[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

multiple nic/IP in firewall



hi list,

i have a problem, we have a webserver behind a firewall. the firewall had one public IP address and was working fine. today i added a second nic to the firewall, with a different public IP address. and i want to use both public addresses to access the webserver.
i did read larct howto for this case (http://www.lartc.org/lartc.html#AEN267) and made an script with it, but it is not working as expected. all response packets to requests to nic with second ip address eth4 (newer) are sent through nic of the the first ip address eth3 (the old one, that is also my default gateway). eth2 is the nic connecting with the webserver.

route -n in firewall:
~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
XX.220.XX.176  0.0.0.0         255.255.255.255 UH    0      0        0 eth3
YY.20.YY.0      0.0.0.0         255.255.255.255 UH    0      0        0 eth4
XX.220.XX.176  0.0.0.0         255.255.255.252 U     0      0        0 eth3
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth2
YY.20.YY.0      0.0.0.0         255.255.255.0   U     0      0        0 eth4
0.0.0.0         XX.220.XX.177  0.0.0.0         UG    0      0        0 eth3

the script:

~# cat /etc/network/routes.sh
#!/bin/bash

P1_NET=YY.20.YY.0
IF1=eth4
IP1=YY.20.YY.3
P1=YY.20.YY.2

P2_NET=XX.220.XX.176
IF2=eth3
IP2=XX.220.XX.178
P2=XX.220.XX.177

ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1
ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2

ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2

ip route add default via $P2

ip rule add from $IP1 table T1
ip rule add from $IP2 table T2



that's it, i am not an expert with routing, so any help is very welcome.


--
Roberto Scattini

Reply to: