Multi homed gateway

nukenstien · 01-27-2005, 05:03 PM

I am trying to setup a dual homed system
my eth info is as follows

eth0 Link encap:Ethernet HWaddr 00:50:BA:CE:XX:XX
inet addr:65.87.225.171 Bcast:65.87.225.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1

eth1 Link encap:Ethernet HWaddr 00:50:BA:CC:XX:XX
inet addr:192.168.0.129 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth2 Link encap:Ethernet HWaddr 00:50:BA:56:XX:XX
inet addr:192.168.0.104 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1

I have a cable modem that is connect directly to my linux machine on eth0. This is the primary internet.
I have several computers that route through the linux box on eth1 and they are connected to the hub to eth1, ips 192.168.0.130-254, network A
I also have another cable modem the connects directly to a di-604 router.
The d-604 router is the the router for some computers ips 192.168.0.2-127, Network B.
I would like to set up eth2 on my linux box to be able to route the hosts
192.168.0.130-254, network A, through eth2 if eth0 goes down.

I would also like to share network resources, like printers on both network, back and forth.

http://freefilehosting.net/file.cfm?...B7FFB6C6AD4C4E

Thanks Nuke

jlinkels · 01-27-2005, 06:51 PM

Nuke,

I'd be happy to help you, I recently did such a project, but I don't understand where you're heading.

The figure you drew is utterly incomprehensible....

I understand it so far:

Eth0 is your Internet connection
Eth1 is your internal interface to 192.168.0.130 - 254. That is network A
The computers on network A access the internet thru the Linux box

What does the second cable modem do? Between what and what does the DI-604 route?
How does network B connect to the Internet?

In your figure, the cable end of the cable modem is connected to your linux box....

If you have two subnets 130-254 and 2-128 with subnet mask 255.255.255.0, you will *never* be able to route between the two networks because these are on the same subnet. You have to use 255.255.255.128 OR use another subnet like 192.168.1.x

Do you run iptables?

jlinkels

nukenstien · 01-27-2005, 08:46 PM

Sorry the diagram got al garbled when it was posted.

The second cable modem provides internet access for network B.
The second cable modem is plugged into the di-604 which is supplying ips and acts as a firewall for network B.

Please disregaurd the diagram.

so i was thinking of using 255.255.255.192 as the subnetmask

that will give me two networks with 62 computer in networks A and B

i am using iptables to filter a whole bunch of crap.

jlinkels · 01-28-2005, 06:54 PM

Ok,

You need to know the IP of your di-604 router. For now I assume that it is 192.168.0.1. All computers on network B will have the default gw set to 192.168.0.1.

If you want to use the di-604 router for the network A, you have to tell your Linux box that that is the default gateway. Currently the Linux box routes everything coming from network A through 65.87.225.171.

So you have to unset the default gw on interface 65.87.225.171, and set it to 192.168.0.1 on your interface eth2. Furthermore, iptables is now masquerading your traffic to the default gw of 65.87.225.171, and you should change that to 192.168.0.1. Also, make sure that any rules which restrict or allow traffic from/to eth0 should do that now to eth2. Also, make sure that the ip address of the di-604 and eth2 are on the same subnet.

When you want to communicate from network A to B, make sure you have the default gw on all machines in network A set to the linux box.

then, to get from B to A you must make sure that the machine on network B know how to get to A. You can add this route to the di-604 router:

net 192.168.0.128 mask: 255.255.255.128 gateway 192.168.0.104

Be sure you have ip forwarding enabled on the Linux box, and iptables allows forwarding (not masquerading) between the two networks.

Good luck
jlinkels

nukenstien · 02-10-2005, 10:07 AM

Thanks dude

after dhcpcd -t 10 -d eth2 to get my ip address for eth2
and deleting the default route that is made through 192.168.0.1
i added

route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.0.1 metric 2

so now all computers on network A know where to go to get to network B, but my firewall table is blocking the traffic

I have tried to add in the same rules for eth2 as I have for eth0 but the firewall is still blocking the icmp requests. Please note that at anything I can ping and get a reply from my linux box to
network B.

The only way that I can get network A to ping and recieve a reply from network B is to change my alias for external interface to eth2 instead of eth0.

My question is what is the commands for allowing all traffic in and out of eth2 no matter what is or where it is going.

A more specific question is how do I redirect all traffic between eth1 and eth2.

Nuke