Re: Two NICs, same network...

Re: Two NICs, same network...

[David Lang]

On Tue, 8 May 2007, semi linux wrote:

> I've got an odd problem where I've got two NICs on the same network
> and I want all traffic to one IP to go out one interface and all other
> traffic to use the second interface.  I'm going to try an simplify my
> actual setup, because a lot of it makes no difference to this post...
>
> I know this has to be a iptables sort of setup since the routing table
> can only make a difference on different networks and not based on
> looking for a specific IP address.
>
> The question is:
>
> eth0 IP: 10.1.1.1
> eth1 IP: 10.1.1.2
>
> target: 10.1.1.3
>
> (these IPs are just examples, there are no hard-fast rules surrounding
> the other possibilities)
>
> How do I make sure this goes out eth1 instead of eth0?  Do I use the
> mangle rule with the physdev module?
>
> I feel like I'm overlooking something or forgetting my basic network
> ideas here...

you haven't quite given enough info here

if you have target2 10.1.1.4 and you want all traffic to target to go out eth0 
and all traffic to target2 to go out eth1 then you would want to start out with 
defining host routes (the routing table _can_ look at specific hosts, not just 
networks)

in addition, I believe that you will need to play around with arp filtering to 
make sure that each NIC only responds to arp requests for it's IP addresses.

if you really only have one remote IP address and two local addresses and you 
want all communications between the target and  10.1.1.1 to use eth0 while 
all communications between the target and 10.1.1.2 to use eth1 things get more 
complicated

you would need to look into packet/connection tagging and iptables routeing 
decisions.

rather then try and go into that right now why don't you try to be a little 
clearer about exactly what you are trying to do.

David Lang

Two NICs, same network...

[semi linux]

I've got an odd problem where I've got two NICs on the same network
and I want all traffic to one IP to go out one interface and all other
traffic to use the second interface.  I'm going to try an simplify my
actual setup, because a lot of it makes no difference to this post...

I know this has to be a iptables sort of setup since the routing table
can only make a difference on different networks and not based on
looking for a specific IP address.

The question is:

eth0 IP: 10.1.1.1
eth1 IP: 10.1.1.2

target: 10.1.1.3

(these IPs are just examples, there are no hard-fast rules surrounding
the other possibilities)

How do I make sure this goes out eth1 instead of eth0?  Do I use the
mangle rule with the physdev module?

I feel like I'm overlooking something or forgetting my basic network
ideas here...

- Gareth

Re: Two NICs, same network...

[David Lang]

On Tue, 8 May 2007, semi linux wrote:

> Ok... you asked for the whole thing, here it is (forget my previous example):
>
> eth0 - 10.1.1.1
> eth1 - N/A
> eth2 - N/A
> br0 (eth1, eth2) - 10.1.1.2
> target - 10.1.1.3
>
> The bridge (br0) is setup using brctl and seems to work w/o problem...
> The eth1 and eth2 IP addresses really don't matter since they are both
> referenced via the bridge and are set to something invalid.  10.1.1.3
> is connected via cross-over cable to eth2 port.  br0 and eth0 are
> connected to my network on the same subnet.
>
> What I'd like:
> - all packets (from the network or local) where destination=10.1.1.3
> to be routed to eth2.
> - otherwise, all traffic from the network to use eth0 for I/O.
>
> Basically, I want to specify that ONLY traffic for 10.1.1.3 is to use eth2.

I may be missing something, but this seems trivial

define br0 to include eth0 and add 10.1.1.1 to the bridge (br0:0 for example)

then the normal bridgeing code will limit traffic out eth2 to stuff destined for 
10.1.1.3 or stuff that the bridgeing code doesn't know where it goes.

if this isn't good enough you can use iptables to put additional filters on the 
bridge port (search for bridge + iptables and you should find lots of 
documentation on how to do this)

David Lang

Re: Two NICs, same network...

