[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: routing + 2 NICs on teh same network



On 2005-03-22 Chavdar Videff wrote:
> We have the following problem with the routing.
> We have the following structure:
> Internet   >>>>  Real Ip address on Cisco Router >>>> Internal ip
> address on Cisco Router (10.50.40.31) >>>>> LAN
> 
> In the LAN space we deploy a Debian Linux gateway and firewall to be
> in between Cisco Router and LAN. We noticed the following problem:
> 
> On Debian gateway:
> eth0 - 10.50.40.28
> eth1 - 10.50.40.29
> 
> 10.50.40.29 is the gateway IP address for all hosts on the LAN.
> However if deployed with above settings - there is no routing
> possible. If we assign the 10.50.40.29 IP address to eth0:1 everything
> works as expected.
> 
> If eth1 is another network (10.50.41.29 , again for hosts in that
> network everything is OK).
> 
> My question is: Why isn't it possible to have 2 NICs on same network
> and have routing achieved 

Network:       10.50.40.0/24---(eth0)Router(eth1)---10.50.40.0/24
Sample hosts:  10.50.40.10                          10.50.40.8
               10.50.40.12                          10.50.40.13

Routing table: 10.50.40.0  *            255.255.255.0  U   0  0  0 eth0
               10.50.40.0  *            255.255.255.0  U   0  1  0 eth1
               default     10.50.40.31  0.0.0.0        UG  0  0  0 eth0

Imagine host 10.50.41.12 sending a packet to host 10.50.41.13. How would
the router know he needs to send the packet over eth1? Or imagine host
10.50.40.8 sending a packet to host 10.50.40.13? How would the router
know he does *not* need to send the packet over eth0? Lowest metric in
the routing table matches.

You need to do bridging if you want to connect two segments of the same
IP subnet.

I suggest you read up on TCP/IP and routing. O'Reilly has a really good
book on that stuff (Craig Hunt: "TCP/IP Network Administration").

Why do you have a Linux router between Cisco router and LAN anyway? Or a
Cisco router in front of your Linux router?

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq



Reply to: