[wellylug] multiple gateways

Mark Signal mark at databackup.co.nz
Fri Dec 3 18:21:28 NZDT 2004


well thank you to everyone who took the time to answer.

In the end I bit the bullet and changed everything over to the new 
gateway . I'll deal with any "fallout" over the weekend.

thanks again


Mark Signal

Pete Black wrote:

> The way I would set this up in your current scenario is as follows:
>
> Configure 2 ip addresses on your internal server's NIC using an alias.
>
> Configure each firewall to rewrite the destination addresses of 
> incoming connections to one of the IP addresses - e.g. firewall 1 
> redirects to 192.168.0.1 and firewall 2 redirects to 192.168.0.2 
> (where your servers eth0 is configured an 192.168.0.1 and eth0:1 is 
> 192.168.0.2).
>
> On the server machine, you need to set up iptables to flag packets 
> with a destination address of 192.168.0.2, and send them to a routing 
> table with a default gateway of firewall 2. Your standard routing 
> table has firewall 1 as it's default gateway.
>
> You could do this with interfaces instead of destination IP e.g. if 
> the packet comes in on eth0 route it via the default routing table, if 
> it comes in on eth1 route it via a different route table.
>
> The specifics of how to do this can be found under the 'advanced 
> routing howto' and the man pages for the 'ip' command.
>
> You may need to install the iproute/iproute2 packages, as the standard 
> 'route' command can only modify the kernel's default routing table.
>
> If you get stuck, you can contact me off list, however I am a bit busy 
> today so I may not be able to respond in an entirely prompt manner.
>
> Should you require more direct assistance i.e. you want somebody to do 
> it for you, I may be able to provide support but it will cost you 
> money. Again, contact me off-list regarding this.
>
> -Pete
>
>
>> Hi
>>
>> Sorry about not being clear enough
>>
>> I have 1 nic in the server and 2 firewalls boxes each with separate 
>> internet connections
>> .
>> presently all traffic for the server comes in via one firewall. I 
>> would like to be able to connect to the server via the other firewall 
>> as well so that external clients can connect to the server via either 
>> external ip address.
>>
>> If I threw a second nic in the server could I just configure it to 
>> the other gateway?
>>
>> This is all as a temporary mmeasure as I transition from one internet 
>> connection to another. I could just go "cold turkey" and switch all 
>> the client pc's over to the new ip address but it will just be a bit 
>> more pressured /stressful.
>>
>> cheers
>>
>> Mark
>>
>>
>>
>> Pete Black wrote:
>>
>>> Can you clarify this please - when you say you want to respond to 
>>> traffic that comes in from two different gateways, do you simply 
>>> mean you have multiple interfaces on your machine?
>>>
>>> Can you be more specific about your network setup, as the degree to 
>>> which linux's default arp, rp_filter etc. proc entries and route 
>>> cache will ruin your day depends very much on exactly what you are 
>>> trying to do.
>>>
>>> You can do just about any kind of 'smart' routing using iproute2 and 
>>> iptables, and the assertion that you can have only one default 
>>> gateway is technically not correct.
>>>
>>> You can have only one default gateway per routing table. - it is 
>>> relatively easy simply to mark all packets entering via a given 
>>> interface and sending them to a specified route table which will 
>>> enable you to control which interface a packet leaves on based on 
>>> the interface it entered on etc. etc.
>>>
>>> -Pete
>>>
>>>> You can only have one default gateway. If you know the source
>>>> addresses for all traffic coming in one of the interfaces, you can set
>>>> up a bunch of static routes (route add <network> <netmask> <gateway>).
>>>>
>>>> Other than that, this indicates a pretty broken network set up and I
>>>> suggest you fix it before you try any nasty hacks :)
>>>>
>>>> On Fri, 03 Dec 2004 at 10:06:17 +1300, Mark Signal wrote:
>>>>
>>>>  
>>>>
>>>>> Hi
>>>>>
>>>>> hopefully a simple question
>>>>>
>>>>> I want a debian box to be able to respond to traffic that comes  2 
>>>>> different gateways.
>>>>>
>>>>> I tried adding a second gateway setting for eth0 in the  
>>>>> /etc/network/interfaces file but as I expected it spat the dummy
>>>>>
>>>>> presumably I need a primary gateway (as defined in 
>>>>> /etc/network/interfaces?) and an alternative gateway set up in 
>>>>> routing somehow?
>>>>>
>>>>> as usual - any pointers/abuse gratefully accepted
>>>>>
>>>>> thanks
>>>>>
>>>>> Mark Signal
>>>>>
>>>>>
>>>>> -- 
>>>>> Wellington Linux Users Group Mailing List: 
>>>>> wellylug at lists.wellylug.org.nz
>>>>> To Leave:  http://lists.wellylug.org.nz/mailman/listinfo/wellylug
>>>>>   
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>  
>>>>
>>>
>>>
>>
>>
>
>




More information about the wellylug mailing list