Issues with routing and default gateways using multiple nics
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
en0 is ideally my gateway. It has a 1:1 mapping with an external IP and is on a virtual network for like traffic.
en1 is connected to my on-site physical infrastructure.
en2 is on a virtual network that has a site to site IPSec VPN.
Now, if en2 is my gateway then everything works except outbound traffic goes through a different IP then my 1:1 and screws all of my external links up. If en0 is my gateway then everything works properly outside but I cannot ping into or out of en2 from the VPN.
So the question I have is am I doing something wrong on my server or firewall? If you know which, do you happen to know why? Thanks.
Sounds like you just need to identify which specific routes need to go via the vpn. Add that as an additional route to your routing table, leaving the default gateway on en0.
Thanks for such a fast response. Would that allow for incoming communication to start on that interface as well? It seems through my goggling that it only affects outbound routes.
a server can't control how traffic gets to it, that (outside of dynamic routing protocols which aren't relevant here) makes no sense. That is the routing table. It controls where each individual packet goes. It is stateless, every packet leaving the box follows the rules there, no matter if it were part of an inbound of outbound established connection
As a general rule, multiple default gateways never make sense. You're telling the IP stack "please load balance outbound traffic across these gateways", and there are precious few scenarios where this is the desirable behaviour.
What exactly do you mean by "if en2 is my gateway then everything works"? Surely the system can't be its own gateway, so I'm assuming you mean some other router on that network?
"Regular" routing (entries in the default routing table) is all about destination addresses, and as such, you can only route selected traffic to a gateway on the network connected to en2 if you know the destination addresses involved. However, if you want to route all connections involving the IP address 172.16.0.242 to a certain gateway, that is actually possible with policy routing. Is that what you're looking for?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.