Fedora Box with TWO NIC's (NEED HELP!) (fwd)

Julian Underwood mailings at underwoods.net
Tue Aug 24 01:18:31 UTC 2004 

> I'm still a little confused.  Is this right:
> You have a cable modem on the LAN for office internet access.
> You have a DSL connected to the server to provide a public web service.
> 
> Is the firewall on the DSL router?  And another one on the cable modem?
> You may want to consider beefing this upfrom the security standpoint.  At 
> least add a firewall on the server.
> 
> The usual setup is
> 
> internet--->firewall--->LAN and servers, or
> 
> internet---->firewall--->LAN
>            |
>            |-->firewall---->DMZ-- ->servers

My setup:

eth 0                                     eth 1
web services(internet,DSL)-->[server]<-->LAN-->Cable Modem (sonicwall)

The DSL side of the server is for the server only! Clients on the LAN don't 
touch this; they go out onto the net via the Cable Modem.  They should be able 
just to access the server's resources at 192.168.0.7.

**
I want to achive these settings:

eth0: 168.101.199.6,255.255.255.248,gw:168.101.199.5,dns:provided by ISP
eth1: 192.168.0.7,255.255.255.0,gw:192.168.0.7,dns:no dns
**

Seems like two gateways is a "NO,NO", linux doesn't know what to do and doesn't 
do anything at all! (can't ping either interface when two GW's are specified.)

I did some asking on IRC and someone suggested I try using iproute2--I tried 
his suggestion and couldn't make any headway.  Is this something I should 
continue to try?



> 
> The server's only route to the internet should be via 168.101.199.5 and the 
> netmask is 255.255.255.248 (not 0.0.0.0) if that is the mask they gave you 
> for the server.

Right, 'cause the server is only going to go out onto the net via the DSL! BUT, 
if I don't specify a GW for the internal LAN, then that interface becomes 
defunct.

> 168.101.199.5 should be a firewall/gateway.  (although using the .1 address 
> for the gateway would be more conventional)

Agreed.

Here is my current routing table with my internal LAN NIC disabled (it's not 
doing any good anyhow!)

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
168.101.199.4   *               255.255.255.248 U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         199-5.customer  0.0.0.0         UG    0      0        0 eth0


> Another possible  issue is your NIC1/NIC2 nomenclature.  The one you are 
> calling NIC1 is on the public address which is assigned to eth1.  The one you 
> are calling NIC2 is on the private address which is assigned to eth0.  Make 
> sure it's connected the way you think it should be.  Verify with ifconfig.

Yeah, everything is connected correctly. I would assume it doesn't matter what 
the interface is called, provided it's connected correctly.

> To temporarily fix the default route, try
> route del default
> route add default gw 168.100.199.5 netmask 255.255.255.248

Would this help 192.168.0.7 at all?

Thank you VERY much for your help and sticking with me on this one... If anyone 
else has any insight, please give a shout!  I'm also surprised that I can't 
simply specify the 192.168.0.7 interface WITHOUT a gateway and have it 
work--well not that surprised really--but I wish there was a simpler solution 
to make both NIC's work.

TIA,

Julian

More information about the fedora-list mailing list