to use eth1 and therefore having both up at the same time is pointless.

Code:

geko stardotstar # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.100.0   *               255.255.255.0   U     0      0        0 eth1
172.27.14.0     *               255.255.255.0   U     0      0        0 eth0
192.168.161.0   *               255.255.255.0   U     0      0        0 vmnet1
172.16.109.0    *               255.255.255.0   U     0      0        0 vmnet8
loopback        *               255.0.0.0       U     0      0        0 lo
default         172.27.14.254   0.0.0.0         UG    0      0        0 eth0
default         192.168.100.1   0.0.0.0         UG    2000   0        0 eth1

geko stardotstar # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth1
172.27.14.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.161.0   0.0.0.0         255.255.255.0   U     0      0        0 vmnet1
172.16.109.0    0.0.0.0         255.255.255.0   U     0      0        0 vmnet8
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         172.27.14.254   0.0.0.0         UG    0      0        0 eth0
0.0.0.0         192.168.100.1   0.0.0.0         UG    2000   0        0 eth1
geko stardotstar #

Basically having two default routes does not help because I can't work out how to specify which traffic goes where. I also need to work out how to configure it so that the resolv.conf is right for such a desired circumstance since the scripts automatically write this and so I would have to copy a special one over...

I would very much appreciate some expert advice on how to perhaps better understand my requirements and how to go about learning the tools that I will need to apply to get me sorted.

TIA
Will.*

fotoguy · 07-11-2006, 02:43 AM

Well i'm definetly not an expert, and my netowrking is a little rusty, but you need to get rid of the 192.168.100.0 default gateway. You can only have one default gateway on a router.

By already having a network card that is connneted to a 192.168.100.0 network on the router, if you were to ping say 192.168.100.50, since it is not on the same network by default it will get sent to the 'default gateway', once it's there it will check the routing table to see where to route it. Since you have a 192.168.100.0 network there it will then forward it to the eth1 network card.

If it isn't forwarding packets you may need to turn on ip-forwarding in the kernel, if so you may need to enter this at the command line or add it to a startup script or a firewall script:

echo "1" > /proc/sys/net/ipv4/ip_forward

Also if there is a firewall already running on it you may need to add some rules to forward it to the 192.168.100.0 network as well
Hope this helps

ScooterB · 07-11-2006, 07:24 AM

I believe that fotoguy is correct in that you may only have a single default route. When I have to do something like this I usually use my firewall rules (iptables). You can tailor the rules to fit the situation that you desire. Take a look at accomplishing your routing using the firewall.

stardotstar · 07-11-2006, 05:42 PM

Thank you both, that is most enlightening.

I understand the single default route concept more clearly although I am interested to see that the system allows two default routes to be assigned.

I will follow your advice and see if I can configure my firewall to do this and then establish only ever one default route to my browsing .

Will (still confused the more I think about this problem but somehow creeping forward

)

osor · 07-11-2006, 06:20 PM

Quote:

Originally Posted by stardotstar

Thank you both, that is most enlightening.

I understand the single default route concept more clearly although I am interested to see that the system allows two default routes to be assigned.

I will follow your advice and see if I can configure my firewall to do this and then establish only ever one default route to my browsing .

Will (still confused the more I think about this problem but somehow creeping forward

)

Two default routes can be assigned (although I do not this is intended for such a problem). For this you need to learn about queing disciplines and the like. For more info, I suggest the LinuxAdvancedRoutingHowto (teaches you some of the advanced features of the iproute2 stack).