Two NIC Routing Question
Jake Colman
colman at ppllc.com
Thu Jun 2 14:13:09 UTC 2005
>>>>> "MM" == Michael Mansour <mic at npgx.com.au> writes:
MM> Hi Jake,
>> I have a class two NIC firewall. eth0 is my external interface
>> connected to my cablemodem, eth1 is my internal interface connected to
>> my hub. I am using iptables-based firewall rules and using NAT so I
>> can access the internet from all my desktops. Everything is working
>> correctly.
>>
>> The problem is that it only works if I manually set up a default
>> gateway route through the external interface. After I boot the system,
>> I type the following command:
>>
>> route add default gw x.x.x.x
>>
>> where x.x.x.x is the address assigned to my external interface. If I
>> don't do this, I cannot access anything on the internet from any my
>> internal machines. Once I execute this command it all works as
>> expected. I am certain, however, that as a RH 7.2 system, which is
>> what I was before I started incrementally upgrading to FC1 where I am
>> now, I did not need to do this for it to work.
>>
>> How can I get this routing between two NICs to work correctly without
>> manually executing a 'route' command? Please don't tell me to add this
>> command to rc.local. My external IP address is dynamic so it can
>> change between reboots. I need some mechanism that works dynamically.
>> I'm sure that it used to work this way!
MM> I was actually surprised to find that out of so many replies to you,
MM> people seemed to have missed the answer to your problem.
MM> In your /etc/sysconfig/network-scripts/ifcfg-ppp0 file, this is the
MM> file that's used to configure your link/routing when you
MM> dialup. There's a variable here you need to set:
MM> DEFROUTE=yes
MM> which will grab the default route information from your ISP and
MM> configure your routing for you. For this to work, you should _not_ set
MM> a GATEWAY variable in your /etc/sysconfig/network file. The GATEWAY
MM> flag adds a static default route to your routing table on system boot,
MM> which is not what you want in your situation. Within the
MM> /etc/sysconfig/network file remove the GATEWAY flag (if it's in there)
MM> and add:
MM> GATEWAYDEV="ppp0"
MM> which will tell the rc network script to use the default route
MM> supplied by the ifcfg-ppp0 script which picks that up from your ISP.
MM> Other interesting variables you can use in ifcfg-ppp0 are:
MM> ONBOOT
MM> PEERDNS
MM> CLAMPMSS
MM> FIREWALL
MM> there's docs in the system somewhere (I forgot where I read all this
MM> when first doing it) which explains what each variable does, you
MM> should review it to allow you to better understand how the process
MM> works.
MM> Regards,
MM> Michael.
Michael,
Your answer is exactly the kind of answer I was hoping for since I am pretty
sure it has to do with the various configuration variables not being set
correctly. There is one problem, however, with your answer: I am not using a
ppp device. My external NIC is dynamic since I am connected to a cablemodem
and have not purchased a static IP address. The etho interface is configured
via dhcp from my ISP; eth1 is hard-wired as 192.168.0.1.
I believe that all the necessary magic comes from the
/etc/sysconfig/networking-scripts directory. I have two files: ifcfg-eth0
and ifcfg-eth1.
Contents of ifcfg-eth0:
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
Contents of ifcfg-eth1:
DEVICE=eth1
BROADCAST=192.168.0.255
IPADDR=192.168.0.1
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes
The output of 'netstat -rn' following a reboot is:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
68.196.176.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth1
After I manually add a default route through eth0, I get the following:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
68.196.176.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 68.196.186.208 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth1
So what needs to be tweaked to make this all work correctly? And where can I
find the documentation on those config files?
Thanks!
...Jake
--
Jake Colman
Sr. Applications Developer
Principia Partners LLC
Harborside Financial Center
1001 Plaza Two
Jersey City, NJ 07311
(201) 209-2467
www.principiapartners.com
More information about the fedora-legacy-list
mailing list