[wellylug] multiple gateways
Mark Signal
mark at databackup.co.nz
Fri Dec 3 18:21:28 NZDT 2004
well thank you to everyone who took the time to answer.
In the end I bit the bullet and changed everything over to the new
gateway . I'll deal with any "fallout" over the weekend.
thanks again
Mark Signal
Pete Black wrote:
> The way I would set this up in your current scenario is as follows:
>
> Configure 2 ip addresses on your internal server's NIC using an alias.
>
> Configure each firewall to rewrite the destination addresses of
> incoming connections to one of the IP addresses - e.g. firewall 1
> redirects to 192.168.0.1 and firewall 2 redirects to 192.168.0.2
> (where your servers eth0 is configured an 192.168.0.1 and eth0:1 is
> 192.168.0.2).
>
> On the server machine, you need to set up iptables to flag packets
> with a destination address of 192.168.0.2, and send them to a routing
> table with a default gateway of firewall 2. Your standard routing
> table has firewall 1 as it's default gateway.
>
> You could do this with interfaces instead of destination IP e.g. if
> the packet comes in on eth0 route it via the default routing table, if
> it comes in on eth1 route it via a different route table.
>
> The specifics of how to do this can be found under the 'advanced
> routing howto' and the man pages for the 'ip' command.
>
> You may need to install the iproute/iproute2 packages, as the standard
> 'route' command can only modify the kernel's default routing table.
>
> If you get stuck, you can contact me off list, however I am a bit busy
> today so I may not be able to respond in an entirely prompt manner.
>
> Should you require more direct assistance i.e. you want somebody to do
> it for you, I may be able to provide support but it will cost you
> money. Again, contact me off-list regarding this.
>
> -Pete
>
>
>> Hi
>>
>> Sorry about not being clear enough
>>
>> I have 1 nic in the server and 2 firewalls boxes each with separate
>> internet connections
>> .
>> presently all traffic for the server comes in via one firewall. I
>> would like to be able to connect to the server via the other firewall
>> as well so that external clients can connect to the server via either
>> external ip address.
>>
>> If I threw a second nic in the server could I just configure it to
>> the other gateway?
>>
>> This is all as a temporary mmeasure as I transition from one internet
>> connection to another. I could just go "cold turkey" and switch all
>> the client pc's over to the new ip address but it will just be a bit
>> more pressured /stressful.
>>
>> cheers
>>
>> Mark
>>
>>
>>
>> Pete Black wrote:
>>
>>> Can you clarify this please - when you say you want to respond to
>>> traffic that comes in from two different gateways, do you simply
>>> mean you have multiple interfaces on your machine?
>>>
>>> Can you be more specific about your network setup, as the degree to
>>> which linux's default arp, rp_filter etc. proc entries and route
>>> cache will ruin your day depends very much on exactly what you are
>>> trying to do.
>>>
>>> You can do just about any kind of 'smart' routing using iproute2 and
>>> iptables, and the assertion that you can have only one default
>>> gateway is technically not correct.
>>>
>>> You can have only one default gateway per routing table. - it is
>>> relatively easy simply to mark all packets entering via a given
>>> interface and sending them to a specified route table which will
>>> enable you to control which interface a packet leaves on based on
>>> the interface it entered on etc. etc.
>>>
>>> -Pete
>>>
>>>> You can only have one default gateway. If you know the source
>>>> addresses for all traffic coming in one of the interfaces, you can set
>>>> up a bunch of static routes (route add <network> <netmask> <gateway>).
>>>>
>>>> Other than that, this indicates a pretty broken network set up and I
>>>> suggest you fix it before you try any nasty hacks :)
>>>>
>>>> On Fri, 03 Dec 2004 at 10:06:17 +1300, Mark Signal wrote:
>>>>
>>>>
>>>>
>>>>> Hi
>>>>>
>>>>> hopefully a simple question
>>>>>
>>>>> I want a debian box to be able to respond to traffic that comes 2
>>>>> different gateways.
>>>>>
>>>>> I tried adding a second gateway setting for eth0 in the
>>>>> /etc/network/interfaces file but as I expected it spat the dummy
>>>>>
>>>>> presumably I need a primary gateway (as defined in
>>>>> /etc/network/interfaces?) and an alternative gateway set up in
>>>>> routing somehow?
>>>>>
>>>>> as usual - any pointers/abuse gratefully accepted
>>>>>
>>>>> thanks
>>>>>
>>>>> Mark Signal
>>>>>
>>>>>
>>>>> --
>>>>> Wellington Linux Users Group Mailing List:
>>>>> wellylug at lists.wellylug.org.nz
>>>>> To Leave: http://lists.wellylug.org.nz/mailman/listinfo/wellylug
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
More information about the wellylug
mailing list