Re: Dual Interface Routing Question
Ritesh Raj Sarraf wrote:
>
> Juan Sierra Pons wrote:
>> Hi,
>>
>> -With other configuration (some traffic through the VPN interface and
>> some through your default interface): a Bad guy from Internet can
>> achieve your company's networks using your computer as a gateway.
>>
>
> yes, you're correct.
> But with this setup I see only one problem, my speed is degraded.
>
Hi,
I'd like to add more to this thread because I still don't feel that my issue is
resolved. But yes, I'd agree that the setup I'm thinking of, makes no sense for
vpn. But still, I know what I'd be doing.
Here's my routing table when only eth1 (the wired ethernet device) is activated.
geeKISSexy:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.73.16.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tap0
0.0.0.0 10.73.16.1 0.0.0.0 UG 0 0 0 eth1
And this is when eth2 (the wireless device) gets activated. After eth2 is up, it
executed vpnc from post-up.
geeKISSexy:~# ifup eth2=eth2foo
Internet Software Consortium DHCP Client 2.0pl5
Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
All rights reserved.
Please contribute if you find this software useful.
For info, please visit http://www.isc.org/dhcp-contrib.html
sit0: unknown hardware address type 776
eth0: unknown hardware address type 24
sit0: unknown hardware address type 776
eth0: unknown hardware address type 24
Listening on LPF/eth2/00:13:02:b7:7a:7e
Sending on LPF/eth2/00:13:02:b7:7a:7e
Sending on Socket/fallback/fallback-net
DHCPREQUEST on eth2 to 255.255.255.255 port 67
DHCPACK from 10.73.36.3
bound to 10.73.36.230 -- renewal in 129600 seconds.
VPNC started in background (pid: 13917)...
geeKISSexy:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
202.3.112.38 10.73.16.1 255.255.255.255 UGH 0 0 0 eth1
10.73.16.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1
10.73.36.0 0.0.0.0 255.255.252.0 U 0 0 0 eth2
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tap0
0.0.0.0 10.73.16.1 0.0.0.0 UG 0 0 0 eth1
So currently, still everything is being routed through eth1. Surprisingly (or
maybe not) all is being routed through VPN which was fired in the post-up of
eth2
What I'm looking for is to know, what changes do I need to make into this
routing table so that:
a) All 10.x.x.x related traffic passes through eth1
b) As for the rest (and default route) passes through eth2
Thanks,
Ritesh
--
Ritesh Raj Sarraf
RESEARCHUT - http://www.researchut.com
"Necessity is the mother of invention."
"Stealing logic from one person is plagiarism, stealing from many is research."
"The great are those who achieve the impossible, the petty are those who
cannot - rrs"
Reply to: