| View previous topic :: View next topic |
| Author |
Message |
Steve_Mac_G
n00b
Joined: 13 Dec 2005
Posts: 19
Location: MiddleEarth
|
 Posted: Mon Jul 20, 2009 10:15 pm Post subject: [solved] 1 NIC, 2 IPs, 2 Different Routes ? |
 |
|
Hi Everyone
I have a little problem setting up a NIC with 2 IPs. Every IP should have their own Route and own dns Server.
The Scene:
Server have 1 NIC and 2 IPs:
-192.168.0.15
-192.168.0.16
And 2 Gateways in the same Subnet, that have different ways to connect to the internet.
-192.168.0.2 for high speed services (like Streaming)
-192.168.0.1 for a DSL connection
The server have 3 Main Services
-IRC
-Apache
-Icecast
All 3 uses the standardports (Irc 6665-6669,6697 Apache 80,443 and Icecast 8000,8001)
The Unrealircd and the Apache are bound to 192.168.0.15 and should use only this IP and Gateway, The Icecast2 to 192.168.0.16 and similar GW. Here the Conf:
| Code: | luci ~ #cat /etc/conf.d/net
config_eth0=(
"192.168.0.15/24 brd 192.168.0.255"
"192.168.0.16/24 brd 192.168.0.255"
)
routes_eth0=(
"192.168.0.15 via 192.168.0.1"
"192.168.0.16 via 192.168.0.2"
"default gw 192.168.0.1"
)
dns_servers_eth0=( "192.168.0.1 192.168.0.2" )
fallback_eth0=( "dhcp" ) |
this results in this situation:
| Code: | luci ~ # ifconfig
eth0 Protokoll:Ethernet Hardware Adresse 00:0c:29:10:f5:4f
inet Adresse:192.168.0.15 Bcast:192.168.0.255 Maske:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12155376 errors:10 dropped:8 overruns:0 frame:0
TX packets:7097052 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenla:nge:1000
RX bytes:3284942630 (3.0 GiB) TX bytes:875524591 (834.9 MiB)
Interrupt:17 Basisadresse:0x1400
eth0:1 Protokoll:Ethernet Hardware Adresse 00:0c:29:10:f5:4f
inet Adresse:192.168.0.16 Bcast:192.168.0.255 Maske:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:17 Basisadresse:0x1400
lo Protokoll:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6 Adresse: ::1/128 Gu:ltigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:154358 errors:0 dropped:0 overruns:0 frame:0
TX packets:154358 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenla:nge:0
RX bytes:14241971 (13.5 MiB) TX bytes:14241971 (13.5 MiB)
luci ~ # route -n
Kernel IP Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
192.168.0.16 192.168.0.2 255.255.255.255 UGH 0 0 0 eth0
192.168.0.15 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
|
The Problem is, it seems all 3 services listening on the first ip:
| Code: | luci ~ # nmap -v -sT 192.168.0.15
Starting Nmap 4.76 ( http://nmap.org ) at 2009-07-20 23:34 CEST
Initiating Parallel DNS resolution of 1 host. at 23:34
Completed Parallel DNS resolution of 1 host. at 23:34, 0.00s elapsed
Initiating Connect Scan at 23:34
Scanning 192.168.0.15 [1000 ports]
Discovered open port 80/tcp on 192.168.0.15
Discovered open port 22/tcp on 192.168.0.15
Discovered open port 6666/tcp on 192.168.0.15
Discovered open port 443/tcp on 192.168.0.15
Discovered open port 6667/tcp on 192.168.0.15
Discovered open port 6668/tcp on 192.168.0.15
Discovered open port 7000/tcp on 192.168.0.15
Discovered open port 6669/tcp on 192.168.0.15
Discovered open port 8000/tcp on 192.168.0.15
Completed Connect Scan at 23:34, 0.07s elapsed (1000 total ports)
Host 192.168.0.15 appears to be up ... good.
Interesting ports on 192.168.0.15:
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
6666/tcp open irc
6667/tcp open irc
6668/tcp open irc
6669/tcp open irc
7000/tcp open afs3-fileserver
8000/tcp open http-alt
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
Raw packets sent: 0 (0B) | Rcvd: 0 (0B)
luci ~ # nmap -v -sT 192.168.0.16
Starting Nmap 4.76 ( http://nmap.org ) at 2009-07-20 23:34 CEST
Initiating ARP Ping Scan at 23:34
Scanning 192.168.0.16 [1 port]
Completed ARP Ping Scan at 23:34, 0.27s elapsed (1 total hosts)
Read data files from: /usr/share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 0.37 seconds
Raw packets sent: 2 (84B) | Rcvd: 0 (0B)
luci ~ # nmap -vPN -sT 192.168.0.16
Starting Nmap 4.76 ( http://nmap.org ) at 2009-07-20 23:37 CEST
Initiating Parallel DNS resolution of 1 host. at 23:37
Completed Parallel DNS resolution of 1 host. at 23:37, 0.01s elapsed
Initiating Connect Scan at 23:37
Scanning 192.168.0.16 [1000 ports]
Discovered open port 22/tcp on 192.168.0.16
Discovered open port 8000/tcp on 192.168.0.16
Discovered open port 7000/tcp on 192.168.0.16
Completed Connect Scan at 23:37, 0.06s elapsed (1000 total ports)
Host 192.168.0.16 appears to be up ... good.
