-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Van den Wildenbergh wrote: <snip> > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 10.10.20.0 0.0.0.0 255.255.255.0 U 0 0 0 > bond1 > 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 > bond0 > 0.0.0.0 10.10.20.1 0.0.0.0 UG 100 0 0 > bond1 > 0.0.0.0 192.168.10.1 0.0.0.0 UG 100 0 0 > bond0 > > You have two default gateways. While not necessarily a bad thing since a Linux box can be multi-homed, you need to do a little more work. For these sorts of configurations you may wish to consult the advanced routing and traffic shaping site, http://www/lartc.org
> cat /etc/network/interfaces > > auto bond0 > iface bond0 inet static > address 192.168.10.200 > network 192.168.10.0 > netmask 255.255.255.0 > gateway 192.168.10.1 > dns-nameservers 192.168.10.1 > post-up ifenslave bond0 eth0 eth2 > pre-down ifenslave -d bond0 eth0 eth2 > > auto bond1 > iface bond1 inet static > address 10.10.20.200 > network 10.10.20.0 > netmask 255.255.255.0 > gateway 10.10.20.1 > post-up ifenslave bond1 eth1 eth3 > pre-down ifenslave -d bond1 eth1 eth3 > You do not always need to define a default gateway. The only interface that needs a default gateway is the one that traffic will go through to get to the rest of the Internet. Since both of these are non-routable, you can probably pick either one. I also do not usually use IPCop in these more complex situations though I am sure it is capable. Instead I tend to use one of the following: 1) Vanilla Linux install, usually Voyage (Debian) or Ubuntu server, pretty much doing all the things found in the lartc guide. 2) Microtik RouterOS 3) Vyatta 4) pfsense/monowall The reason is that IPCop has a pretty rigid definition of its networks, red, green, blue etc. and they do not usually work out of the box with whatever it is I am trying to do. Since it requires a bunch of work on my part anyway, I will use something less awkward and more flexible and in the end easier to maintain. I do not really see the point in having a green *and* an orange network on the same VM server. It is doable, but since all the traffic is routed through the IPCop box anyway I do not see an advantage here, only needless complexity which is the sworn enemy of security. Hth, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqY7icACgkQwRXgH3rKGfNgkACgkYX8A7Jv5JRbe3Ood3ibXRwc JlsAn34Bo32hQOexaxI5YbAOVk5boksC =eHl5 -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
