Two NIC Routing Question

Michael Mansour mic at npgx.com.au
Thu Jun 2 00:33:08 UTC 2005 

Hi Jake,

> I have a class two NIC firewall.  eth0 is my external interface 
> connected to my cablemodem, eth1 is my internal interface connected 
> to my hub.  I am using iptables-based firewall rules and using NAT 
> so I can access the internet from all my desktops.  Everything is 
> working correctly.
> 
> The problem is that it only works if I manually set up a default gateway
> route through the external interface.  After I boot the system, I 
> type the following command:
> 
>    route add default gw x.x.x.x
> 
> where x.x.x.x is the address assigned to my external interface. If I 
> don't do this, I cannot access anything on the internet from any my 
> internal machines. Once I execute this command it all works as 
> expected.  I am certain, however, that as a RH 7.2 system, which is 
> what I was before I started incrementally upgrading to FC1 where I 
> am now, I did not need to do this for it to work.
> 
> How can I get this routing between two NICs to work correctly without
> manually executing a 'route' command?  Please don't tell me to add this
> command to rc.local.  My external IP address is dynamic so it can change
> between reboots.  I need some mechanism that works dynamically.  I'm 
> sure that it used to work this way!

I was actually surprised to find that out of so many replies to you, people
seemed to have missed the answer to your problem.

In your /etc/sysconfig/network-scripts/ifcfg-ppp0 file, this is the file
that's used to configure your link/routing when you dialup. There's a variable
here you need to set:

DEFROUTE=yes

which will grab the default route information from your ISP and configure your
routing for you. For this to work, you should _not_ set a GATEWAY variable in
your /etc/sysconfig/network file. The GATEWAY flag adds a static default route
to your routing table on system boot, which is not what you want in your
situation. Within the /etc/sysconfig/network file remove the GATEWAY flag (if
it's in there) and add:

GATEWAYDEV="ppp0"

which will tell the rc network script to use the default route supplied by the
ifcfg-ppp0 script which picks that up from your ISP.

Other interesting variables you can use in ifcfg-ppp0 are:

ONBOOT
PEERDNS
CLAMPMSS
FIREWALL

there's docs in the system somewhere (I forgot where I read all this when
first doing it) which explains what each variable does, you should review it
to allow you to better understand how the process works.

Regards,

Michael.

More information about the fedora-legacy-list mailing list