Re: Two gateway for two diff eth in one machine

[Martijn Lievaart <m@rtij.nl>]

rajeev.sekhar wrote:
> Hi list ,
>
> My senario is simple to u guys , but i cant find solution.

Well it is not simple to me either.

>
> i am having a mail server with two eth
> eth0  192.168.1.2
> eth1  192.168.1.3

OK. What do you think this accomplishes? Absolutely nothing! This is 
exactly the same as having one ethernet card with two addresses:
- Both will listen to their own AND the other address (unless you've 
done some serious trickery, which I can tell you haven't)
- Outgoing connections will choose one of the IPs. You can have control 
over which one is choosen, but that has nothing to do with to which card 
it is bound.
- Forwarded connections will use one or the other ethernet card, as 
these are connected to the same subnet, it doesn't matter one bit which one.

You seem seriously confused on how tcp/ip works.

>
> i want gateway of eth0 (192.168.1.2) to be 192.168.1.41   &
> gateway of eth1 (192.168.1.3) to be 192.168.1.51

This is nonsense. There can be only one gateway.


>
>
> I will explain in detail.
> I have two seperate VPN server( which is the same as 192.168.1.41 & 
> 192.168.1.51), where i want to DNAT port 25 from both VPN servers to 
> my qmail server ( mail server got two ip 192.168.1.2 & 192.168.1.3). I 
> am doing this because my MX record of mail server & VPN servers are 
> the same.
> My DNAT rule is right in both VPN servers. You can say my VPN server 
> is the gateway for my mail server.

OK.

> my eth file on qmail server is
>
(snip config files with both gateways set)

>
> i givin the GATEWAY on both eth,  but when i do   route -n   it looks 
> like
>
> [root@mail ~]# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    
> Use Iface
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        
> 0 eth0
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        
> 0 eth1
> 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        
> 0 eth1
> 0.0.0.0         192.168.1.51    0.0.0.0         UG    0      0        
> 0 eth0
> [root@mail ~]#

Yes, you can only have one gateway.

>
> now my eth1  is only working, because the default gateway is 
> 192.168.1.51.
>
> i want gateway of eth0 (192.168.1.2) to be 192.168.1.41   &
> gateway of eth1 (192.168.1.3) to be 192.168.1.51   which are on the 
> same machine.
>

I don't see the problem. Well I do, you have two VPN servers serving 
remote clients. What you have to do is to get your routing correct and 
everything will work.

Start here:
- Forget about iptables, you have a routing problem.
- Make sure your VPNned users use unique IPs/subnets (if not, see below)
- Get rid of one of the ethernet cards, you don need two.
- Get rid of the second IP address for your mail server, you don need 
that as well (in other words, when getting rid of one ethernet card, don 
assign the address as an additional address to the other card).
- Make sure you have routes for VPN users on VPN-server A to go to VPN 
server A, idem for B. If these are assigned dynamically and can be on 
either server, you need a routing protocol to dynamically set up your 
routing (or some very deep trickery that I will not go into unless paid 
at least E200,-/hr :-)

If all this makes no sense to you, get a good book on tcp/ip. Actually 
more than one.

If not all VPN users have unique IPs/subnets, you have a very serious 
challenge before you. It can be done, but you REALLY don want that. 
Because you have shown you do not really understand tcp/ip (the two 
ethernet cards that accomplish absolutely nothing), let me assure you, 
you don want this. Really.

Hope this helps,
M4