On Tuesday, 22.03.2005 at 14:48 +0200, Chavdar Videff wrote: > We have the following problem with the routing. > We have the following structure: > Internet >>>> Real Ip address on Cisco Router >>>> Internal ip address on > Cisco Router (10.50.40.31) >>>>> LAN > > In the LAN space we deploy a Debian Linux gateway and firewall to be in > between Cisco Router and LAN. We noticed the following problem: > > On Debian gateway: > eth0 - 10.50.40.28 > eth1 - 10.50.40.29 > > 10.50.40.29 is the gateway IP address for all hosts on the LAN. > However if deployed with above settings - there is no routing possible. > If we assign the 10.50.40.29 IP address to eth0:1 everything works as > expected. > > If eth1 is another network (10.50.41.29 , again for hosts in that network > everything is OK). > > My question is: > Why isn't it possible to have 2 NICs on same network and have routing achieved > or, if it is possible, how is it accomplished. It is possible, you need to get your routes and networks properly configured though. Each network interface on the Debian gateway needs to have a sensible netmask set, and can have a gateway for each interface. Looking at your setup, I'm unclear as to why you've picked these IP addresses. You need to choose them carefully so that the netmasks work. 1. You have two networks here, one including the internal interface on the router and eth0 on the gateway; the second which is eth1 on the gateway and the rest of the LAN. 2. The first network requires two IPs, a network broadcast IP and a network number - this is a total of four addresses. Suggestion: 10.50.1.1 on the router and 10.50.1.2 on the gateway both with a netmask of 255.255.255.252 (/30). This network's number is 10.50.1.0 and its broadcast is 10.50.1.3 ... 3. The second, main internal network could be 10.50.2.x ... (It's unclear why you've chosen the IP addresses you have, so I'm assuming it's clearer to change them to something else) If you need to keep those IP addresses, then you need to figure out what the network number, netmask, broadcast are for the subnets. Use the tool 'ipcalc' for that. e.g. if you want 10.50.40.28 and 10.50.40.31 on the same subnet (the router's internal IP and the gateway's eth0), then you can't use 10.50.40.29 and 10.50.40.30 on a *different* network. That's logically wrong. Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature