Re: routing + 2 NICs on teh same network
On Tuesday 22 March 2005 15:34, Dave Ewart wrote:
> On Tuesday, 22.03.2005 at 14:48 +0200, Chavdar Videff wrote:
> > We have the following problem with the routing.
> > We have the following structure:
> > Internet >>>> Real Ip address on Cisco Router >>>> Internal ip address
> > on Cisco Router (10.50.40.31) >>>>> LAN
> > In the LAN space we deploy a Debian Linux gateway and firewall to be in
> > between Cisco Router and LAN. We noticed the following problem:
> > On Debian gateway:
> > eth0 - 10.50.40.28
> > eth1 - 10.50.40.29
> > 10.50.40.29 is the gateway IP address for all hosts on the LAN.
> > However if deployed with above settings - there is no routing possible.
> > If we assign the 10.50.40.29 IP address to eth0:1 everything works as
> > expected.
> > If eth1 is another network (10.50.41.29 , again for hosts in that network
> > everything is OK).
> > My question is:
> > Why isn't it possible to have 2 NICs on same network and have routing
> > achieved or, if it is possible, how is it accomplished.
> It is possible, you need to get your routes and networks properly
> configured though. Each network interface on the Debian gateway needs
> to have a sensible netmask set, and can have a gateway for each
> Looking at your setup, I'm unclear as to why you've picked these IP
> addresses. You need to choose them carefully so that the netmasks work.
> 1. You have two networks here, one including the internal interface on
> the router and eth0 on the gateway; the second which is eth1 on the
> gateway and the rest of the LAN.
> 2. The first network requires two IPs, a network broadcast IP and a
> network number - this is a total of four addresses. Suggestion:
> 10.50.1.1 on the router and 10.50.1.2 on the gateway both with a
> netmask of 255.255.255.252 (/30). This network's number is 10.50.1.0
> and its broadcast is 10.50.1.3 ...
> 3. The second, main internal network could be 10.50.2.x ...
> (It's unclear why you've chosen the IP addresses you have, so I'm
> assuming it's clearer to change them to something else)
> If you need to keep those IP addresses, then you need to figure out what
> the network number, netmask, broadcast are for the subnets. Use the
> tool 'ipcalc' for that. e.g. if you want 10.50.40.28 and 10.50.40.31 on
> the same subnet (the router's internal IP and the gateway's eth0), then
> you can't use 10.50.40.29 and 10.50.40.30 on a *different* network.
> That's logically wrong.
The reason why we do this is because the Cisco router is maintained by our ISP
and it is configured for the entire LAN. I cannot touch there. And I cannot
change the LAN address space because there are servers accessed from outside.
This is the reason why both interfaces of the Debian gateway have addresses in
the same subnetwork. I use SNAT/DNAT in iptables to masquerade the hosts
behind the Debian box, so that replies from the Cisco Router pass through the
Debian box instead of going directly to that host.
It works if I use 1 NIC with 2 aliases: eth0 = 10.50.40.28/26 and eth0:1 =
10.50.40.29/26. My problem is when the above addresses are assigned to 2 NICs
on the same host, i.e. eth0 = 10.50.40.28/26 and eth1 = 10.50.40.29/26.