[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Dual Interface Routing Question

Ritesh Raj Sarraf wrote:

> 
> Juan Sierra Pons wrote:
>> Hi,
>>
>> -With other configuration (some traffic through the VPN interface and
>> some through your default interface): a Bad guy from Internet can
>> achieve your company's networks using your computer as a gateway.
>>
> 
> yes, you're correct.
> But with this setup I see only one problem, my speed is degraded.
> 


Hi,

I'd like to add more to this thread because I still don't feel that my issue is
resolved. But yes, I'd agree that the setup I'm thinking of, makes no sense for
vpn. But still, I know what I'd be doing.

Here's my routing table when only eth1 (the wired ethernet device) is activated.

geeKISSexy:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.73.16.0      0.0.0.0         255.255.252.0   U     0      0        0 eth1
172.16.0.0      0.0.0.0         255.255.0.0     U     0      0        0 tap0
0.0.0.0         10.73.16.1      0.0.0.0         UG    0      0        0 eth1


And this is when eth2 (the wireless device) gets activated. After eth2 is up, it
executed vpnc from post-up.

geeKISSexy:~# ifup eth2=eth2foo
Internet Software Consortium DHCP Client 2.0pl5
Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
All rights reserved.

Please contribute if you find this software useful.
For info, please visit http://www.isc.org/dhcp-contrib.html

sit0: unknown hardware address type 776
eth0: unknown hardware address type 24
sit0: unknown hardware address type 776
eth0: unknown hardware address type 24
Listening on LPF/eth2/00:13:02:b7:7a:7e
Sending on   LPF/eth2/00:13:02:b7:7a:7e
Sending on   Socket/fallback/fallback-net
DHCPREQUEST on eth2 to 255.255.255.255 port 67
DHCPACK from 10.73.36.3
bound to 10.73.36.230 -- renewal in 129600 seconds.
VPNC started in background (pid: 13917)...

geeKISSexy:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
202.3.112.38    10.73.16.1      255.255.255.255 UGH   0      0        0 eth1
10.73.16.0      0.0.0.0         255.255.252.0   U     0      0        0 eth1
10.73.36.0      0.0.0.0         255.255.252.0   U     0      0        0 eth2
172.16.0.0      0.0.0.0         255.255.0.0     U     0      0        0 tap0
0.0.0.0         10.73.16.1      0.0.0.0         UG    0      0        0 eth1


So currently, still everything is being routed through eth1. Surprisingly (or
maybe not) all is being routed through VPN which was fired in the post-up of
eth2

What I'm looking for is to know, what changes do I need to make into this
routing table so that:
a) All 10.x.x.x related traffic passes through eth1
b) As for the rest (and default route) passes through eth2

Thanks,
Ritesh
-- 
Ritesh Raj Sarraf
RESEARCHUT - http://www.researchut.com
"Necessity is the mother of invention."
"Stealing logic from one person is plagiarism, stealing from many is research."
"The great are those who achieve the impossible, the petty are those who
cannot - rrs"
Reply to: