Re: Dual NICs, Routing Problem

On Thu, 29 Dec 2005, in the Usenet newsgroup alt.os.linux.suse, in article
<tM6dnVHGc5ifIS7eRVnyug@xxxxxxxxx>, JohnK wrote:

>In a similar situation at my place of work, there is a machine set up
>with two NICs, one to access a 'private' LAN with a DB server on it and
>one for general customer access. In that case, we have the customer LAN
>set as the default card with the default gateway.

Not really. There is no "default card". The concept of a default gateway
is that this route is to be used if none of the other defined routes will
reach the intended recipient. Consider

Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 95017 eth0
192.168.0.0 192.168.1.6 255.255.0.0 UG 0 0 11695 eth0
192.0.2.0 0.0.0.0 255.0.0.0 U 0 0 1541 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 420 lo
0.0.0.0 192.0.2.248 0.0.0.0 UG 0 0 2004 eth1

Here, there are two NICs leading to three "local" networks. Do you have
a packet for 192.168.1.14? That is reachable by the first line. Another
packet going to 192.168.0.5 or 192.168.255.254? The second line says to
send it to a router at 192.168.1.6 (which is on eth0), and it will forward
it. How about a packet for 192.0.2.136? The third line answers that one.
What about 10.0.10.10? Well, that's not on the first, second, or third
line, and it's not on the loopback either. But the last line says 0.0.0.0/0
(which means everything) is reachable via a router at 192.0.2.248 on the
eth1 interface.

So, why don't we send everything to 192.0.2.248 which is called the default
gateway? The answer is that the kernel networking code looks for the most
specific route. A 'host' route (mask 255.255.255.255, flag UH) is more
specific than a network route (mask other than 255.255.255.255 or 0.0.0.0)
and is the next best choice IF IT LEADS WHERE YOU WANT TO GO, and the more
bits in the network mask, the better. Thus, 192.168.1.1 is covered by both
the first and second line, but the first line takes precedence because it
is more specific. Only if all other routes DON'T match will the kernel
choose the 'default' - the last line.

>With the other, we have added a route which specifies the second CARD -
>NOT a gateway address on that second LAN. I believe you have to tell the
>box which card to use for that 'private' LAN and not which gateway.

When setting up networking (at boot time), you tell the routing code
which network is connected to the computer. Then you tell it what
other networks can be reached using gateways that are directly attached
to the networks attached to the computer. That could include a 'default'
gateway which leads "everywhere else" if such a gateway exists. Now,
once your networking is "up", your application merely tells the kernel
to "send this to $FOO", and the kernel will then try to resolve the
address (using instructions in /etc/nsswitch.conf) from a hostfile or
DNS, and based on the IP address, it will then send the packet out the
"right" interface. If the packet is destined for an off-local network
address, the IP address of the packet will be the destination, but the
link level address (example, Ethernet MAC address) will be that of the
router that will forward the packet on it's way. All your application
needs to know is the destination hostname (or lacking that, the remote
IP address). The kernel handles things from there, based on the routing
table, TYVM.

>If you just specify a gateway address then it will look for this address
>via the default NIC/gateway. It has to be an address it has knowledge of.
>I.e. the second NIC's IP address.

No. The gateway IP address is the IP address of the "remote" host on _this_
network that will forward the packet. It MUST be on (one of) the network(s)
that are directly attached to "this" computer. In the example above, the
gateways must be 192.168.1.x (eth0) or 192.0.2.x (eth1). IT WILL NOT BE
ONE OF THE ADDRESSES OF "THIS" COMPUTER (sending a packet "there, give it
to "yourself" to forward... who will send it to "yourself" to forward...
who will send it to "yourself to forward... Mommy, are we "there" yet?).

Please don't confuse yourself with the crap that microsoft displays on
their routing tables. Microsoft invented networking 13 YEARS after everyone
else, and grabbed "buzzwords" out of context. Their routing table is
intentionally complex and full of BS to scare people away from this technical
stuff.

Old guy
.

Relevant Pages

  • Re: IP address block shifting
    ... determines whether it is worth while to send this packet ... directly to the LAN, or if it is necessary to find a gateway ...
    (comp.os.linux.networking)
  • Help me with GATEWAY
    ... I am new to his forum and new to networking. ... It is connected through a LAN via Gateway Server. ... Can i share the exisiting ointernet connection for another gateway. ...
    (comp.dcom.modems.cable)
  • Re: OT: Ping Isaac
    ... Corporate International Mail Hub via MSMail with external gateways ... also had a MSMail to SMTP gateway, an X.25 gateway, Async gateways, a ... except it was all using Macs. ... Amstrad networking kit, expanded it to 6 users, then to about 10 using ...
    (uk.comp.sys.mac)
  • Re: 2-user XP workgroup wont work
    ... I therefore set the gateway ... configured or incompletely un-installed firewall program. ... re-install it and un-install it. ... Steve Winograd, MS-MVP (Windows Networking) ...
    (microsoft.public.windowsxp.network_web)
  • Re: Newbie question: is net.inet.ip.fastforwarding intended for routersonly?
    ... To my imagination (I have taken a sight on the kernel networking ... > code), the fastforwarding path is intended for routers only, so if I want ... * ip_fastforward gets its speed from processing the forwarded packet to ...
    (freebsd-net)