Fedora Box with TWO NIC's
John Meagher
jmeagher at patriot.net
Sun Aug 22 04:18:06 UTC 2004
Julian Underwood wrote:
> I have a Fedora box with two working NIC's:
>
> DSL, static IP:
> (NIC 1)
> ip:168.101.199.6
> nm:255.255.255.248
> gw:168.101.199.5
> dns:168.101.1.3, 168.101.1.9
>
> LAN, has a sonicwall router to Cable modem:
> (NIC 2)
> ip:192.168.0.7
> nm:255.255.255.0
> gw:192.168.0.1 (currently NOT SET so at least the DSL NIC is functional)
> dns:not needed
>
> With this setup, /nothing/ works. Can't ping anything, can't browse
> from the box locally, nothing. However if I remove the gateway on NIC
> 2 (192.168.0.1), then I can at least browse through NIC 1 and it can
> be pinged. However--the LAN interface is still useless, can't ping it.
>
> The reverse works the same. Remove the GW on NIC 1 (168.101.199.5) and
> place it on NIC 2 (192.168.0.1) then I can browse through NIC 2 on the
> Cable modem side, but then the DSL NIC becomes useless (can't ping).
>
> So I am asking, what is the trick to make BOTH interfaces work and if
> the server needs to go out onto the net, it will by default browse out
> on the DSL side of things? I would like to be able to manage the
> server and provide file services from the LAN side.
>
> $ netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window
> irtt Iface
> 168.101.199.6 0.0.0.0 255.255.255.248 U 0 0
> 0 eth1
> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0
> 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
> 0 eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0
> 0 lo
> 0.0.0.0 168.100.199.5 0.0.0.0 UG 0 0
> 0 eth1
>
> Again, I think this output is with my LAN NIC disabled, again: the LAN
> NIC doesn't have a gw because /nothing/ works when it is defined.
> Goal: be able to provide management and file services from the LAN NIC
> and still function with the DSL NIC.
Julian Underwood wrote:
> Scroll down for the output of netstat -nr!
>
>
> I have a Fedora box with two working NIC's:
>
> DSL, static IP:
> (NIC 1)
> ip:168.101.199.6
> nm:255.255.255.248
> gw:168.101.199.5
> dns:168.101.1.3, 168.101.1.9
>
>
> LAN, has a sonicwall router to Cable modem:
> (NIC 2)
> ip:192.168.0.7
> nm:255.255.255.0
> gw:192.168.0.1 (currently NOT SET so at least the DSL NIC is functional)
> dns:not needed
>
> With this setup, /nothing/ works. Can't ping anything, can't browse
> from the box locally, nothing. However if I remove the gateway on NIC
> 2 (192.168.0.1), then I can at least browse through NIC 1 and it can
> be pinged. However--the LAN interface is still useless, can't ping it.
>
> The reverse works the same. Remove the GW on NIC 1 (168.101.199.5) and
> place it on NIC 2 (192.168.0.1) then I can browse through NIC 2 on the
> Cable modem side, but then the DSL NIC becomes useless (can't ping).
>
> So I am asking, what is the trick to make BOTH interfaces work and if
> the server needs to go out onto the net, it will by default browse out
> on the DSL side of things? I would like to be able to manage the
> server and provide file services from the LAN side.
>
> $ netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window
> irtt Iface
> 168.101.199.6 0.0.0.0 255.255.255.248 U 0 0
> 0 eth1
> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0
> 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
> 0 eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0
> 0 lo
> 0.0.0.0 168.100.199.5 0.0.0.0 UG 0 0
> 0 eth1
>
> Again, I think this output is with my LAN NIC disabled, again: the LAN
> NIC doesn't have a gw because /nothing/ works when it is defined.
> Goal: be able to provide management and file services from the LAN NIC
> and still function with the DSL NIC.
I'm still a little confused. Is this right:
You have a cable modem on the LAN for office internet access.
You have a DSL connected to the server to provide a public web service.
Is the firewall on the DSL router? And another one on the cable modem?
You may want to consider beefing this upfrom the security standpoint.
At least add a firewall on the server.
The usual setup is
internet--->firewall--->LAN and servers, or
internet---->firewall--->LAN
|
|-->firewall---->DMZ-- ->servers
The server's only route to the internet should be via 168.101.199.5 and
the netmask is 255.255.255.248 (not 0.0.0.0) if that is the mask they
gave you for the server.
168.101.199.5 should be a firewall/gateway. (although using the .1
address for the gateway would be more conventional)
So your routing table might look about like this:
168.101.199.6 0.0.0.0 255.255.255.248 U 0 0 0
eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
(the above route should get you to the LAN)
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth1
(I don't know what the above is. Probably learned from the cable modem.
Keep the "routed" process turned off.)
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 168.100.199.5 255.255.255.248 UG 0
0 0 eth1
(note the mask was changed in the line above)
Another possible issue is your NIC1/NIC2 nomenclature. The one you are
calling NIC1 is on the public address which is assigned to eth1. The
one you are calling NIC2 is on the private address which is assigned to
eth0. Make sure it's connected the way you think it should be. Verify
with ifconfig.
Unless FC2 is different, the files which set this up whenever you do a
boot or service network restart are in
/etc/sysconfig/network-scripts/ifcfg-eth? and /etc/sysconfig/network.
There's also a gui, I think redhat-config-network.
To temporarily fix the default route, try
route del default
route add default gw 168.100.199.5 netmask 255.255.255.248
And of course, on your LAN, make sure the workstations are pointed to
the cable modem as default gateway.
Make sure the DSL router and everything else on the segment has the
255.255.255.248 netmask.
The server's DNS address in the server's /etc/resolv.conf should be the
one from the DSL company.
More information about the fedora-list
mailing list