Its been a long time since I've posted and some nice guides have come around, however, I have found that I require more techniques as I dive deeper into the linux world.
I have a CentOS box running with two NICs, one with a public address and the other NIC has a router in between it and the internet.
Well I am trying to configure SSH on the box to go through the private address, lets say 192.168.10.205 instead of the public address.
I have set the router to port forward public port 20522 to port 22 private side and I set sshd_config to listen on 192.168.10.205.
When I connect with putty to the router's external ip, port 20522, putty throws a timeout. I do not really have a clue as to how to debug this problem with my experience.
I have read up on adding multiple static routes to my different subnets, but it seems confusing and I do not know if it is appropriate. SSH works on the public address, but not the private address+port forward.
I will keep looking into it and post results if I figure it out on my own.
I have found the <theoretical> problem. I need to setup source based routing for eth0 and eth1 to return their packets back from where they got them. Google isn't very helpful in my queries, but I will keep looking.
ALRIGHT, I figured out the solution in a timely manner.
Basically one needs to use iproute2 in order to allow traffic shaping. It could probably be done with iptables, but I know nothing and you can have fun with that.
<Generalization starts now>
iproute2 contains tables which can be checked using iprules
You will want separate tables for each device probably.
Start by editing the /etc/iproute2/rt_tables
Now add two new tables to the bottom of the file, it looks roughly like this:
# reserved values
# reserved values
Now save and we have some tables.
Next start is to actually ADD something to the tables. I will use an example yyy.yyy.yyy.yyy for wan and xxx.xxx.xxx.xxx for lan.
For this part yyy.yyy.yyy.yyy and xxx.xxx.xxx.xxx should be the GATEWAY
the interface is connected to. I do not know whether to create a new table for eth0:0 or vlan type setups. Will append later.
from the terminal:
#ip route add default via yyy.yyy.yyy.yyy dev eth0 tab 1
#ip route add default via xxx.xxx.xxx.xxx dev eth1 tab 2
Now check the tables.
#ip route show table 1
default via via yyy.yyy.yyy.yyy dev eth0
#ip route show table 2
default via xxx.xxx.xxx.xxx dev eth1
Everything should be shiny and now we need RULES
yyy.yyy.yyy.yyy/ww and xxx.xxx.xxx.xxx/zz should be IP ADDRESSES
while ww and zz are the subnet in CIDR notation and are assigned to the interfaces eth0 and eth1. e.g. 192.168.0.100/24
tl;dr yyy.yyy.yyy.yyy/ww = 192.168.0.100/24 CIDR Notation
yyy.yyy.yyy.yyy is the IP ADDRESS
of the interface.
type in the terminal:
#ip rule add from yyy.yyy.yyy.yyy/ww tab 1 priority 500
#ip rule add from xxx.xxx.xxx.xxx/zz tab 2 priority 600
Another e.g. just to get the point across:
#ip rule add from 192.168.0.100/24 tab 1 priority 500
Now we check to make sure the rules are added:
#ip rule show
0: from all lookup local
500: from yyy.yyy.yyy.yyy lookup wan1
600: from xxx.xxx.xxx.xxx lookup lan1
32766: from all lookup main
32767: from all lookup 253
We are almost done:
#ip route flush cache
Now we should be done. I have run into a problem. (nvm)The changes do not stay and I will figure out a way to keep the changes saved(/nvm).
Alright to make the changes permanent we must edit /etc/rc.d/rc.local
ip route add default via yyy.yyy.yyy.yyy dev eth0 tab 1 #GATEWAY 1
ip route add default via xxx.xxx.xxx.xxx dev eth1 tab 2 #GATEWAY 2
ip rule add from yyy.yyy.yyy.yyy/ww tab 1 priority 500 #IP ADDRESS 1
ip rule add from xxx.xxx.xxx.xxx/zz tab 2 priority 600 #IP ADDRESS 2
To the BOTTOM of the file. We are done.
In conclusion: This is why we cannot have nice things.
tl;dr I know nothing.