Interesting ports on 192.168.0.16:
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
7000/tcp open afs3-fileserver
8000/tcp open http-alt
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
|
Now, The Problem is, that an external connect over the high speed Gateway to the Server fails during a Timeout, but all 3 Services are over the DSL Gateway reachable.
i tryed to Ping the gateways with the -I option:
| Code: | luci ~ # ping -c1 -I 192.168.0.15 192.168.0.1
PING 192.168.0.1 (192.168.0.1) from 192.168.0.15 : 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=39.7 ms
--- 192.168.124.254 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 39.754/39.754/39.754/0.000 ms
luci ~ # ping -c1 -I 192.168.0.16 192.168.0.2
PING 192.168.0.2 (192.168.0.2) from 192.168.0.16 : 56(84) bytes of data.
--- 192.168.124.253 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
|
The ping fails, but the Firewall on the Gateway registered this Attempt, so i can say, the ping is go out successfully.
I'm a little bit experienced with Linux but my Knowlegde reaches her end here. Please show me a Hint whats wrong on my Config or help me to find another Way.
a Second Question is, My Unreal is configured with useflag ssl and needs another Port (6697) for ssl Client connections. But nmap don't show this port in this List. Why Not ?
[Edit] I have to add, that the second Gateways FW have a Static rule, that all pacets came in from 8000 and 8001 are forwarded to the 192.168.0.16 and the Stream from the 192.168.0.16 is reachable in the Subnet after the second Gateway[/Edit]
Thx so far
Steve
Last edited by Steve_Mac_G on Tue Jul 21, 2009 4:33 pm; edited 1 time in total |
|
| Back to top |
|
 |
Kulfaangaren!
Apprentice
Joined: 11 Jan 2003
Posts: 176
Location: Borås, Sweden
|
| Posted: Mon Jul 20, 2009 11:05 pm Post subject: |
|
|
Would you mind posting the output of ...
| Code: | | luci ~ # netstat -tanp | grep LISTEN |
This should list all TCP sockets that your programs are binding to.
I'm not very experienced when it comes to networking but if I were you, I would try changing eth0:1's MAC address with something like ...
| Code: | | mac_eth0:1="00:0c:29:10:f5:50" |
... in /etc/conf.d/net
This is just to make sure that the clients and server knows for sure that they are sending packets to different NICs.
Also, I would check if the server runs without a default GW, that the default GW is the same route as for eth0 might confuse things for eth0:1 traffic ?
Good luck
// Fredrik
_________________
Please add [SOLVED] to the subject of your original post when you feel that your problem is resolved.
Join the 'adopt an unanswered post' initiative today |
|
| Back to top |
|
|
Mad Merlin
Veteran
Joined: 09 May 2005
Posts: 1155
|
| Posted: Tue Jul 21, 2009 12:15 am Post subject: Re: 1 NIC, 2 IPs, 2 Different Routes ? |
|
|
| Steve_Mac_G wrote: |
| Code: |
routes_eth0=(
"192.168.0.15 via 192.168.0.1"
"192.168.0.16 via 192.168.0.2"
"default gw 192.168.0.1"
)
|
|
This doesn't do what you're hoping for. What you're actually saying here is "to reach 192.168.0.15, talk to 192.168.0.1", and "to reach 192.168.0.16, talk to 192.168.0.2", which is obviously nonsense, as that's your IP in both cases. Unless you can segment your routes at an IP level (for example, traffic to 24.0.0.0/8 via 192.168.0.1, everything else via 192.168.0.2), you're going to have a lot of fun trying to set this up (because I'm pretty sure it won't work).
What might be a more workable solution would be to have another machine (like a router) that can pick gateways based on higher level information (for example, route all FTP traffic via 192.168.0.1, everything else via 192.168.0.2). However, I'm not familiar with a setup like this, but you might start by googling something like "layer 7 load balancing". I'm fairly sure iptables can accomplish something like this.
| Kulfaangaren! wrote: |
I'm not very experienced when it comes to networking but if I were you, I would try changing eth0:1's MAC address with something like ...
|
This isn't possible, eth0 and eth0:1 are the same NIC and thus have the same MAC address. Nevertheless, you don't need to worry about this part, eth0:1 is just an aliased IP, it doesn't need a distinct MAC address.
