Re: Fedora Box with TWO NIC's

From: John Meagher (jmeagher_at_patriot.net)
Date: 08/22/04

Next message: Gene Heskett: "Re: Cron useage question"

Previous message: Christopher J. Bottaro: "Re: using optical drives these days"
In reply to: Julian Underwood: "Re: Fedora Box with TWO NIC's"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sun, 22 Aug 2004 00:18:06 -0400
To: fedora-list@redhat.com

Julian Underwood wrote:

> I have a Fedora box with two working NIC's:
>
> DSL, static IP:
> (NIC 1)
> ip:168.101.199.6
> nm:255.255.255.248
> gw:168.101.199.5
> dns:168.101.1.3, 168.101.1.9
>
> LAN, has a sonicwall router to Cable modem:
> (NIC 2)
> ip:192.168.0.7
> nm:255.255.255.0
> gw:192.168.0.1 (currently NOT SET so at least the DSL NIC is functional)
> dns:not needed
>
> With this setup, /nothing/ works. Can't ping anything, can't browse
> from the box locally, nothing. However if I remove the gateway on NIC
> 2 (192.168.0.1), then I can at least browse through NIC 1 and it can
> be pinged. However--the LAN interface is still useless, can't ping it.
>
> The reverse works the same. Remove the GW on NIC 1 (168.101.199.5) and
> place it on NIC 2 (192.168.0.1) then I can browse through NIC 2 on the
> Cable modem side, but then the DSL NIC becomes useless (can't ping).
>
> So I am asking, what is the trick to make BOTH interfaces work and if
> the server needs to go out onto the net, it will by default browse out
> on the DSL side of things? I would like to be able to manage the
> server and provide file services from the LAN side.
>
> $ netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window
> irtt Iface
> 168.101.199.6 0.0.0.0 255.255.255.248 U 0 0
> 0 eth1
> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0
> 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
> 0 eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0
> 0 lo
> 0.0.0.0 168.100.199.5 0.0.0.0 UG 0 0
> 0 eth1
>
> Again, I think this output is with my LAN NIC disabled, again: the LAN
> NIC doesn't have a gw because /nothing/ works when it is defined.
> Goal: be able to provide management and file services from the LAN NIC
> and still function with the DSL NIC.

Julian Underwood wrote:

> Scroll down for the output of netstat -nr!
>
>
> I have a Fedora box with two working NIC's:
>
> DSL, static IP:
> (NIC 1)
> ip:168.101.199.6
> nm:255.255.255.248
> gw:168.101.199.5
> dns:168.101.1.3, 168.101.1.9
>
>
> LAN, has a sonicwall router to Cable modem:
> (NIC 2)
> ip:192.168.0.7
> nm:255.255.255.0
> gw:192.168.0.1 (currently NOT SET so at least the DSL NIC is functional)
> dns:not needed
>
> With this setup, /nothing/ works. Can't ping anything, can't browse
> from the box locally, nothing. However if I remove the gateway on NIC
> 2 (192.168.0.1), then I can at least browse through NIC 1 and it can
> be pinged. However--the LAN interface is still useless, can't ping it.
>
> The reverse works the same. Remove the GW on NIC 1 (168.101.199.5) and
> place it on NIC 2 (192.168.0.1) then I can browse through NIC 2 on the
> Cable modem side, but then the DSL NIC becomes useless (can't ping).
>
> So I am asking, what is the trick to make BOTH interfaces work and if
> the server needs to go out onto the net, it will by default browse out
> on the DSL side of things? I would like to be able to manage the
> server and provide file services from the LAN side.
>
> $ netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window
> irtt Iface
> 168.101.199.6 0.0.0.0 255.255.255.248 U 0 0
> 0 eth1
> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0
> 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
> 0 eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0
> 0 lo
> 0.0.0.0 168.100.199.5 0.0.0.0 UG 0 0
> 0 eth1
>
> Again, I think this output is with my LAN NIC disabled, again: the LAN
> NIC doesn't have a gw because /nothing/ works when it is defined.
> Goal: be able to provide management and file services from the LAN NIC
> and still function with the DSL NIC.

I'm still a little confused. Is this right:
You have a cable modem on the LAN for office internet access.
You have a DSL connected to the server to provide a public web service.

Is the firewall on the DSL router? And another one on the cable modem?
You may want to consider beefing this upfrom the security standpoint.
At least add a firewall on the server.

The usual setup is

internet--->firewall--->LAN and servers, or

internet---->firewall--->LAN
|
|-->firewall---->DMZ-- ->servers

The server's only route to the internet should be via 168.101.199.5 and
the netmask is 255.255.255.248 (not 0.0.0.0) if that is the mask they
gave you for the server.
168.101.199.5 should be a firewall/gateway. (although using the .1
address for the gateway would be more conventional)

So your routing table might look about like this:

168.101.199.6 0.0.0.0 255.255.255.248 U 0 0 0
eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
(the above route should get you to the LAN)

169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth1
(I don't know what the above is. Probably learned from the cable modem.
Keep the "routed" process turned off.)

127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 168.100.199.5 255.255.255.248 UG 0
0 0 eth1
(note the mask was changed in the line above)

Another possible issue is your NIC1/NIC2 nomenclature. The one you are
calling NIC1 is on the public address which is assigned to eth1. The
one you are calling NIC2 is on the private address which is assigned to
eth0. Make sure it's connected the way you think it should be. Verify
with ifconfig.

Unless FC2 is different, the files which set this up whenever you do a
boot or service network restart are in
/etc/sysconfig/network-scripts/ifcfg-eth? and /etc/sysconfig/network.
There's also a gui, I think redhat-config-network.

To temporarily fix the default route, try
route del default
route add default gw 168.100.199.5 netmask 255.255.255.248

And of course, on your LAN, make sure the workstations are pointed to
the cable modem as default gateway.
Make sure the DSL router and everything else on the segment has the
255.255.255.248 netmask.
The server's DNS address in the server's /etc/resolv.conf should be the
one from the DSL company.

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

Next message: Gene Heskett: "Re: Cron useage question"

Previous message: Christopher J. Bottaro: "Re: using optical drives these days"
In reply to: Julian Underwood: "Re: Fedora Box with TWO NIC's"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: DMZ / Firewall question
... Have a Netgear DSL modem/router with a DMZ port. ... LAN side of the router has a number of XP PCs. ... "DMZ" is really just a virtual server port, ...
(microsoft.public.windowsxp.network_web)
help with winroute and ip routing with multiple nics!!!!!!!!!!!
... cable connection and lan to this and so far I got it to work ok... ... internet it doesnt work too well, seems like the server gets confused ... ps. both the dsl and cable connections are dhcp assigned.... ...
(comp.security.firewalls)
sharing a DSL connection using FreeBSD-5.3
... i have a freebsd machine which i want to use to share my DSL ... connect to my DSL provider which gave me a static IP address. ... setup with one LAN card and correctly setup IP address & settings, ... dc0: flags=8843mtu 1500 ...
(freebsd-questions)
Re: Fedora Box with TWO NICs (NEED HELP!) (fwd)
... > You have a cable modem on the LAN for office internet access. ... > You have a DSL connected to the server to provide a public web service. ...
(Fedora)
Re: Seting up a web server behind 2 firewalls
... The DSL modem provides a LAN side of 192.168.1.X/24? ... The Linksys provides a LAN side of 192.168.0.X/24? ... The web server is on the LAN side of the DSL modem at 192.168.1.100? ...
(comp.security.firewalls)