Networking :: Route Packets Across NICS's?
Mar 11, 2010
I have two NIC's interfaces on my linux machine(eth1 and eth2). Each have different IP addresses(10.0.0.1, 10.67.7.1). These two interfaces are connected together through hub. Here is the my question?
1) If I 'ping 10.0.0.1', it should go out through network interface eth2 and through hub and enter on eth1 and response also travel through similar direction.
2) If I 'ping 10.67.7.1', it should go out through network interface eth1 and through hub and enter on eth2.
How can setup routing table for this,I have tried setting up routing and iptables, etc.. nothing helped.
If any one good router/networking guy, you should know this one.I am doing a project, I want this way to handle this.
View 9 Replies
ADVERTISEMENT
May 8, 2011
I have 3 network interfaces on my Linux Router :
Interface - Gateway - Type
Code:
br0 - 192.168.0.1 - Internet
eth2 - 192.168.1.1 - LAN
tun0 - 10.0.0.2 - VPN (via br0)
What I'd like to do is to route all TCP packets coming from eth2 to tun0 where a VPN client is running on 10.0.0.2. If I delete all default routes and if I add a new route to tun0 like :
Code:
route del default
route add default gw 10.0.0.2
Everything is fine, and everyone on eth2 can reach the Internet using the VPN access. Now the problem is that my VPN client does not allow any other protocols other than TCP. And I also want to allow VPN access only to eth2, no other LAN nor the router itself. use iptables to filter any TCP packets and mark them, so they can be sent to tun0, while any other packets can reach the Internet via br0 (192.168.0.1). I found on the Internet that we can mark packets before they get routed. Using the following commands :
Code:
iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i eth2 -p tcp --dport 80
ip route add table 300 default via 10.0.0.2 dev tun0
ip rule add fwmark 0x55 table 300
First of all, --dport 80 never work... :/ I wanted to filter TCP 80 packets coming from eth2, but none of them seems to be HTTP packets... oO (very strange...). Nevermind, I decided to forget about the --dport option. I use the "iptables -L -v -t mangle" command to see how many packets are marked, and it is working fine, all TCP packets coming from eth2 are marked. Now the problem is that none of them are routed to tun0 they are all respecting the "route -n" rules... and not the "table 300" rule I have created.
View 4 Replies
View Related
May 10, 2011
I am trying to set up a Linux box that can act as a router (and firewall later). I have a Debian 5 installation and it has two nics in it. I am trying to use the linux route command to set up a route between the two interfaces. I am finding it difficult to do. Let me explain how I am trying to set up my network: I have the ethernet cable from my modem connecting to eth0 of my Debian box, then I have eth1 connecting to a switch, which I connect all my computers and other devices to. I want to have two different ip address schemes for the devices. So here is my interfaces file:
Code:
#eth0 connects to modem
allow-hotplug eth0
iface eth0 inet static
[code]....
So I am wondering, to get my ethernet traffic from eth0 to eth1 and vice versa, do I need to make it so the Gateway for Destination 192.168.1.0 is 10.1.1.1, and for Destination 10.0.0.0, Gateway 192.168.1.0? I have looked at the linux manpage for route and I am still confused. I have also looked at the Debian networking page, but it is still unclear to me how to do this. how I am to use the route command to get this working? Or am I not even supposed to use the route command?
View 4 Replies
View Related
Oct 13, 2010
I want to build a topology of this kind:
|eth0 (a.a.a.a) |
Linux PC |<----------------> | ROUTER
|eth1 (b.b.b.b) |
|<----------------->|
the linux machine has two interfaces eth0 (a.a.a.a) and eth1 (b.b.b.b) connnected to two interfaces of a router. Now that if I send any packet destined to b.b.b.b from a.a.a.a interface on the linux machine, it should take the folowing path: eth0->router->eth1 . and it should be the same for vice versa.
View 1 Replies
View Related
Sep 16, 2010
I need to route packets coming from a standalone switch port which is a mirror ("tap") of another port ("source"). I can't seem to forward packets whose MAC address is for a different device (the actual "target" of "source"). My device is in promisc mode,I can see the incoming packets in tcpdump and Wireshark. The only packets which get forwarded are those which have my MAC destination address (I changed the wiring to come straight from source and not the mirror port, to get "my" MAC address in the packet). My routing table is configured to forward and I have ip_forwarding enabled, obviously (otherwise packets sent to my MAC wouldn't route). By the way, the incoming packets are all VLAN tagged and I have matching subinterfaces.
Q1 - is this inherent, that packets won't get "passed up" to the IP layer unless the MAC addresses match?
Q2 - Would ebtables be a good solution, i.e. rewrite the dest MAC address to my own MAC addr and send to the INPUT target?
View 5 Replies
View Related
Jun 16, 2010
My issue is with linux routing tables using iproute2, coupled with the iptables MARK target. When I create a rule to lookup a table with iproute2, and the routing table routes an address as type unreachable (or blackhole, or prohibit), if a higher priority rule does a lookup to another table that routes the address as type unicast but that higher priority rule also matches on a fwmark, the packet to that address is never generated locally to even go through iptables packet filtering/mangling in order to mark it, because the lower priority rule that doesn't match on a fwmark says it's unreachable. For example, I have 2 rules installed with ip:
Code:
10: from all fwmark 0x1000 lookup routeit
20: from all lookup unreach
ip route list table routeit
[code]....
Now, in the packet filter, I have an iptables rule to mark packets to destination 10.0.0.5 with 0x1000 in the mangle table and OUTPUT chain. When I generate a packet locally to 10.0.0.5, all programs get ENETUNREACH (tested with strace). However, if I take out the route entry that 10.0.0.0/8 is unreachable, it all works fine and the routes in the routeit table get applied to marked packets (I know because my default gateway would not be 1.2.3.4, but wireshark shows packets being sent to the MAC address of 1.2.3.4).
The best I can surmise is that when generating a packet locally, the kernel tests the routing tables in priority order but without any mark to see if it is unreachable/blackhole/prohibit, and doesn't even bother generating the packet and traversing iptables rules to see if it would eventually be marked and thus routed somewhere. Then I assume after that step, it traverses iptables rules, then traverses the routing tables again to find a route. So is there any way around this behavior besides adding fake routes to the routing table (e.g. routing 10.0.0.5 to dev lo in the unreach table in this example)?
View 2 Replies
View Related
Apr 22, 2011
I have an Ubuntu server box with multiple NICs. I'd like to specify that all traffic bound for a certain IP range goes through one NIC, and everything else goes through the other. Does anyone know how to do that? I'm not a total newbie, but I'm also not a linux guru (but usually can google my way to a solution...usually).
ETA: Source and destination IP for routing.We have 1 NIC with a public IP, all public IP's should talk to it.Another NIC with a private IP, all private traffic should talk to this.In practice, I have some devices on a different subnet of the public IP range we have that will only talk to the private IP.
View 2 Replies
View Related
Feb 8, 2010
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
View 8 Replies
View Related
Aug 30, 2010
i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies
View Related
Apr 29, 2009
I would like to add a static route, however I do not understand what is meant by the Address setting below
GATEWAY2=10.241.58.62
NETMASK2=255.255.255.224
ADDRESS2=10.241.57.32
Does this mean any addresses beginning with 10.241.57.32 are routed over the gateway 10.241.58.62 an address range
View 3 Replies
View Related
Oct 21, 2010
I got this definition:"a process that replaces a series of related, specific routes in a route table with a more generic route." honestly I found it not so clear.. I want to know if this definition is correct and also more details about this subject..
View 1 Replies
View Related
Jan 25, 2011
Having trouble getting my Netgear WNA1000 working thru wireless router. Have tried lots of suggestions from other threads to no avail. Someone suggested that th routing table isn't set correctly, so have been trying to use the follwing to make the proper entry in the routing table: sudo route add -net 192.168.0.1 netmask 255.255.255.0 dev wlan0
Result: error message stating with:
"route: netmask does not match route address"
followed by "Usage" instructions which tell me to do what I just did. Any ideas on how I can populate my routing table with correct entry for my wireless card? Not to complicate matters, but I temporarily turned off encryption on my router to eliminate that as a possibility until I get connected. So maybe it'still trying to connect via encrypted mode - do I need to turn off encryption on my (client) end?
View 2 Replies
View Related
Sep 27, 2010
I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
View 3 Replies
View Related
Jun 5, 2009
I have attached a diagram to show the layout, but basically I have a server that has 2 nics. I use NIC1 for the server and its services. Im using VirtualBox to run VMs and want to use NIC2 for the VMs exclusively and I want the VMs on a different network completely from the host.Ive tried setting up NIC2 on the other network but I end up with networking problems on network1. Also I cant figure out how to tell VirtualBox to bind to the host NIC2.
View 2 Replies
View Related
Jan 8, 2010
I have 2 x PCs and a NAS. Both PCs have 2x NICS. PC connectivity to Internet is via an ADSL router. Current config: Thus far (by choice) I've used static IPs in the 192.168.168.x range for my internal network, connecting all PCs and NAS via a jumbo frame enabled gigabit switch. This has facilitated moving data between the PCs and the NAS at high-speed. As both PCs also required Internet access from time to time, both are also connected to the ADSL router using the 2nd NIC and using subnet 192.168.1.x. I'm sure some of you are shaking your heads by now, but it works well and has been entirely hassle free.
However, I've an app running on the NAS that I'm keen to get Internet connected also. As my existing network devices are not using DHCP I figured the simplest method would be to change my ADSL router configuration such that it is in the same 192.168.168.x subnet, change its DHCP server settings to serve IPs in the same subnet (but in a restricted range I know won't cause any conflicts with the static IPs) and problem solved. On changing the ADSL router confiruration with all machines already booted up and configured as described above, everything worked. All devices could see one another, and access the Internet. On later rebooting the system this no longer works
- Internet access is fine but PCs don't see one another or the NAS. If I disconnect the ADSL Router from the PCs then all devices see one another again.
- Does having 2x NICS on a single device each assigned unique IPs in the same subnet create an issue and can it be overcome? I'd like to overcome it because making one of my PCs the gateway forces me to have it on anytime another device needs access.
- If I'm forced to use Internet connection sharing with one PC on the network connected to the router, how do I best configure this?
- One of the things I need to retain is gigabit connectivity between the PCs and PCs and the NAS (currently achieved by 192.168.168.x subnet being linked via gigabit switch).
View 4 Replies
View Related
Jun 4, 2010
My brother has a Ubuntu server attached to a LAN with Windows PCs. I set up an openVPN tun service on the server, let's call this VPN1, so that I can connect remotely from my Ubuntu desktop. The server has one NIC and the LAN has a router that is the gateway to the internet.
My brother would like to remotely access his windows network when roaming with his Windows laptop.
Therefore, I would like to set up a second VPN service, this time tap, that is bridged with his LAN. Let's call this VPN2.
The LAN subnet is 192.168.1.0/24. The internet gateway is 192.168.1.1
The NIC has a fixed IP set by the router of 192.168.1.150
How do I set up VPN2 so as not to trash VPN1? That is, if I bridge eth0 with tap0 how will that impact VPN1's tun0 that is using eth0? Do I need a separate NIC for the VPN2 bridge?
View 1 Replies
View Related
May 27, 2010
I am considering moving to a software (ebox/pfSense/Zeroshell etc) based router.
It fits well to have 1 NIC connecting to your modem & the other to your switch & network. It seems to make sense it is more secure, but is it?
If I assign the 1 NIC in my router 2 IPs, a subnet for the modem and a subnet for the LAN, how is the different?
I can't think exactly what it is. I am no network guru and probably missing something down at a lower networking level, but for a home router, does 1 or 2 NICs make any difference?
View 6 Replies
View Related
Mar 10, 2011
I have a pc with debian 6 (without GUI) installed on it and want to use it as server at home. It has 2 ethernet nics. Now i want to configure the routing process. Searched internet for a long time found something but couldn't get it work.
View 8 Replies
View Related
Jun 17, 2010
My server has 2 network cards. I have SLES 10 SP2 installed on this server. I had configured Ethernet bonding on this machine using 2 NICs. Now I want to assign 2 different IP's to 2 different NICs. I am able to do this without any issue using yast. ifconfig command shows that eth0 has 192.168.1.10 and eth1 has 192.168.1.12. Rest all networking details are same (netmask, gateway, DNS)
Strange thing: When I unplug only eth0, (eth1 is plugged in correctly) I am not able to ping any IP.
If I unplug only eth1, (eth0 is plugged in) I am able to ping both IP's.
[Code]...
View 3 Replies
View Related
Apr 25, 2010
My PC has 2 NICs Eth0 has 3 virtual NICs:
My every PC (172.16.1.1 to 172.16.1.4) has installed webmin and listen on port 10000
When browse from LAN http://202.1.2.3:10000 .. it goes to the webmin page of 202.1.2.1 .. why?
This problem ONLY occurs when browse the site from LAN! and it works properly if we access it from Internet.
View 3 Replies
View Related
May 18, 2011
Ok so I'm gonna try and explain this easily. I installed 11.04 32bit on an older HP P4 machine. Boots up and goes to classic desktop.. But networking looks like a wifi devices rather than a wired connection. I installed another NIC rather than the onboard but had the same result.. I also tried yet another PCI NIC and a USB NIC with the same result. I also tried to set my connection to manual and give myself a static IP, but had no such luck.
I know my internet connection works because I'm on another machine typing this to you all.. All the NICs also work in W7 on the dualboot setup I did.
View 1 Replies
View Related
Jun 15, 2011
I have 2 NICs on my ubuntu server.... eth0 has its IP address....but eth1 doesnt.
How do I assign an IP address to eth1 using only commands on the command line?
And I need it to be permanently...
View 2 Replies
View Related
Jan 12, 2010
I have a MB with 2 NICs and on 1 I would like to have a static IP, on the other a DHCP for a local network.The problem is the DHCP provided gateway is made default vs the one for the static IP and resolv.conf is overwritten.Any suggestions how could this be resolved? I can tweak both the DHCP server settings and the box settings.
View 14 Replies
View Related
Aug 2, 2010
I'm trying to work out how to route all traffic destined for the internet from all devices connected to eth0 to a wireless router access point via wlan0 on my Slackware box. I also have dhcpd providing ip addresses on the same subnet to any device connected to both eth0 and wlan0.
Diagram:
Code:
____________ ____________
[ ]=============> (wifi) ==============>[ Router / ]
|Workstations| __________ |Access Point| 192.168.2.1
[____________]==>(eth0)==>[ ]<==(wlan0)==>[____________]
192.168.2.253| Server |192.168.2.254
[__________]
If I connect to the router/access point via wireless or directly to the Server via a crossover cable I can obtain an ip address from dhcpd, so that works. As far as I can see I just need to how to route between eth0 and wlan0 then I can provide internet access to those devices!
ifconfig:
Code:
eth0 Link encap:Ethernet HWaddr **:**:**:**:**:**
inet addr:192.168.2.253 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::201:2eff:fe27:aea3/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
[code].....
View 10 Replies
View Related
Jul 6, 2011
I currently have Samba working properly using the eth0 interface on my notebook computer. More importantly, I can browse the network and see the shares set up in Samba. If I disconnect and go wireless using the wlan0 interface I can no longer browse the shares on Samba via name. I can however browse via IP address of the wlan0 interface. How can I make it so that Samba is accessible by name when I switch between interfaces?
Code:
[global]
workgroup = startrek
server string = NCC-1701 Enterprise
bind interfaces only = yes
[code]...
View 4 Replies
View Related
Feb 25, 2011
I'm running 2 asterisk box (Centos) ,and the two servers are connected through 2 iax trunks.on one server i have 2 nics ,each one is connected to internet,now i want to use isp 1 for the first trunk and isp 2 for the second trunk.
iax 1 is listening on 12345
iax 2 is listening on 11223
is there a way to split traffic on both nic using ports (netfilter iptables)?
View 1 Replies
View Related
Apr 12, 2009
I have a server that provides the access to the net. It has 3 nics 2 Realtek 100mb and a ne2000 isa 10mb card for the net. I ran an update from a working configuration on Fedora 9 to Fedora 10 with yum upgrade. Fedora 10 does not find the the ne2000 at boot time. After booting I can modprobe ne and the nic is found in a new network restart call. Has something changed how modules are loaded before udev runs?
Then there is the problem that nics are assigned the wrong interfaces(eth*). I have configured it in sysconfig with the files ifcfg-eth(0-2). I do not run NetworkManager. Has something changed in the configuration how the interfaces are assigned to the nics via the mac addresses?
I have tried to change the net profile of udev but since the ne2000 is not found at boot time but had no success. And one of the Realtek nics is not found at some times.
View 2 Replies
View Related
Feb 4, 2010
I'm using Fedora 12 on a box with 2 separate NICs in different subnets. The problem is that after a reboot, both NICs always show up as eth0 when you left click on the networking icon on the top right. I have to manually change one of them to eth1 & then things start working.
DEVICE=eth0
HWADDR=(mac address)
BOOTPROTO=none
TYPE=Ethernet
ONBOOT=yes
[Code]....
View 1 Replies
View Related
Jun 29, 2010
I'm trying to setup a Centos box to act as a backup server for our intranet between stores. I have two interfaces in it, the first one is currently connected to my local network and is using dhcp to get its ip address and such, the second one is set to a static ip address and is connected to an independent network that just has a DigiBoard Portserver hooked to it and no connection to the regular network. What I am doing is using ssh to portforward the telnet port on this box to the main server so when you telnet into the box from the second interface using the portserver you get connected to the main server.
I plan on using this over DSL lines as a backup when our main dervice goes out to allow the portservers at the remote locations to seemlessly connect to the main server by just moving the network cable from the local net to the backup server. My problem is that when I have the everything working I am able to ping the second interface ip address from the normal network even though the secondary card does not in anyway externally connect to the network, this is a problem.
Eventually I want to duplicate the main server address so that the normal portservers and other terminals on the remote site will not have to be reconfigured to access the backup server. All I want is to be able to tell the managers is to switch a cable while the main connection is down and not have to manage a bunch of config files to get the store back up. Right now if I duplicate the main server ip address and it is accessible through the first interface I'm guessing I'll see all kinds of problems relating to duplicate ip addresses on the network. I've tried some routing and iptable stuff but I'm not real familiar with either so I had no luck. Is there someway to block the internal connection between the two interfaces so the only thing that sees the duplicate ip address is the second interface?
View 1 Replies
View Related
Mar 22, 2010
I am really bothered from this I cant configure the 2 nics to share the internet and I already changed the sysctl.conf file to
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
I have one nic reeving the internet and working good and the other one cant see anything...
View 12 Replies
View Related
