Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Technical

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th May 2008, 17:12
quentin quentin is offline
Junior Member
 
Join Date: Mar 2008
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Post Two NIC's, two gateways....

Hi,

Wonder if someone could help out with this one...

I've one server with two network-adapters. Both are connected to the internet, but are on completely different ranges and use, ofcourse, both a different gateway.

What I want to achieve is that all traffic, EXCEPT SSH (port 22) will go through NIC1. You can guess what NIC2 should do, because that one should only allow bidirectional SSH traffic. My problem is the gateway, I can't figure it out how to route it the right way.

Can someone help me out with this one?

Best regards,

Quentin
Reply With Quote
Sponsored Links
  #2  
Old 9th May 2008, 17:18
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

you need to setup a second routing table for the second nic then us a rule to route the ssh.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 9th May 2008, 17:20
quentin quentin is offline
Junior Member
 
Join Date: Mar 2008
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Post

Can you be a bit more specific? An example maybe?

Thank you

Best regards,

Quentin
Reply With Quote
  #4  
Old 9th May 2008, 17:26
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

For purposes of illustrating how this would work i will assume the following you need to substitute for your network

eth0 192.168.1.1 -> gw 192.168.1.2
eth0 192.168.2.1 -> gw 192.168.2.2

Okay now in your main routing table your default gw will be 192.168.1.2

okay now create the second routing table

Code:
ip ro add 192.168.2.0/24 dev eth1  proto kernel  scope link  src 192.168.1.1 table 4
ip ro add default 192.168.2.2 table 4
The lets put a rule to make ssh traffic go via table 2
Code:
ip ru add fwmark 2 lookup 4
Then we need to mark the ssh packets
Code:
iptables -t mangle -I OUTPUT -p tcp --dport 22 -j MARK --set-mark 2
iptables -t mangle -I OUTPUT -p tcp --sport 22 -j MARK --set-mark 2
Then we flush the routing cache
Code:
ip ro fl ca
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #5  
Old 13th May 2008, 10:31
quentin quentin is offline
Junior Member
 
Join Date: Mar 2008
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Post Persistent

Thank you for your reply!

But I've some additional questions:

- Are these settings persistent?
- If yes, is it somewhere stored in a configfile?

Thanks in advance.

Quentin
Reply With Quote
  #6  
Old 13th May 2008, 10:33
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

Those setting are not persistent as far as i know the only distro with support for that is Mandriva for other distros you will need to activate those setting via /etc/rc.local or for debian you could do it in using the /etc/network/interfaces file.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #7  
Old 13th May 2008, 10:39
quentin quentin is offline
Junior Member
 
Join Date: Mar 2008
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Post Tables

Thank you.

Final question: Could you tell me a bit more about the different tables you described? I'm a bit confused how it works.

Best regards,

Quentin
Reply With Quote
  #8  
Old 13th May 2008, 10:46
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
 
Default

By default you have one routing table which you can see by running the command

Code:
ip ro sh
Now because you want to do policy based routing you need a second table which i have named table 4 it can be any other number or you can make it a label by adding the mapping to /etc/iproute2/rt_tables.

We have the relevant routes to handle the traffic in this second table.

Then to force the traffic to use the table we use the fwmark rule with works hand in hand with iptables marking in the mangle table. There other ways to specify rules.

To get all the details on how advanced routing on linux works look at
Code:
man ip
And read these sites.
http://lartc.org/howto/
http://www.linux-foundation.org/en/Net:Iproute2
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewalls, Internet Gateways and Mail DazzyB Server Operation 4 25th September 2007 14:55
Firewall w/ 2 NIC's omni Installation/Configuration 2 26th June 2007 13:47
two nics on debian vruz Installation/Configuration 3 19th June 2007 23:59
two nic's, three ip's, confused zone transfers tjd Installation/Configuration 3 4th August 2006 12:37
Ispconfig Admin Panel Changes Cause Nics To Lose Ip Addresses jobrien Installation/Configuration 3 21st March 2006 11:12


All times are GMT +2. The time now is 20:52.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.