0

I have 2 network cards with public ips. I am running 2 services. So how do I route the connections.

For now only one interface ip is working although both are pingable from internet.

My routing table is like this atm:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.31.128.1    0.0.0.0         UG    0      0        0 eth1
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.31.128.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
172.31.129.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0

So what do I add to it, so that it works?

For now eth1 works without any issues.

defiant
  • 121
  • 7
  • 2
    What is not working? Did you try binding your service to the appropriate IP? – EEAA Sep 29 '15 at 05:22
  • Yes its already bound correctly, so when I change the routes by adding default gateway for 172.31.129.0 network(replacing the first line) then the other interfaces IP starts working. By not working I mean the webserver is inaccessible. But I am able to ping both IPs. PS: when I access the problematic IP(interface) the browser returns ERR_CONNECTION_TIMED_OUT – defiant Sep 29 '15 at 05:31
  • Have you taken steps to enable routing ? – user9517 Sep 29 '15 at 05:55
  • I am sorry, but what do you mean by enable routing? I think it is the gateway that messes it up. But do tell me what do you mean by that. – defiant Sep 29 '15 at 06:03

1 Answers1

2

I'm assuming Linux because of the interface names and the tag of "iproute2".

This is not working, because simply specifying a default route will mean that all outgoing traffic is going to pass through that interface, even responses for requests that have come from the other interface!

In your case, you're saying you have public IP's, yet the two directly connected interfaces are with private IP addresses, so therefore I assume that means you have NAT going on. Whenever you have NAT, you can't use this type of triangular routing, where the incoming and outgoing packets take different paths, because the packets have been changed on the way in by the NAT box, and need to be changed in the same way on the way out. Your requesting client ends up receiving packets from an IP address it's not expecting and does not recognise the response.

What you need to do is to tell the operating system that any packets with IP addresses originating on your interface in 172.31.128.0/24 towards the internet need to hit the gateway at 172.31.128.1, and correspondingly for the 172.31.129.0/24 subnet.

That can be accomplished like this:

ip route add 172.31.129.0/24 dev eth0 src 172.31.129.XXX table T1
ip route add default via 172.31.129.1 table T1
ip route add 172.31.128.0/24 dev eth1 src 172.31.128.XXX table T2
ip route add default via 172.31.128.1 table T2
ip rule add from 172.31.129.XXX table T1
ip rule add from 172.31.128.XXX table T2

You will need to replace XXX with the IP address of your server on those local subnets.

That should get you started. You will find more on this topic in section 4.2 of the Linux Advanced Routing & Traffic Control HOWTO.

Per von Zweigbergk
  • 2,625
  • 2
  • 19
  • 28
  • after adding this rules to the /etc/network/interfaces.d/eth0.cfg and eth1.cfg I can't ping from the system after loging into it. But the ips are pingable when tried from my system. – defiant Sep 29 '15 at 07:52
  • The commands in questions don't go into your interfaces file like that. They are to be run on the command line. You'll need to put them in a script or something for them to be persisted through reboot though. You may be able to use the "post-up" directives to acheive that. – Per von Zweigbergk Sep 29 '15 at 09:13