| View previous topic :: View next topic |
| Author |
Message |
CinqueX
n00b
Joined: 26 Jan 2003
Posts: 58
|
 Posted: Wed Jun 02, 2004 1:16 pm Post subject: 2 NICs 2 Gateways? |
 |
|
Maybe some netowrking guru has the answer to this.
Is it possible to have 2 NICs, each with an externally reachable IP and each with its own gateway? (ie: no default gateway)
Such that each NIC can nat for a seperate internal network and maintain its source and destination.. rather than forcing everything down one pipe?
I know this is confusing.. it wasnt meant to be.. any help would be appareciated. |
|
| Back to top |
|
 |
moocha
Watchman
Joined: 21 Oct 2003
Posts: 5722
|
|
| Back to top |
|
|
arut8ur
n00b
Joined: 28 Jul 2003
Posts: 16
|
| Posted: Wed Jun 02, 2004 2:51 pm Post subject: |
|
|
You may want to have a look at the linux advanced routing trafic control howto (LARTC),..
its a really good howto, which explains how to do this with iproute2 and much more,.. |
|
| Back to top |
|
|
CinqueX
n00b
Joined: 26 Jan 2003
Posts: 58
|
| Posted: Wed Jun 02, 2004 3:43 pm Post subject: Thanks |
|
|
Thank-you for the quick replies, I am well familiar with iproute2, but that's not obvious solution, perhaps more explanation is required.
NIC #1 has XXX.XXX.XXX.XXX (a world reachable network)
NIC #2 has OOO.OOO.OOO.OOO (a world reachable network)
Both NIC 1 & 2 NAT for a local subnet on the 10.x.x.x network which is shared across multiple platforms and machines. If somebody tries to access FTP which is handled by NIC#2 and then forwarded to an FTP server on a 10.x.x.x. machine, there does not seem to be a way to guarantee that once the packets have been forwarded in that it then leaves with the destination header info intact down the corresponding gateway assigned to NIC#2. There seems to be an equal chance it will be picked up by NIC#1 and sent into oblivion.
What I really want to accomplish is source based routing, so that incoming packets always leave from the same interface as they came in on. Load balancing is not an option in this set up because some services are not directly mirrored on both interfaces.
I suspect some aspect of iptables MARK properties would have to be used in this instance, but I cant seem to come up with a working example.
Any other help is expected. |
|
| Back to top |
|
|
arut8ur
n00b
Joined: 28 Jul 2003
Posts: 16
|
| Posted: Wed Jun 02, 2004 4:05 pm Post subject: |
|
|
what you need is the conmark filter for iptables, which allows you to identify all packets, which belong to a connections,..
this will give you the chance to mark the packets, for routing,...
conmark is not part of the base repository, you will need to install it yourself,..
http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-CONNMARK |
|
| Back to top |
|
|
midknight_gentoo
n00b
Joined: 13 Jul 2003
Posts: 22
|
| Posted: Thu Jun 10, 2004 8:04 pm Post subject: |
|
|
does somebody have a working example of this?
ive been trying for quite some time to get this to work to no avail... |
|
| Back to top |
|
|
gymer
n00b
Joined: 10 Jun 2004
Posts: 28
Location: Denmark
|
| Posted: Thu Jun 10, 2004 8:57 pm Post subject: |
|
|
Try http://lartc.org/ thats the best source for routening on linux boxes.
There are example scripts and best of all a really nice maillist
_________________
/gymer |
|
| Back to top |
|
|
|
Networking & Security
