Linux Gateway with 3 NICs

pin_bk · 03-22-2005, 02:52 AM

I have a working linux gateway server, with 2 NIC cards. But, now I have a need for third one, cuz I now administer two seperate netorks - 2 different class IP addresses. I have installed the third NIC but I just cant get the server to route the second network wia 3rd nic. Here is my config in diagram:

ADSL Router(10.0.0.138) --SWITCH-- Server[eth2(10.0.0.80)-eth1(10.40.0.10)-eth0(192.168.1.2)]

Quote:

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.40.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.0.0.138 0.0.0.0 UG 0 0 0 eth2
m

I have a masquerade working also:

Quote:

iptables --table nat --append POSTROUTING --out-interface eth2 -j MASQUERADE

Linux.tar.gz · 03-22-2005, 05:08 AM

Masquerade seems no to work in case of multiple NIC's. You have to do SNAT instead.
ex.:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to your.public.ip.x
(if eth0 is the NIC connected to your modem/router)

pin_bk · 03-22-2005, 05:15 AM

The point is that the public IP is on the router which handles NAT, so will the SNAT thing work?

Linux.tar.gz · 03-22-2005, 06:14 AM

If masquerade works, then snat will surely works.

pin_bk · 03-22-2005, 07:14 AM

I first do a flush:

Quote:

# iptables --table nat --flush

then:

Quote:

# iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to MY.PUBLIC.IP.X

still it doesnt work.

pin_bk · 03-22-2005, 07:25 AM

When I use SNAT instead of MASQUERADE for LAN1 - 10.40.0.0 it works:

Quote:

iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 10.0.0.80

But for the LAN2 - 192.168.1.0 it dowsnt.

fr_laz · 03-22-2005, 07:35 AM

Hi,

here's what I use :
iptables -t nat -I POSTROUTING -o $EXT_IFACE -s $LAN_INT -j MASQUERADE
iptables -t nat -I POSTROUTING -o $EXT_IFACE -s $LAN_DMZ -j MASQUERADE

I just don't know why I didn't use only
iptables -t nat -I POSTROUTING -o $EXT_IFACE -j MASQUERADE

Maybe I tried and it didn't work... I don't remember

Linux.tar.gz · 03-22-2005, 07:42 AM

I think it would be nice to write a diagram of your network ^^.

pin_bk · 03-22-2005, 07:45 AM

ADSL_Router(10.0.0.138)--SWITCH--Server[eth2(10.0.0.80)-eth1(10.40.0.10)-eth0(192.168.1.2)]

Linux.tar.gz · 03-22-2005, 10:01 AM

Well i can't help you anymore... I have build some network like yours, but snat always did the trick!! Hope some guru overhere will help ya!

pin_bk · 03-22-2005, 12:57 PM

thanx Linux.tar.gz , anyone else?

pin_bk · 03-22-2005, 01:26 PM

Should I maybe add some special route table for the 192.168.1.0 lan? Since SNAT works with 10.40.0.0 network.........

pin_bk · 03-23-2005, 07:01 AM

My ADSL ROUTER can operate in BRIDGE Mode. Would it be better for me to put it in bridge mode, so I would have my public IP address on 10.0.0.80 or eth2 ?!?!

fr_laz · 03-23-2005, 07:13 AM

Hi
As for what I understand of your problem, it's not a routing issue, since your routes to both internal networks are similar.
Bridging won't solve your problem since the issue is before this on your Linux router...

I've got 2 (stupid) quesitons :
Are the correct gateways defined on your hosts on the non-working netw ?
Don't you have some firewall rules that would block the non-working netw ?

pin_bk · 03-23-2005, 07:57 AM

The gateway on the nonworking net is correct, and the firewall rules are the same for both lans, I just blocked ports via iptables.