Brian:
You should have a default gateway for each nic, not just one for the entire
machine. I assume there is a dual port fireall with 1.1 and 10.1 and a
single Internet connection?
I have the same kind of configuration at one of my beach networks. It looks
like this. We'll call my machine bill:
Internet -> Firewall -> 192.168.15.0/24 (15.1 is the router port) ->
192.168.15.50 (eth1)
-> 192.168.17.0/24 (17.1 is the router port) ->
192.168.17.50 (eth0)
No routing on server "bill" takes place. It simply has two cards each with
thier own settings in /etc/network/interfaces. For the record, squid, ssh
and www resides on 15.50 while a couple other services reside on 17.50. My
firewall forwards services to one port or the other depending on the service
(i.e. it knows to forward ssh, web, and so forth to 15.50, etc)
The following is my /etc/network/interfaces:
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.17.50
netmask 255.255.255.0
up flush-mail
gateway 192.168.17.1
auto eth1
iface eth1 inet static
address 192.168.15.50
netmask 255.255.255.0
up flush-mail
gateway 192.168.15.1
I think I could do without the "up flush-mail" the system seems to be
working.
Hope this helps.
Greg
On 8/8/06, Brian Henning <[EMAIL PROTECTED]> wrote:
Hi Gang,
I know y'all are probably tired of hearing me ask about this stuff,
but for some reason it's just one thing I'm having a heck of a time
really grasping. I think it's because I'm missing some fundamental
understanding, some important piece of info, which is leaving the rest
of it shaky. Anyway:
I have a machine (let's call it "bob") with two NICs, on two subnets,
for argument's sake 192.168.1.0/24 and 192.168.10.0/24. eth0 is on
.1.0, eth1 is on .10.0. Both subnets have their own gateways, located
at .1.1 and .10.1.
Because of certain important services that come in through the gateway
on the .1.0 subnet (such as SMTP, httpd, ssh, etc.), I need bob's
default gateway to be .1.1. However, I really really really want to run
OpenVPN on bob and have it move traffic solely in and out through the
.10.1 gateway. That service on that machine never needs to move a
single packet out of the default gateway.
I know that that's impossible without some sort of fiddling; even if UDP
packets come in to OpenVPN via the correct gateway (.10), the responses
are routed out through the .1 gateway and dropped somewhere along the
way (or ignored, if they make it all the way back to the client).
I figure it must be doable, though, right? I shouldn't have to have a
separate box to provide the exact same services through two different
gateways, should I? So what's the magic incantation? route tricks?
iptables tricks? Clever misuse of load-balancing software? I'm open to
all suggestions.
Thanks!
Cheers,
~Brian
--
----------------
Brian A. Henning
strutmasters.com
336.597.2397x238
----------------
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
