Dual NICs and NAT mess.

magician at internet.gr magician at internet.gr
Wed Dec 29 19:55:59 UTC 2004


Hello,

This is a kinda strange problem I do have with an FC3 server having 2NICs.
Obvioulsy our configuration isn't the "fittest" indeed, but since I use a
web hosting control panel, which needs an external IP address (mounted in
the NIC, NAT won't work for their licence and update policy), I had to use
two NICs, one for the control panel licencing, and another behind NAT
where a bunch of IPs do exist for serving people's web-hosting needs. (Too
risky nowadays to have http or other servicesdirectly exposed to the big-bad-internet[TM], so all usual services would
stay behind the NAT)
I had setup the two NICs as follows

eth0 is the NATed one thus
it had an
10.0.x.y ip address
10.0.x.0 network
10.0.x.255 broadcast
10.0.x.z gateway
255.255.255.0 netmask

eth1 is the directly connected to the net NIC
thus
x.y.z.w ip address
x.y.z.0 network
x.y.z.255 broadcast
x.y.z.v gateway
255.255.255.0 netmask

Now the eth1 works as it's supposed to do, services are accessible from
outside, without any problems. From the other hand eth0 can't be used from
the net. Thus the services are reachable from any machine around that's
10.0.x.sth, but from the outer net pretty nothing. That machine is a
dedicated server, thus it hadn't be set up from myself, and since I have
only SSH, webmin, and the webhosting panel as remote administration tools,
it couldn't be so easy to find out what happens. Now ...
I have contacted the provider of these dedicated servers, and his advice
was to set some metrics for the routing in order not to have assymetric
routing with the 2NICs ... ok it sounds a bit cryptic to me, any help
would be appreciatable.
The inet IPs of the NATed ones, aren't in the same range with the ones at
eth1, thuseth1 is x.y.z.w but the eth0 card (whenever it comes usable), would be
accessed from a x'.y'.z'.w' address which is completely different from the
aforementioned x.y.z.w
Any ideas please?
Thanks in advance
Nicholas.







More information about the fedora-list mailing list