Re: Multiple NICs with Monolithic kernel
On Sun, Feb 23, 2003 at 07:48:45PM -0500, Fraser Campbell wrote:
> On Sun, 2003-02-23 at 11:51, Michael West wrote:
>
> > With this setup and only one card with a cable attached I can ping all
> > three addresses 10.0.1.10, 10.0.1.11, and 10.0.1.12. This is true no
> > matter which card is plugged in.
>
> That's because the kernel doesn't particularly care which physical
> interface a packet arrives on (unless you implement firewalling). A
> packet arrives on the ethernet interface and the kernel says "is that
> me?" ... it is, it accepts the packet and it responds. This is very
> simplistic but I believe that's what's happening.
That makes sense to me.
--SNIP--
>
>
> 10.0.1.0 0.0.0.0 255.255.255.0 [snip] eth0
> 10.0.1.0 0.0.0.0 255.255.255.0 [snip] eth1
> 10.0.1.0 0.0.0.0 255.255.255.0 [snip] eth2
> 0.0.0.0 10.0.1.3 0.0.0.0 [snip] eth0
> 0.0.0.0 10.0.1.3 0.0.0.0 [snip] eth1
> 0.0.0.0 10.0.1.3 0.0.0.0 [snip] eth2
Yes, that is the routing table, I tried different ones as well, I
really don't need three identical default routes.
>
> I might be wrong on this but I don't think the kernel tries additional
> routes, when it finds the first matching route it routes that way and is
> done with the packet.
Right. And if none match then it tries the default.
>
> So, no matter which ethernet cable is plugged in, the route to your
> local network will always be bound to eth0, AFAIK. To prove this try
> pinging the other IPs from a remote machine, then check what MAC address
> shows up in that machine's arp tables ... I suspect that you will see
> the same MAC address for all IPs, obviously because all reponses are
> coming through the same interface.
>
> What is the effect that you're trying to achieve by assigning IPs to
> dedicated network cards? Are you expecting enough traffic to saturate
> the ethernet connection? If you're doing this for load balancing then
> it can be done with multipath routing (see iproute2 tool).
I was only testing that my new cards worked. So I have achieved
that, but was confused about what I was experiancing. This is
going to be a gateway/firewall machine connecting 3 subnets.
I had never attached two cards on a box to the same network, and
had never thought about how that would work. So I am trying to
learn. You have helped.
The final thing which I still do not understand is that, after I
passed the ether= kernel parameters for each card, only eth0 would
work. But if I `ifdown eth0` then only eth1 would work. Finally
if I `ifdown eth1` then eth2 would work. This one has got me
stumped.
> > I wish to use a monolithic kernel for security. Can you help me
> > understand either how to set this up so each card gets one ip and/or
> > understand how each card is getting all three?
>
> By monolithic kernel do you mean not using modules? Why is that more
> secure?
Yes, I mean not using modules. This is the completly paranoid way
of avoiding kernel module rootkits. I use only monolithic kernels
on DMZ and Firewall machines. Not that I am really much of a
netadmin, as is evident. This is my hobby.
Here is a link if you what to learn a little about kernel module
security.
http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s9.3
And here is much more detail:
http://packetstormsecurity.org/docs/hack/LKM_HACKING.html
Thanks for your help!
Reply to: