Two physical Nics, one virtual nic. Two subnets, two gateways

Aaron Wilson aaron at ernieball.com
Thu Jun 11 22:23:45 UTC 2009 

We currently have a RH ES 5 server with 4 nics.

Currently eth0 will be the primary nic for users trying to access our 
ERP system. We have no current need for eth2 or eth3

-----------------------------
[root at solo devices]# more ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:21:28:3D:72:96
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=172.20.2.80
GATEWAY=172.20.2.136
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
-----------------------------

We want to install squid on this server and use eth1 for that. It would 
also require a virtual eth1:1. We want to use the squid proxy to send 
http traffic to our dsl line so our T1 is just VoIP and Email.

Our workstations are on the 172.20.2.0 subnet and default to the 
172.20.2.136 gateway.

However our DSL router is on a 172.20.4.0 subnet.

We want to make eth1 as follows

I made an ifcfg-eth1 as follows
-----------------------------
[root at solo devices]# more ifcfg-eth1
DEVICE=eth1
BOOTPROTO=none
HWADDR=00:21:28:3D:72:97
ONBOOT=no
NETMASK=255.255.255.0
IPADDR=172.20.4.81
GATEWAY=172.20.4.249
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
-----------------------------

As soon as I do an ifup eth1 all networking dies. have to delete our 
ifcfg-eth1 file and restart networking to recover.

So at this point we haven't even gotten eth1 to work so we haven't gone 
on to making an eth1:1 entry.





In our other office we have similar working scenario with a squid proxy 
server. It's a ubuntu box though and it only has one physical nic.

-----------------------------
aaron at anduril:~$ more /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 172.20.5.108
netmask 255.255.255.0
gateway 172.20.5.1

auto eth0:1
iface eth0:1 inet static
address 172.20.1.108
netmask 255.255.255.0

up route add -net 172.20.2.0/24 gw 172.20.1.136 dev eth0:1
-----------------------------

So we're trying to recreate that on the redhat ES 5 server but with eth1 
and eth1:1. The last line in that entry is just for routing to the 
172.20.2.0 subnet via a vpn.

So if you were in the office with the ubuntu proxy server and you're 
computer was 172.20.1.9 and you wanted to go to www.redhat.com routing 
looks something like

172.20.1.9 --> 172.20.1.108 --> 172.20.5.108 --> 172.20.5.1 --> Internet 
--> www.redhat.com

and if wanted to go to a website located in our other office with ip 
address 172.20.2.99 that route add makes it look something like

172.20.1.5 --> 172.20.1.108 --> 172.20.1.136 --> 172.20.2.136 --> 
172.20.2.99

So all traffic goes to our dsl router 172.20.5.1, except if it's a 
172.20.2.0 address which then goes to the 172.20.1.136 router


So regardless of what office I am in and I want the ERP system, I just 
ssh 172.20.2.80 (eth0)

If i'm browsing the web then the proxy server ip address is 172.20.2.81 
(eth1:1)

If my computer is 172.20.2.10 trying to browse www.redhat.com it needs 
to look like:

172.20.2.10 --> 172.20.2.81 --> 172.20.4.81 --> 172.20.4.249 --> 
Internet --> www.redhat.com

Also on occasion a user there would need to browse a website at the 
172.20.1.0 subnet

172.20.2.10 --> 172.20.2.81 --> 172.20.2.136 --> 172.20.1.136 --> 
172.20.1.99

Hope that wasn't too long and difficult to understand  :)

Wasn't easy trying to put that into words.




Thanks,

Aaron

More information about the redhat-list mailing list