Two gateway for two diff eth in one machine

All of lore.kernel.org
 help / color / mirror / Atom feed

* Two gateway for two diff eth in one machine
@ 2007-06-14 17:56 rajeev.sekhar
  2007-06-26 21:59 ` Martijn Lievaart
  0 siblings, 1 reply; 2+ messages in thread
From: rajeev.sekhar @ 2007-06-14 17:56 UTC (permalink / raw)
  To: netfilter

Hi list ,

My senario is simple to u guys , but i cant find solution.

i am having a mail server with two eth
eth0  192.168.1.2
eth1  192.168.1.3

i want gateway of eth0 (192.168.1.2) to be 192.168.1.41   &
gateway of eth1 (192.168.1.3) to be 192.168.1.51


I will explain in detail.
I have two seperate VPN server( which is the same as 192.168.1.41 & 
192.168.1.51), where i want to DNAT port 25 from both VPN servers to my 
qmail server ( mail server got two ip 192.168.1.2 & 192.168.1.3). I am doing 
this because my MX record of mail server & VPN servers are the same.
My DNAT rule is right in both VPN servers. You can say my VPN server is the 
gateway for my mail server.
my eth file on qmail server is

[root@mail ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.1.2
NETMASK=255.255.255.0
GATEWAY=192.168.1.41
TYPE=Ethernet

[root@mail ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.1.3
NETMASK=255.255.255.0
GATEWAY=192.168.1.51
TYPE=Ethernet

i givin the GATEWAY on both eth,  but when i do   route -n   it looks like

[root@mail ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
0.0.0.0         192.168.1.51    0.0.0.0         UG    0      0        0 eth0
[root@mail ~]#

now my eth1  is only working, because the default gateway is 192.168.1.51.

i want gateway of eth0 (192.168.1.2) to be 192.168.1.41   &
gateway of eth1 (192.168.1.3) to be 192.168.1.51   which are on the same 
machine.

Regards
---------------------------------------------
Rajeev Sekhar
Suma Soft Pvt. Ltd
Jr System Administrator
Ph no :91-020-25425655
cell no :91-9370677989
email:rajeev.sekhar@sumasoft.net

----------------------------------------------
Confidentiality Note: This e-mail message and any attachments to it are
intended only for the named recipients and may contain legally privileged
and/or confidential information. If you are not one of the intended
recipients, please notify the sender and do not duplicate or forward this
e-mail message and immediately delete it from your computer.
----------------------------------------------


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Two gateway for two diff eth in one machine
  2007-06-14 17:56 Two gateway for two diff eth in one machine rajeev.sekhar
@ 2007-06-26 21:59 ` Martijn Lievaart
  0 siblings, 0 replies; 2+ messages in thread
From: Martijn Lievaart @ 2007-06-26 21:59 UTC (permalink / raw)
  To: rajeev.sekhar; +Cc: netfilter

rajeev.sekhar wrote:
> Hi list ,
>
> My senario is simple to u guys , but i cant find solution.

Well it is not simple to me either.

>
> i am having a mail server with two eth
> eth0  192.168.1.2
> eth1  192.168.1.3

OK. What do you think this accomplishes? Absolutely nothing! This is 
exactly the same as having one ethernet card with two addresses:
- Both will listen to their own AND the other address (unless you've 
done some serious trickery, which I can tell you haven't)
- Outgoing connections will choose one of the IPs. You can have control 
over which one is choosen, but that has nothing to do with to which card 
it is bound.
- Forwarded connections will use one or the other ethernet card, as 
these are connected to the same subnet, it doesn't matter one bit which one.

You seem seriously confused on how tcp/ip works.

>
> i want gateway of eth0 (192.168.1.2) to be 192.168.1.41   &
> gateway of eth1 (192.168.1.3) to be 192.168.1.51

This is nonsense. There can be only one gateway.


>
>
> I will explain in detail.
> I have two seperate VPN server( which is the same as 192.168.1.41 & 
> 192.168.1.51), where i want to DNAT port 25 from both VPN servers to 
> my qmail server ( mail server got two ip 192.168.1.2 & 192.168.1.3). I 
> am doing this because my MX record of mail server & VPN servers are 
> the same.
> My DNAT rule is right in both VPN servers. You can say my VPN server 
> is the gateway for my mail server.

OK.

> my eth file on qmail server is
>
(snip config files with both gateways set)

>
> i givin the GATEWAY on both eth,  but when i do   route -n   it looks 
> like
>
> [root@mail ~]# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    
> Use Iface
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        
> 0 eth0
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        
> 0 eth1
> 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        
> 0 eth1
> 0.0.0.0         192.168.1.51    0.0.0.0         UG    0      0        
> 0 eth0
> [root@mail ~]#

Yes, you can only have one gateway.

>
> now my eth1  is only working, because the default gateway is 
> 192.168.1.51.
>
> i want gateway of eth0 (192.168.1.2) to be 192.168.1.41   &
> gateway of eth1 (192.168.1.3) to be 192.168.1.51   which are on the 
> same machine.
>

I don't see the problem. Well I do, you have two VPN servers serving 
remote clients. What you have to do is to get your routing correct and 
everything will work.

Start here:
- Forget about iptables, you have a routing problem.
- Make sure your VPNned users use unique IPs/subnets (if not, see below)
- Get rid of one of the ethernet cards, you don need two.
- Get rid of the second IP address for your mail server, you don need 
that as well (in other words, when getting rid of one ethernet card, don 
assign the address as an additional address to the other card).
- Make sure you have routes for VPN users on VPN-server A to go to VPN 
server A, idem for B. If these are assigned dynamically and can be on 
either server, you need a routing protocol to dynamically set up your 
routing (or some very deep trickery that I will not go into unless paid 
at least E200,-/hr :-)

If all this makes no sense to you, get a good book on tcp/ip. Actually 
more than one.

If not all VPN users have unique IPs/subnets, you have a very serious 
challenge before you. It can be done, but you REALLY don want that. 
Because you have shown you do not really understand tcp/ip (the two 
ethernet cards that accomplish absolutely nothing), let me assure you, 
you don want this. Really.

Hope this helps,
M4



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2007-06-26 21:59 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-06-14 17:56 Two gateway for two diff eth in one machine rajeev.sekhar
2007-06-26 21:59 ` Martijn Lievaart

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.