Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Routing table configuration
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
lostinspace2011
Apprentice
Apprentice


Joined: 09 Sep 2005
Posts: 214

PostPosted: Sat May 07, 2011 12:03 am    Post subject: Routing table configuration Reply with quote

My network consists of one linux server which two network interfaces (eth0 - 192.168.0.3 and eth1 - 192.168.0.4) and several other computers. Both network interfaces are connected to the same subnet. ETH0 is the "public" interface on which I have the external DNS server running for the websites hosted on the server. ETH1 is the "internal" interface which runs the internal DNS server used by all the computers on the network.

I set the metric on eth1 to be higher than the one on eth0 to prevent routing issues.

Code:
bumblebee ~ # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     *               255.255.255.0   U     100    0        0 eth0
192.168.0.0     *               255.255.255.0   U     200    0        0 eth1
loopback        *               255.0.0.0       U     0      0        0 lo
default         gateway....     0.0.0.0         UG    100    0        0 eth0


Most of the time this is all working but every so often some of the clients loose access to 192.168.0.4. It seems to be mostly Macs which are affected by this. Currently I just reset the DHCP lease which seem to fix this problem for the short term, but this has become tedious and frustrating.

Any suggestions on what I can do to diagnose the cause of this problem? When it occurs it looks like 192.168.0.4 has disappeared from the network on the affected computers, while it's accessible for the other on the network.

Thanks in advance for any insight.
Alex
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Sat May 07, 2011 3:42 am    Post subject: Reply with quote

Quote:
Both network interfaces are connected to the same subnet. ETH0 is the "public" interface on which I have the external DNS server running for the websites hosted on the server. ETH1 is the "internal" interface which runs the internal DNS server used by all the computers on the network.


This cant happen.

The internet and internal network cant be on the same network... or do you mean they have the same subnet (for e.g. 255.0.0.0).
_________________
My blog
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16036

PostPosted: Sat May 07, 2011 4:17 am    Post subject: Reply with quote

Based on the IP addresses posted, I believe he has a Gentoo system with two NICs and both NICs have addresses on the same subnet. He also has a NAT device configured to forward DNS and web requests to the IP address that is assigned to eth0.

This seems like a poor network design. Generally, placing distinct interfaces on the same subnet will lead to various subtle failures. The solution is not to place both interfaces on the same subnet. If the network cannot be rewired, and all services must be offered from the same machine, then I suggest assigning both IP addresses to a single interface. The interface can optionally be a logical interface, such as a bond of the two physical interfaces.
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Sat May 07, 2011 6:15 am    Post subject: Reply with quote

Even more confusing is the fact that the internet and the internal network are on the same subnet.

In my case, when I get direct internet access (using ppp), the subnet is 255.255.255.255, i.e. I don't belong to any network.
_________________
My blog
Back to top
View user's profile Send private message
luispa
Guru
Guru


Joined: 17 Mar 2006
Posts: 357
Location: España

PostPosted: Sat May 07, 2011 6:48 am    Post subject: Reply with quote

This is wrong, re-design it correctly. Easier is to setup a new subnet for the public part, which should have few hosts (probably the router and the linux on that side). So you only need to change two configs, the router LAN setup and the linux eth0 bound address/mask + default gw.

example: eth0 phy network with 192.168.1/24 and leave eth1 phy network with 192.168.0/24.

luis
Back to top
View user's profile Send private message
lostinspace2011
Apprentice
Apprentice


Joined: 09 Sep 2005
Posts: 214

PostPosted: Sun May 08, 2011 2:06 am    Post subject: Reply with quote

Sorry I didn't explain my setup better. Basically I one a single network which is NAT'd behind one router. I am forwarding external DNS requests to one of the eth0 (192.168.0.3) on my server. This allows me to host my own DNS records for my domains. I am also using eth1 (192.168.0.4) to host a DNS cache so I don't have to go outside my network for DNS every time.

I don't really want to go to the extend of separating my entire network just to have my own DNS servers. I don't have any other services running which require this. I think the suggestion to use an alias address on the same adaptor will work better. I just thought since I have two network cards available I might as well use them. Most of the time this works well, however from time to time (every other day) it causes a problem on the clients. Usually I resolve these by refreshing their DHCP leases or unplugging / replugging the network cable. I was hoping to get some assistance in diagnosing the problem further. For example I would like to see where the packets get stuck. For example if the server is receiving the DNS requests from the client and if the server is not sending them back correctly, or if the client is not able to connect to the server properly.

I am guessing that wireshark / ethereal would help. Any other pointers.
Back to top
View user's profile Send private message
gentoo_ram
Guru
Guru


Joined: 25 Oct 2007
Posts: 418
Location: San Diego, California USA

PostPosted: Sun May 08, 2011 5:48 pm    Post subject: Reply with quote

Here's the basic problem with your setup... Let's say a computer 192.168.0.10 wants to talk to 192.168.0.4. It tries to open a TCP connection to 192.168.0.4. Your computer responds to 192.168.0.10. According to your routing table, that packet should go out eth0. The response going back to 0.10 now comes back from 0.3. But 0.10 isn't listening for responses from 0.3, it was trying to talk to 0.4. See the problem? Your routing table makes it so that no responses to computers on your subnet can come from 0.4.

It might work sometimes based on the current state of the ARP tables in the various machines. But it won't be reliable and may not work at all.

It might work on DNS only if the request can come over UDP. And that's only because the implementation of bind (the name serving daemon) is coded to communicate with specific interfaces and can send back responses on specific interfaces.

If your application is using UDP and only if the application is written to specifically open a socket on a specific interface will your dual interface setup work. But most applications not coded that way and won't work. And if the name request is too large and must go over TCP, the request probably won't work at all. Like you're seeing.
Back to top
View user's profile Send private message
lostinspace2011
Apprentice
Apprentice


Joined: 09 Sep 2005
Posts: 214

PostPosted: Mon May 09, 2011 3:09 am    Post subject: Reply with quote

Is there an option to configure my routing table to have any traffic which came in on 0.4 go out on 0.4 as well ?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum