LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-15-2004, 09:25 AM   #1
whirlpool78
LQ Newbie
 
Registered: Sep 2004
Distribution: FC2
Posts: 6

Rep: Reputation: 0
Multi-NIC router


I have a scenario with a FC2 machine with 4 NICs in it. The networks are setup like this:

ETH0 - IP: 172.22.130.x Mask: 255.255.248.0

ETH1 - IP: 192.168.0.1 Mask: 255.255.255.0

ETH2 - IP: 192.168.1.1 Mask: 255.255.255.0

ETH3 - IP: 172.22.0.16 Mask: 255.255.248.0

What I need to do is setup routes so that all internet traffic goes out ETH3 which is a NAT interface to the VPN that connects to our ISP for internet access. The other NICs need to route between each other except that traffic should not route between ETH1 and ETH2.

Basically the machines using ETH0 as the gateway should be able to route to all of the machines on ETH1 and ETH2 as well as receive NAT access to the internet via ETH3. Machines using ETH1 as the gateway should be able to see machines on ETH0 and get internet access via NAT on ETH3, and likewise ETH2 should get internet access via ETH3 and see machines on ETH0.

I have tried a couple different configurations using IPROUTE2 basically setting up rules to use different tables for the different subnet networks, but I am till having problems (I am able to ping machines on a network from which I haven't defined a route in the table the rule is setup to use). Any information on how to help achieve this would be greatly appreciated. I am quite new to advance Linux routing and this seems to be something slightly beyond my reach at the moment.

Any sites or tutorials that can assist in helping me understand what needs to be done would be greatly appreciated. I have Googled a lot of info on IPROUTE2 and other various tools the past couple of days but haven't found exactly what I need quite yet.

Whirlpool78
 
Old 09-15-2004, 09:31 AM   #2
r0b0
Member
 
Registered: Aug 2004
Location: Europe
Posts: 602

Rep: Reputation: 49
Quote:
What I need to do is setup routes so that all internet traffic goes out ETH3 which is a NAT interface to the VPN that connects to our ISP for internet access. The other NICs need to route between each other except that traffic should not route between ETH1 and ETH2.
Hmm... I guess you could suffice with one routing table with default route via ETH3. And the condition not to route between ETH1 and ETH2 by iptables settings. Or am I missing something?
 
Old 09-15-2004, 11:01 AM   #3
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
i think r0b0 is right about iptables.
"iptables" can do that for u.
FORWARD chain of iptables is intersted in only forwarded packets. basicly set default policy of FORWARD chain to DROP and then allow only the packets that u want. so other of all packets will be dropped. like this:
Code:
iptables  -F FORWARD # flushing all rules in FORWARD chain
iptables -P FORWARD DROP # default policy is drop all packets.
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCPET #u must allow established related connections. 
iptables -A FORWARD -i eth0 -o eth3 -j ACCEPT # accept packets if they come from eth0 and go via eth3 (for internet connection). 
iptables -A FORWARD -i eth1 -o eth3 -j ACCEPT 
iptables -A FORWARD -i eth2 -o eth3 -j ACCEPT 
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
...
...
offical web site: www.netfilter.org

good luck
 
Old 09-15-2004, 01:18 PM   #4
whirlpool78
LQ Newbie
 
Registered: Sep 2004
Distribution: FC2
Posts: 6

Original Poster
Rep: Reputation: 0
Talking THANKS!

Thanks! I had breifly looked at IPTABLES but obviously not long enough. For some reason I got it in my head to use IPROUTE2 and made things may too complicated. Anyway I used IPTABLES and it is working perfectly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to configure multi-nic routing meping Linux - Networking 20 10-24-2005 01:29 PM
Multi Nic / Multi IP How To gabriele_101 Linux - Networking 3 11-02-2004 03:42 PM
2 External Nic, 1 Internal Nic Router Problem trevanda Linux - Networking 0 10-13-2004 01:20 AM
Multi-NIC router and routing tables bbenz3 Linux - Networking 0 10-10-2004 01:11 AM
multi ips on one nic EVIL_ted Linux - Networking 2 06-27-2003 03:49 AM


All times are GMT -5. The time now is 08:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration