WBEL 2nd network card not working
:newbie:
Hello to all. This is my first post to the forum so be kind. I am new to Linux after too many years developing web applications in the Windoze environment. I have 3 servers, two with WhiteBox Enterprise v3. I am having the same problem on both boxes. A third box has RHEL WS v3 and is running fine in this setup. I have two aDSL lines coming in to the house. On one line I have a DSL Router with wi-fi capabilities and have 3 windows boxes connected to that. The other line is a business DSL with 4 useable IPs. Here is my setup. Each server has 2 10/100 nic cards. The intent is to connect one nic card to the "internal" network and the other to be facing the "internet" through a switch connected to the DSL modem. (I have a second DSL router through which I plan to eventually connect the production machines. But I want to get this working first.) The internal network is a Class C with each hardwired machine using a unique IP address. I have them configured with 192.168.1.1 as the gateway and 255.255.255.0 as the subnet mask. On the business line I have 64.191.139.49 as the Gateway and 255.255.255.248 as the subnet mask, with each of the three boxes assigned one of the unique IPs I have been assigned. When I start up the boxes they talk to the internal net just fine. But I can't get them to talk to the external network at all. I have switched the cables to make sure they aren't the problems and switched the nic card being used with no change. The internal connection works fine on either nic card. I have even spoken with tech support at the isp to get the lines checked out. Internally the machines respond to ping and I have been able to set up an ftp server and sucessfully access it through the internal ip but not the external. I can access the internet with the browser fine as long as the internal connection is live. If I deactivate the internal connection it no longer works. I have tested this with the firewall turned off, with iptables turned off and with the firewall active and both interfaces flagged as trusted. With no change in results. Here is some diagnostic data: (eth0 is internal, eth1 is external) ifconfig eth0 PHP Code:
ifconfig eth1 PHP Code:
route -n PHP Code:
cat /etc/resolv.conf PHP Code:
lspci PHP Code:
It's obvious that eth1 is talking to something but I don't know what. The one thing I do notice is that the difference in the settings for destination, gateway and genmask between eth0 and eth1. Could this be causing the problem? If so, how do I fix it? As you can tell I am very inexperienced with network issues in Linux. I have been working on this on and off for over a month now as time permits. I have "Googled" this to death with no resolution. All helpful suggestions are welcome!!! Glenn Puckett Lexington, KY |
I don't understand!!!
I'm not sure what I did. But as I was playing around with the network settings (really without changing anything) it has started working. I created a profile (it had defaulted to "common"). And then tried adding a "New" xDSL connection but it turned out that was for a PPP connection which I don't have. I do not have a required userid/password to activate my xDSL connection. After deleting that and returning the network configuration back to it's original setting, except keeping the new profile name, the results of the route inquiry have changed.
route -n now returns PHP Code:
At this point this box responds to the ping from both internal and external IPs. I do not understand how my changes caused this effect. Can someone help clearify this for me so I can understand it enough not to screw it up again? I keep thinking I don't have the entire setup configured properly. I went through the same sequence on the second box (I think!!) and didn't get the same result. So the second box still doesn't work properly. I am totally puzzled now. I hate misteries!!!! Thanks, Glenn Puckett |
Where does the 169.254.0.0 address come from?
Also, the default gateway for the internet leaning machines should probably be your DSL gateway on eth1. On the second route listing this is correct, whereas in the first, you have 192.168.1.1 as the default gateway. Check the default gateway on all three machines. Also, if these three boxes are offering services to the internet, you should consider using a gateway device, such as a NAT router to isolate the other network, or keep the two networks totally isolated. If one of them, lets say a web server is hacked. The hacker then has access through eth0 to your inside network. At work, when I needed to update the virus definitions for some XP servers, I would unplug my management laptop from the regular network before plugging it in to a network with internet access. |
Quote:
Quote:
Quote:
Quote:
|
You might want to look at this link. It explains using two NAT routers as firewalls.
http://www.grc.com/nat/nats.htm The explaination is plain. But the example that they use is where both sets of computers use a private subnet, so your situation is different, but it may make a good read anyway. Given the two lines coming in, you may want to add a third router (w/switch output) which the 3 local leaning NICs plug into. This would give you the same protection as the example link and allow you high speed local access through that router. Internet -----| LAN Router | ------ LAN Computers -----| Router 3 | ----- 3 Servers ------| Router | --- Internet You will still want to use your firewall setup on the three servers and make them bastion hosts. You could administer the servers using ssh and sftp alone and close all other ports and remove whatever software you can. I would recommend picking up the March 2006 issue of Linux Journel magazine. The issue topic is security, and one of the articles covers securing the SSH configuration. |
All times are GMT -5. The time now is 01:14 AM. |