Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Server with 2 network cards
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
oc666
Guru
Guru


Joined: 15 May 2006
Posts: 330
Location: Israel

PostPosted: Mon May 05, 2008 2:59 pm    Post subject: Server with 2 network cards Reply with quote

Hello
I'm having server with 2 network cards.
I can't reach to one of them via internet when they connected together.
This is my /etc/cond.d/net:
Code:

config_eth0=( "192.168.16.14 netmask 255.255.255.0 brd 192.168.16.255" )
routes_eth0=( "default via 192.168.16.4" )
config_eth1=( "192.168.0.101 netmask 255.255.255.0 brd 192.168.0.255" )
routes_eth1=( "default via 192.168.0.1" )

If I work only with one eth - it's works fine (each one).
What I did wrong?

Thanks
_________________
embAD-new way to insert ads to your website
Back to top
View user's profile Send private message
JoshFed
n00b
n00b


Joined: 21 Jul 2003
Posts: 44
Location: Tacoma, WA USA

PostPosted: Mon May 05, 2008 3:25 pm    Post subject: Reply with quote

Simple question but it has to be asked. Are you starting the NIC before you try using it?

Code:
/etc/init.d/net.eth0 start


and

Code:
/etc/init.d/net.eth1 start
Back to top
View user's profile Send private message
oc666
Guru
Guru


Joined: 15 May 2006
Posts: 330
Location: Israel

PostPosted: Mon May 05, 2008 4:15 pm    Post subject: Reply with quote

Yep, It started. As I say, when one work alone - it's all fine, but when both of them work, I can't reach to one of them.
Both of them behind routers (which make port forwarding). I think it's because the gatways, but I'm not sure.
More info
My route:
Code:
$ /sbin/route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.16.0    *               255.255.255.0   U     0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
loopback        *               255.0.0.0       U     0      0        0 lo
default         192.168.0.1     0.0.0.0         UG    0      0        0 eth1
default         192.168.16.4    0.0.0.0         UG    1      0        0 eth0

In this current configuration, I can't reach the eth0 (the /etc/conf.d/net is the same like above (my last message)).
_________________
embAD-new way to insert ads to your website
Back to top
View user's profile Send private message
JoshFed
n00b
n00b


Joined: 21 Jul 2003
Posts: 44
Location: Tacoma, WA USA

PostPosted: Fri May 09, 2008 6:43 pm    Post subject: Reply with quote

Where are you (your workstation) in relation (network wise) to the server? What's your workstation IP?
Back to top
View user's profile Send private message
jcat
Veteran
Veteran


Joined: 26 May 2006
Posts: 1337

PostPosted: Sat May 10, 2008 12:18 am    Post subject: Reply with quote

With 2 default gateways I presume it's always the first one one in the routing table that will be used. Why would the box with two NIC's do anything other than that :wink: , routing tables are really that simple.

The host isn't just going to respond on a particular interface because that's where the traffic came in, it will use the routing table.


Cheers,
jcat
Back to top
View user's profile Send private message
zeek
Guru
Guru


Joined: 16 Nov 2002
Posts: 478
Location: Bantayan Island

PostPosted: Sat May 10, 2008 5:25 am    Post subject: Re: Server with 2 network cards Reply with quote

oc666 wrote:
Hello
I'm having server with 2 network cards.
I can't reach to one of them via internet when they connected together.
This is my /etc/cond.d/net:
Code:

config_eth0=( "192.168.16.14 netmask 255.255.255.0 brd 192.168.16.255" )
routes_eth0=( "default via 192.168.16.4" )
config_eth1=( "192.168.0.101 netmask 255.255.255.0 brd 192.168.0.255" )
routes_eth1=( "default via 192.168.0.1" )

If I work only with one eth - it's works fine (each one).
What I did wrong?

Thanks


To multihome a server and run services from both IPs using source routing requires IP advanced router compiled into the kernel. You need to be using iproute2 and add an entry to /etc/iproute2/rt_tables. In /etc/conf.d/net.example there are some functions that you need to add that will run `ip rule` commands when the interface is brought up.

Google for "source routing" and "ip rule". You will find plenty of tutorials to set this up. Good luck!
Back to top
View user's profile Send private message
oc666
Guru
Guru


Joined: 15 May 2006
Posts: 330
Location: Israel

PostPosted: Sat May 10, 2008 9:09 am    Post subject: Re: Server with 2 network cards Reply with quote

zeek wrote:

To multihome a server and run services from both IPs using source routing requires IP advanced router compiled into the kernel. You need to be using iproute2 and add an entry to /etc/iproute2/rt_tables. In /etc/conf.d/net.example there are some functions that you need to add that will run `ip rule` commands when the interface is brought up.