_________________
Game! - Where the stick is mightier than the sword! |
|
| Back to top |
|
|
Steve_Mac_G
n00b
Joined: 13 Dec 2005
Posts: 19
Location: MiddleEarth
|
| Posted: Tue Jul 21, 2009 6:16 am Post subject: Re: 1 NIC, 2 IPs, 2 Different Routes ? |
|
|
Kulfaangaren, Sure here is it:
| Code: | luci ~ # netstat -tanp | grep LISTEN
tcp 0 0 0.0.0.0:14534 0.0.0.0:* LISTEN 12328/server_linux
tcp 0 0 192.168.0.15:6665 0.0.0.0:* LISTEN 11859/unrealircd
tcp 0 0 192.168.0.15:6697 0.0.0.0:* LISTEN 11859/unrealircd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 11739/mysqld
tcp 0 0 192.168.0.15:6666 0.0.0.0:* LISTEN 11859/unrealircd
tcp 0 0 192.168.0.15:6667 0.0.0.0:* LISTEN 11859/unrealircd
tcp 0 0 192.168.0.15:6668 0.0.0.0:* LISTEN 11859/unrealircd
tcp 0 0 192.168.0.15:6669 0.0.0.0:* LISTEN 11859/unrealircd
tcp 0 0 0.0.0.0:7029 0.0.0.0:* LISTEN 11859/unrealircd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 11971/sshd
tcp 0 0 0.0.0.0:7000 0.0.0.0:* LISTEN 11859/unrealircd
tcp 0 0 0.0.0.0:8767 0.0.0.0:* LISTEN 12328/server_linux
tcp6 0 0 :::80 :::* LISTEN 12029/apache2
tcp6 0 0 :::22 :::* LISTEN 11971/sshd
tcp6 0 0 :::443 :::* LISTEN 12029/apache2
|
Whow, the ssl port of my Unreal is showing up here 
Yo. The Setup from the Mashine is variable, its still a VM. We try some different setups. The only constant Thing are the Gateways, and the fact that icecast should use the High Speed connection and all other services can have the other Access. Can i specify 2 Subnets in this mashine, one uses the High lane, the other the low one? Can work a setup like this? :
| Code: | luci ~ # cat /etc/conf.d/net #Example written by hand
config_eth0=(
"192.168.0.15/24 brd 192.168.0.255"
"192.168.1.15/24 brd 192.168.1.255"
)
routes_eth0=(
"192.168.0.15/24 via 192.168.0.1"
"192.168.1.15/24 via 192.168.0.2"
)
dns_servers_eth0=( "192.168.0.1 192.168.0.2" )
|
My Problem is, that both Gateways are in the same Subnet and (its planned) my Mashine is physically conneted to this Subnet with one wire and one NIC. |
|
| Back to top |
|
|
rrbrussell
n00b
Joined: 21 Jun 2004
Posts: 64
|
| Posted: Tue Jul 21, 2009 7:24 am Post subject: |
|
|
I am assuming that you want these services available on the internet and the firewalls are correctly setup for port forwarding.
Basic steps:- Seperate the current combined network into two different subnets.
- 192.168.0.1/24 for all traffic traversing the DSL connection
- 192.168.1.1/24 for all traffic traversing the higher speed connection
- Assign the server 1 IP in each subnet.
- On the DSL gateway.
- Assign 1 IP from the DSL subnet to its lan interface. Do not assign any IP from the higher speed subnet to its lan interface.
- Setup its firewall to only forward the ports that should be routed out through the DSL connection.
- On the higher speed gateway
- Assign 1 IP from the higher speed subnet to its lan interface. Do not assign any IP from the DSL subnet to its lan interface.
- Setup its firewall to only forward the ports that should be routed out through the higher speed connection.
- Setup the services to only listen to the IP in the correct subnet for which gateway they should use.
The next step is to make use of seperate routing tables on the server. For that I recomend reading The Linux Advanced Routing & Traffic Control website for further information. The basic objective is to move a packet generated with the DSL IP onto a routing table with the DSL firewall as the default gateway for that table and to repeat the same process with a packet generated with the higher speed IP onto a seperate routing table with the higher speed gateway as the default gateway for that table. You may be required to create a network bridge with the ethernet card and two tap devices in order to get some of the routing to work correctly. If you need help or further explanation of the briding process just ask. I have no idea how well the Gentoo init scripts will cope with trying to load multiple routing tables into memory so I cannot help you with that task. |
|
| Back to top |
|
|
Steve_Mac_G
n00b
Joined: 13 Dec 2005
Posts: 19
Location: MiddleEarth
|
| Posted: Tue Jul 21, 2009 4:24 pm Post subject: |
|
|
Hi
Many thx for your Tips and Hints. Now we have another solution. 2 NICs, 2 IPs and all works fine.
Sorry for trouble here and a lot of Thanks.
Steve |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
