Hi Edward
but now, if I do - ip route show
I see: (change IPs for our purposes here)
10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.2
public_net/24 dev eth0 proto kernel scope link src
"public_IP_of_the_box"
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth1 scope link metric 1003
default via "public_IP_of_the_box" dev eth0
default via "private_IP_of_the_box" dev eth1 metric 1
isn't this already ok?
both IP get set up by dhcpd by another admin, only setting
by me is the metric, 0 for public inteface and 1 for private.
now I'll apply your instructions and let you know if there
are any changes
I believe that if "a_client(s)" on private network (the same
network the box operates on with its 'private interface')
that has set the same gateway as "the_box", that this
a_client(other computers on private network) if needs to
reach 'public interface' of 'the_box' then the local gateway
and other routers outside should take care of routing the
traffic, and 'the_box' should not need any special configs.
And if remember correctly it all used to work some long time
ago, like:
a_client (10.0.0.100) <--> (10.0.0.1) router <---> (public
IP) the_BOX (10.0.0.101) .. the rest of the stack
many! thanks for your help Edward
On 21/06/12 12:34, Edward Murphy wrote:
Hi,
What you'll find if I'm reading this right, is that
packets are coming in via your public interface and out
the private one. The requesting host simply discards The
packet.
Solutio: use Iproute2 to have 2 network tables for the
system independent of eachother.
Firstly. Please forgive syntax errors here as I'm doing
this from memory.
Edit /etc/iproute/rt_tables and add 2 lines:
200 external
201 internal
Note the names are irrelevant.
Reboot the system.
Now in your init scripts for network setup the interface.
Let's say your private interface is 10.0.0.2/24
ip route add 10.0.0.0/24 dev eth0 source 10.0.0.2 table
private
ip route add default via 10.0.0.1 source 10.0.0.2 table
internal
ip rule add from 10.0.0.2 dev eth0 table internal.
By doing this you are firstly setting up the routing
table, and then pushing any data that has a source of your
internal interface (replies to packets mostly) to use this
routing table.
Do the same for your public interface but specify the
public network card, and the routing table external.
Kind regards
Edward Murphy
----- Reply message -----
From: "lejeczek" <peljasz@xxxxxxxxxxx>
Date: Thu, Jun 21, 2012 01:08
Subject: first of the two IPs reachable only if second
interface is down??
To: <lartc@xxxxxxxxxxxxxxx>
hello everybody
apologies if this may feel off the topic, I was hoping some
net experts could shed some lights on some peculiar symptoms
I experience
I would very! much appreciate any help
a BOX that has two net interfaces, a public and private one,
both configured via dhcp by net admin
public IP is reachable from/via the Internet/public network
just fine, but at the same time
same public IP is NOT reachable from within PRIV network,
the same network the BOX's second interface is on
default gateway for the PRIV subnet is a separate another
system, BOX uses PRIV gateway as the default one (but have
tried the public gateway too)
arpinging both IPs from PRIV gives me the same one MAC of
BOX private net interface
public IP becomes reachable to PRIV subnet immediately after
second(private) interface was turned down
we have no control over the whole network stack but know
that PUBLIC IP connection goes via unmanaged switches to the
gateway
is it the BOX or the network stack somewhere?
unmanaged switches should not cache any ARP, also, how come
that it gets corrected (public becomes available to PRIV)
only if I turn PRIV interface down??
box is SL 6.1, firewall is off, ip_forward=0
this is the most peculiar problem of this nature I've ever
experienced
the goal is simple, have other systems on the same private
subnet as the BOX's second interface to be able to talk to
the BOX's public IP
obviously not routed via BOX's private address, this
workaround solves the problem, but routing via PRIV's gataway
many thanks
--
To unsubscribe from this list: send the line "unsubscribe
lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