Google for "source routing" and "ip rule". You will find plenty of tutorials to set this up. Good luck!


Hey, thanks for the answer.
First of all I need to understand what this is mean and how it's work. Is there any article on how to configure two network cards on one gentoo machine?
Second, I google and I found this:
Quote:
Do not accept source routed packets. Attackers can use source routing to generate traffic pretending to originate from inside your network, but that is actually routed back along the path from which it came, so attackers can compromise your network. Source routing is rarely used for legitimate purposes, so it is safe to disable it.


Additionally, I enabled "IP advanced router" in my kernel. Here is my /etc/iproute2/rt_tables and ip route:
Quote:
$ cat /etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep

$ ip route show
192.168.16.0/24 dev eth0 proto kernel scope link src 192.168.16.14
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.101
127.0.0.0/8 dev lo scope link
default via 192.168.0.1 dev eth1
default via 192.168.16.4 dev eth0 metric 1

_________________
embAD-new way to insert ads to your website
Back to top
View user's profile Send private message
oc666
Guru
Guru


Joined: 15 May 2006
Posts: 330
Location: Israel

PostPosted: Sat May 10, 2008 9:40 am    Post subject: Update Reply with quote

I just reboot because the kernel update. I run "ip route show" again:
Quote:
# ip route show
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.101
192.168.16.0/24 dev eth0 proto kernel scope link src 192.168.16.14
127.0.0.0/8 dev lo scope link
default via 192.168.16.4 dev eth0
default via 192.168.0.1 dev eth1 metric 1

Now, I can't reach the server from the card worked before the reboot and I can reach the card which didn't work before the reboot.
I see the different in the last two lines in the "ip route show" command:
Quote:

Before reboot:
default via 192.168.0.1 dev eth1 <---- I can reach this
default via 192.168.16.4 dev eth0 metric 1 <---- I can't reach this
After reboot
default via 192.168.16.4 dev eth0 <---- I can reach this
default via 192.168.0.1 dev eth1 metric 1 <---- I can't reach this

How could I fix this?
_________________
embAD-new way to insert ads to your website
Back to top
View user's profile Send private message
zeek
Guru
Guru


Joined: 16 Nov 2002
Posts: 478
Location: Bantayan Island

PostPosted: Sun May 11, 2008 4:29 am    Post subject: Re: Server with 2 network cards Reply with quote

oc666 wrote:
Second, I google and I found this:
Quote:
Do not accept source routed packets. Attackers can use source routing to generate traffic pretending to originate from inside your network, but that is actually routed back along the path from which it came, so attackers can compromise your network. Source routing is rarely used for legitimate purposes, so it is safe to disable it.

Ignore that, its talking about something different.

It looks to me like your setup is almost there, its just missing an ip rule. Here is my setup (mac zero'd):

Code:
linky ~ # ip addr ls
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.44/24 brd 10.0.0.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.46/24 brd 10.0.0.255 scope global eth1


linky ~ # ip rule ls
0:      from all lookup local
32765:  from 10.0.0.46 lookup cable
32766:  from all lookup main
32767:  from all lookup default


linky ~ # cat /etc/iproute2/rt_tables
#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep

100 cable

Back to top
View user's profile Send private message
oc666
Guru
Guru


Joined: 15 May 2006
Posts: 330
Location: Israel

PostPosted: Sun May 11, 2008 10:03 am    Post subject: Reply with quote

Thanks on the reply, but I don't understand the ip rules you wrote. Where can I find more info or you can explain this?

Thanks.
_________________
embAD-new way to insert ads to your website
Back to top
View user's profile Send private message
zeek
Guru
Guru


Joined: 16 Nov 2002
Posts: 478
Location: Bantayan Island

PostPosted: Mon May 12, 2008 1:18 am    Post subject: Reply with quote

oc666 wrote:
Thanks on the reply, but I don't understand the ip rules you wrote. Where can I find more info or you can explain this?

Thanks.


I only have one rule:

ip rule add from 10.0.0.46 table stealth

Search for 'ip rule' in /etc/conf.d/net.example and add the post up/down functions. Or be lazy like me and just run the command from /etc/conf.d/local.start.

