Configuring three nics on a gateway/web server
Hi,
after a two days-long headache I've got that probably I need some help.
I've successfully installed and configured Apache on a already working gateway box.
I know this can play a little unusual (web and gateway server in the same box)
but unfortunately at the moment I just have this hardware at my disposal.
However, I have inserted a third nic (eth2) on which the httpd daemon should have listen.
And here comes the hard bit;
with eth0 and eth1 off and eth2 on Apache does responde.
with eth0, eth1 and eth2 on Apache doesn't responde and got in /var/log/messages
martian source 101.102.103.115 from 101.102.103.117, on dev eth2
iptables-drop-src-norule: IN=eth0 SRC=101.102.103.117 DST=101.102.103.115 PROTO=TCP SPT=32777 DPT=80 SYN
iptables-drop-src-norule: IN=eth0 SRC=101.102.103.117 DST=101.102.103.115 PROTO=TCP SPT=32777 DPT=80 SYN
iptables-drop-src-norule: IN=eth0 SRC=101.102.103.117 DST=101.102.103.115 PROTO=TCP SPT=32777 DPT=80 SYN
The 101.102.103.117 IP comes from a 2nd machine where I launch the http request.
But why the router send http packets to the eth0 inteface,
or which interface receives packets from router ? I can't realize it.
Some information on box :
kernel: 2.4.22
grsecurity: 1.9.12-2.4.22
patch-o-matic: 20030912
iptables: 1.2.8
httpd: 2.0.47
Some information on the net :
eth0: gateway
eth1: local net
eth2: httpd
network: 101.102.103.112
broadcast: 101.102.103.119
router: 101.102.103.113
eth0: 101.102.103.114 netmask 255.255.255.248
eth1: 192.168.0.1 netmask 255.255.255.0
eth2: 101.102.103.115 netmask 255.255.255.255 <-- is this netmask correct ???
This is the routing table with eth0 and eth1 actived and eth2 off:
101.102.103.112 0.0.0.0 255.255.255.248 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 101.102.103.114 0.0.0.0 UG 0 0 0 eth0
This is the routing table with all interfaces on:
101.102.103.112 0.0.0.0 255.255.255.255 U 0 0 0 eth2 <-- probably conflict ???
101.102.103.112 0.0.0.0 255.255.255.248 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 101.102.103.114 0.0.0.0 UG 0 0 0 eth0
Moreover, adding eth2, got in /var/log/messages:
martian source 101.102.103.115 from 101.102.103.115, on dev eth0
The firewall seems to me ok.
This is all about eth2 how results from iptables-save :
-A interface2_in -s 101.102.103.115 -j DROP
-A interface2_in -d 101.102.103.115 -p tcp -m state --state NEW,ESTABLISHED -m tcp --sport 1024:65535 --dport 80 -j ACCEPT
-A interface2_in -d 101.102.103.115 -p tcp -m state --state NEW,ESTABLISHED -m tcp --sport 1024:65535 --dport 443 -j ACCEPT
-A interface2_out -s 101.102.103.115 -p tcp -m state --state ESTABLISHED -m tcp --sport 80 --dport 1024:65535 -j ACCEPT
-A interface2_out -s 101.102.103.115 -p tcp -m state --state ESTABLISHED -m tcp --sport 443 --dport 1024:65535 -j ACCEPT
-A network1_in -s 101.102.103.115 -j DROP
Any help will be very appreciated
Lucio
Reply to: