2

I have this /etc/network/interfaces (IPs on eth1 are fake)

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 10.0.2.15
netmask 255.255.255.0
broadcast 10.0.2.255
gateway 10.0.2.2

auto eth1
iface eth1 inet static
address 123.123.123.45
netmask 255.255.255.0
broadcast 123.123.123.255
gateway 123.123.123.1

I use eth0 to connect to the internet while on eth1 I configured a public IP to a web server.

The connection to internet works fine if i keep up only eth0 and to the other side the web server works fine too if i keep up only eth1. They work perfectly as intended.

The problem is that I want both networks on at the same time and use exclusively eth0 to surf the internet / download updates and so on and I want to route all the traffic incoming to 123.123.123.45 to just that network.

How can I do that? I searched many tutorials but can't find a working solution or maybe I am doing something wrong. I do not want to reroute traffic from one interface to another, I would like to keep them separate and reroute traffic based on what IP they are coming from.

Is this possible?

I already tried

route add -host 123.123.123.45 dev eth1

Thank you in advance.

James Loy
  • 21
  • 1
  • 2
  • I wrote 2 gateways because atm I am working disabling either one or another interface whenever I need to run an apt-get update or so. Most of the time eth0 is shut and the webserver is working fine. What I want is: every traffic from and to 123.123.123.45 must go through eth1 (and therefore throught 123.123.123.1) every traffic from and to the internet and my machine EXCEPT the ones on 123.123.123.0 network must flow through eth0. Is this possible? – James Loy Jul 04 '11 at 12:14

4 Answers4

3

Your immediate problem is that you declare a default gateway on both entries. I suppose that this will result in whichever comes up last to "win" and be default gateway.

However, if you remove the one on eth1, you will have the problem that the box will reply on eth0, even if the packet arrived on eth1. In order to tell the box to reply on a particular interface, you need to do what is commonly referred to as source routing.

I have the following set of commands on a box:

/sbin/ip rule add from 1.2.3.4/24 tab 1 priority 500
/sbin/ip route add default via 1.2.3.1 dev eth2 tab 1
/sbin/ip route flush cache

The first line tells the box to look in table "1" for info on packets that go out from IP 1.2.3.4. The second line creates table "1" saying that the default gateway in that table is 1.2.3.1. The last line ensures that this takes effect immediately.

For more info, see e.g. http://lartc.org/howto/lartc.rpdb.html

Bittrance
  • 3,070
  • 3
  • 24
  • 27
  • I try this solution and let you know. It seems easy. – James Loy Jul 04 '11 at 12:16
  • I removed the last gateway from config and run those commands in sequence ` /sbin/ip rule add from 123.123.123.0/24 tab 1 priority 500 /sbin/ip route add default via 123.123.123.1 dev eth1 tab 1 /sbin/ip route flush cache ` but nothing works – James Loy Jul 04 '11 at 12:21
  • Not sure what the effect will be if you name the whole subnet in the rule. I think you want /sbin/ip rule add from 123.123.123.*45*/24 tab 1 priority 500 – Bittrance Jul 07 '11 at 23:10
2

Having two default gateways with the same metric results in a lottery for which one will be used. This explains your problems.

You can either follow the advice from Bittrance or make sure that your two default routes have different metrics. In that case the one with the smaller metric will be used unless the route is down. However, this only works if the second default gateway actually DOES provide a route to the public Internet.

In order to set up two default routes with different metrics, use the metric keyword in the ip route add command.

I personally would remove the gateway instructions from the interfaces file and rather add post-up commands.

EDIT Based on your additional comment, I am a little confused as to what exactly you want to achieve and how this network is set up.

Clearly the interface with the public IP must be connected directly to the Internet (presumably through a device provided by your ISP). If this server is also your default gateway to the Internet, i.e. all requests for public IP address must flow through this server, then the server must be configured as a router (i.e. IP forwarding must be enabled, and all other devices on the network must have the private IP of this server as their default gateway).

If your network has another computer which provides the default internet access, then that device must be set as the default gateway on all other network devices, and your server should not have a default route at all on its internal interface (eth0), since it is directly connected to that network.

wolfgangsz
  • 8,847
  • 3
  • 30
  • 34
  • Public interface 123.123.123.45--[SERVER]--10.0.2.15 Private interface. The box is a VirtualBox Ubuntu in which the 1st interface eth0 is natted to the main server and used to surf the internet freely. It's on a private network. The second one is bridged to a public interface directly connected to the internet without natting, behind a firewall. What I ask is to keep networks separate. The traffic from and to 123.123.123.45 must flow through eth1. Everything else should go to eth0. The default gateway so should be the one on eth0. – James Loy Jul 05 '11 at 07:46
  • You could try source based routing, but that has gone out of fashion a long time ago. Nowadays IP routing is primarily destination based, and in your case it simply doesn't make any sense to route your "normal" internet traffic through a different gateway than the traffic coming in through a specific public IP. – wolfgangsz Jul 05 '11 at 08:40
  • http://wiki.openvz.org/Source_based_routing Tried this too. No ways of making it work. I think I'll keep enabling and disabling the eth. – James Loy Jul 05 '11 at 09:49
1

You can not have two default gateways. Choose either one.

If you are looking to use two ISP's simultanously then you need BGP.

pauska
  • 19,620
  • 5
  • 57
  • 75
0

Could this answer to another question also lead to your answer?

Setting up two NICs on two separate LANs provides error

Community
  • 1
Nunya
  • 578
  • 4
  • 10