This net config might be helpful:

Code:
# cat /etc/conf.d/net
modules=( "iproute2" )

config_eth0=( "10.0.0.44/24 brd 10.0.0.255" )
config_eth1=( "10.0.0.46/24 brd 10.0.0.255" )

routes_eth0=( "default via 10.0.0.254" )

routes_eth1=(
        "127.0.0.0/8 dev lo table cable"
        "default via 10.0.0.253 table cable"
        )
Back to top
View user's profile Send private message
oc666
Guru
Guru


Joined: 15 May 2006
Posts: 330
Location: Israel

PostPosted: Tue May 13, 2008 1:36 pm    Post subject: Reply with quote

Thanks a lot, it's works just fine.
Also, I learned a lot in the next two articles in the wiki:
http://gentoo-wiki.com/Dual_internet_connections
http://gentoo-wiki.com/TIP_Dual-Homed_Gentoo_Server
_________________
embAD-new way to insert ads to your website
Back to top
View user's profile Send private message
oc666
Guru
Guru


Joined: 15 May 2006
Posts: 330
Location: Israel

PostPosted: Fri Nov 07, 2008 2:58 pm    Post subject: Reply with quote

Sorry to pop up this post, but I have a problem and the sources (from gentoo-wiki) I build the configuration removed.
I reinstall my server on new machine. I add the following configuration:
Quote:

# cat /etc/conf.d/net
dns_servers=( "212.150.48.169 206.49.94.234 194.90.1.5" )
modules=( "iproute2" )

config_eth0=( "192.168.0.101 netmask 255.255.255.0 brd 192.168.0.255" )
routes_eth0=( "default via 192.168.0.1" )

config_eth1=( "192.168.16.14 netmask 255.255.255.0 brd 192.168.16.255" )
routes_eth1=( "127.0.0.0/8 dev lo table neteth1"
"default via 192.168.16.4 table neteth1"
)

# cat /etc/conf.d/local.start
/sbin/ip route add 192.168.16.0/24 dev eth1 src 192.168.16.14 table neteth1
/sbin/ip route add default via 192.168.16.4 table neteth1
/sbin/ip rule add from 192.168.16.4 table neteth1

# cat /etc/iproute2/rt_tables
255 local
254 main
253 default
0 unspec
100 neteth1


I can't connect to the machine via the eth1. After The system reboot I get the next message:
Quote:
RTNETLINK answers: File exists


I try to debug this problem, but I don't know where to start.

Thanks for the help.
_________________
embAD-new way to insert ads to your website
Back to top
View user's profile Send private message
oc666
Guru
Guru


Joined: 15 May 2006
Posts: 330
Location: Israel

PostPosted: Sun Nov 09, 2008 10:44 pm    Post subject: More info Reply with quote

I try to debug it, and got the next interesting info:
1. When I surf to the eth1 I got tcpdump info:
Quote:
# tcpdump port 80 -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
00:34:53.228528 IP 85-250-212-217.bb.netvision.net.il.32661 > BCGENTOO.BCLIBRARY.http: S 2900102160:2900102160(0) win 2144 <mss 536,sackOK,timestamp 1165414 0,nop,wscale 6>
00:34:56.228158 IP 85-250-212-217.bb.netvision.net.il.32661 > BCGENTOO.BCLIBRARY.http: S 2900102160:2900102160(0) win 2144 <mss 536,sackOK,timestamp 1166164 0,nop,wscale 6>

2. I don't have ping outside from the problematic eth:
Quote:
# ping -I eth1 google.com
PING google.com (209.85.171.99) from 192.168.16.14 eth1: 56(84) bytes of data.
From BCGENTOO.BCLIBRARY (192.168.16.14) icmp_seq=2 Destination Host Unreachable
From BCGENTOO.BCLIBRARY (192.168.16.14) icmp_seq=3 Destination Host Unreachable
From BCGENTOO.BCLIBRARY (192.168.16.14) icmp_seq=4 Destination Host Unreachable

_________________
embAD-new way to insert ads to your website
Back to top
View user's profile Send private message
oc666
Guru
Guru


Joined: 15 May 2006
Posts: 330
Location: Israel

PostPosted: Sun Nov 09, 2008 10:58 pm    Post subject: Fixed Reply with quote

I just update the local.start line to use the ip instead the gw:
Quote:
/sbin/ip rule add from 192.168.16.14 table neteth1

192.168.16.14=IP
192.168.16.4=GW
_________________
embAD-new way to insert ads to your website
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum