The Debian box generates or receives a packet intended for 10.50.40.200. Which interface does it send the packet to? How can it possibly know?Hello, We have the following problem with the routing. We have the following structure: Internet >>>> Real Ip address on Cisco Router >>>> Internal ip address on Cisco Router (10.50.40.31) >>>>> LAN In the LAN space we deploy a Debian Linux gateway and firewall to be in between Cisco Router and LAN. We noticed the following problem: On Debian gateway: eth0 - 10.50.40.28 eth1 - 10.50.40.29 10.50.40.29 is the gateway IP address for all hosts on the LAN. However if deployed with above settings - there is no routing possible. If we assign the 10.50.40.29 IP address to eth0:1 everything works as expected. If eth1 is another network (10.50.41.29 , again for hosts in that network everything is OK). My question is: Why isn't it possible to have 2 NICs on same network and have routing achieved or, if it is possible, how is it accomplished.
You can't say 'all input on one interface should go out on the other' because there's no way to say that. IP routing works on the basis of all inputs on all interfaces being thrown into the same pot, then sorted for output according to the routing table i.e. by IP address.
The way the routing table works is by subnet. All output for a particular subnet is sent to one particular interface. If you want traffic to travel into one interface and out of another, they must be on different subnets, because that's how IP routing works.
It would certainly be possible to write software which took all input from one interface and sent it out of another, and vice versa, but it wouldn't be IP routing software.
The question is 'why would you want the two interfaces of a firewall to be connected to the same subnet'? The whole point of a firewall is to separate 'inside' from 'outside', and to be very clear about which is which.
-- Joe