Re: Multiple external interfaces

From: P Gentry (rdgentry1_at_cablelynx.com)
Date: 03/19/04 

Date: 18 Mar 2004 21:59:07 -0800

LeX <alex_j_a@dds.nl> wrote in message news:<opr42u4lvkkh1mgt@news.utwente.nl>...
> Hi,
>
> First, thanks for your fast response.
>
> > First, you should only need to enter a gateway once for the default
> > routing table (unless you are routing to two different gateways, but I
> > am assuming that you are not).
>
> Well, actually they are set automatically through DHCP. My routing table
> is simple and looks like this:
>
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 130.89.192.0 * 255.255.224.0 U 0 0 0
> extA
> 130.89.192.0 * 255.255.224.0 U 0 0 0
> extB
> 10.0.0.0 * 255.255.0.0 U 0 0 0
> intA
> default if-kabel.routin 0.0.0.0 UG 0 0 0
> extA
>
> > It sounds like you need to set up routing tables to have one segment get
> > routed differently then another.
>
> Exactly, but that is not the problem (I found out how to do that). But to
> make sure, I've tried your suggestion anyways. But now it looks the
> packets from 10.0.1.x are routed to nowhere and the secondary network
> adapter is still not accessible from the outside.
[snip]

This last item could be the result of sending _all_ non-local traffic
through extA. extA (both its IP and MAC are all the upstream devices
see in outgoing frames/packets -- they never see extB's IP or MAC).
What happens with local pings? Also, how does your ISP handle DNS and
hostname assignment -- ie., how is he going to give you two hostnames?
 All other dual line setups to a single ISP I've seen required static
configuration.

Clarify if you will:
-- your ISP has allotted you two public IPs, each to the same gateway.
-- you can attach two separate machines simultaneously to your CM and
have each of them acquire an IP and routing tables, etc. that give
full, proper access/behavior to and from the internet.

If both of these are true, then your DHCP request/reply cycle is not
completing properly for each NIC -- to your ISP (and your CM), you
have two machines (two NICs, two MACs). Double check that each NIC is
properly set up to acquire DHCP. The only difference is that you have
only one (inclusive) main routing table instead of two (separate)
tables. You and sean have already looked into this issue some. And
remember only one hostname.

Does your routing table change at all depending on which NIC you bring
up manually? Have you watched route -n output in an xterm while DHCP
fills it in? What about your arp cache (should give you some notion
what's going on at MAC level)? You may want to run arpwatch for
clues.

Note that your 10.0.0.0 net is listed in the routing table as /16 and
not /24 -- ie., you don't have a 10.0.1.0/24 subnet, just a
10.0.0.0/16 subnet.

Also, you don't have a loopback interface set up in the routing table
-- do you have a loopback configured? Arps and pings (and other ICMP)
protocols require the loopback to operate properly (and not drop
packets).

I guess we've all been assuming that you remove the firewall
completely when testing your setup changes. It has to be said just to
be sure. And resetting your CM so it zeros its MAC/IP table (they
frequently are set to _not_ timeout your NIC's MAC)?

Besides output from route -n and route -C, arp and netstat can be
useful to check/monitor all interfaces. ifconfig -a output is also a
useful detail.

My first look at this thread made me think sean pretty much covered
it, but your "works in other boxes" comment and the ping problem got
me to scratching my head. Your "doesn't work" symptoms are just what
you would see if the ISP gave you only one IP address, but... you have
two? And since it looks like you don't really have two subnets, just
one, you shouldn't drop ping reply packets related to
arp/MAC/IP/netmask conflicts. Curiouser and couriouser! No wonder
you've been puzzling with this for months.

Just wondering: what advantage are you expecting to get with two
external NICs and just one internal NIC? Ie., what will you get that
warrants the extra work compared to simply MASQing the internal net?
It's as if you have your routing box turned around -- two NICs facing
out, one in rather than the normal one NIC facing out, two in. Seems
like a lot of extra work -- for what?

Anyway, here's the best CM guide I've run across -- has a handy and
thorough checklist as well as troubleshooting tips/background.
http://homepage.ntlworld.com/robin.d.h.walker/cmtips/index.html

You have presented something of a diagnostic conundrum together with
an unusual setup -- I'll have to keep an eye out.

hope this jogs something loose,
prg
email above disabled

Relevant Pages

  • Re: Multiple Nics with DHCP on a firewall
    ... Get a router and use MAC address cloning with one computer the ISP knows ... When we have multiple nics running, ...
    (comp.security.firewalls)
  • Re: Fedora and Qwest
    ... Some won't give any IPs to new NICs as a security feature, ... ignore any other MAC address. ... (the DSL modem), but not come across that issue on the client side. ... ISP using DHCP) ...
    (Fedora)
  • Re: Emulating multiple nics with one
    ... All I basically want to do is emulate multiple nic's (each with it's ... I can do the latter half (routing), ... to do the first part (emulating multiple nics using one). ... each with a unique mac address. ...
    (comp.os.linux.networking)
  • Re: 2003 NIC issue
    ... The NIC facing the ISP is the only one that should have a Default Gateway. ... Traffic will not move between the two NICs unless "Routing" is enabled. ... let the ISA installation handle setting that ...
    (microsoft.public.windows.server.networking)
  • Re: Connecting a user to AOL (anything I should know?!)
    ... it's used for routing ... ... I am saying that what is done with an ARP table is not called Routing. ... Quite different to hard wired / the concept of MAC being hard wired. ... Wouldn`t "Cable modemA" change the MAC to that of the ISP`s Router? ...
    (uk.comp.homebuilt)