[semi linux]

On 5/8/07, David Lang <david.lang@digitalinsight.com> wrote:
> On Tue, 8 May 2007, semi linux wrote:
>
> > I've got an odd problem where I've got two NICs on the same network
> > and I want all traffic to one IP to go out one interface and all other
> > traffic to use the second interface.  I'm going to try an simplify my
> > actual setup, because a lot of it makes no difference to this post...
> >
> > I know this has to be a iptables sort of setup since the routing table
> > can only make a difference on different networks and not based on
> > looking for a specific IP address.
> >
> > The question is:
> >
> > eth0 IP: 10.1.1.1
> > eth1 IP: 10.1.1.2
> >
> > target: 10.1.1.3
> >
> > (these IPs are just examples, there are no hard-fast rules surrounding
> > the other possibilities)
> >
> > How do I make sure this goes out eth1 instead of eth0?  Do I use the
> > mangle rule with the physdev module?
> >
> > I feel like I'm overlooking something or forgetting my basic network
> > ideas here...
>
> you haven't quite given enough info here
>
> if you have target2 10.1.1.4 and you want all traffic to target to go out eth0
> and all traffic to target2 to go out eth1 then you would want to start out with
> defining host routes (the routing table _can_ look at specific hosts, not just
> networks)
>
> in addition, I believe that you will need to play around with arp filtering to
> make sure that each NIC only responds to arp requests for it's IP addresses.
>
> if you really only have one remote IP address and two local addresses and you
> want all communications between the target and  10.1.1.1 to use eth0 while
> all communications between the target and 10.1.1.2 to use eth1 things get more
> complicated
>
> you would need to look into packet/connection tagging and iptables routeing
> decisions.
>
> rather then try and go into that right now why don't you try to be a little
> clearer about exactly what you are trying to do.
>
> David Lang
>

Ok... you asked for the whole thing, here it is (forget my previous example):

eth0 - 10.1.1.1
eth1 - N/A
eth2 - N/A
br0 (eth1, eth2) - 10.1.1.2
target - 10.1.1.3

The bridge (br0) is setup using brctl and seems to work w/o problem...
The eth1 and eth2 IP addresses really don't matter since they are both
referenced via the bridge and are set to something invalid.  10.1.1.3
is connected via cross-over cable to eth2 port.  br0 and eth0 are
connected to my network on the same subnet.

What I'd like:
- all packets (from the network or local) where destination=10.1.1.3
to be routed to eth2.
- otherwise, all traffic from the network to use eth0 for I/O.

Basically, I want to specify that ONLY traffic for 10.1.1.3 is to use eth2.

Re: Two NICs, same network...

[Sébastien CRAMATTE]

[-- Attachment #1: Type: text/plain, Size: 4740 bytes --]

Why do you no investigate channel bonding ?

semi linux escribió:
> On 5/8/07, David Lang <david.lang@digitalinsight.com> wrote:
>> On Tue, 8 May 2007, semi linux wrote:
>>
>> > I've got an odd problem where I've got two NICs on the same network
>> > and I want all traffic to one IP to go out one interface and all other
>> > traffic to use the second interface.  I'm going to try an simplify my
>> > actual setup, because a lot of it makes no difference to this post...
>> >
>> > I know this has to be a iptables sort of setup since the routing table
>> > can only make a difference on different networks and not based on
>> > looking for a specific IP address.
>> >
>> > The question is:
>> >
>> > eth0 IP: 10.1.1.1
>> > eth1 IP: 10.1.1.2
>> >
>> > target: 10.1.1.3
>> >
>> > (these IPs are just examples, there are no hard-fast rules surrounding
>> > the other possibilities)
>> >
>> > How do I make sure this goes out eth1 instead of eth0?  Do I use the
>> > mangle rule with the physdev module?
>> >
>> > I feel like I'm overlooking something or forgetting my basic network
>> > ideas here...
>>
>> you haven't quite given enough info here
>>
>> if you have target2 10.1.1.4 and you want all traffic to target to go
>> out eth0
>> and all traffic to target2 to go out eth1 then you would want to
>> start out with
>> defining host routes (the routing table _can_ look at specific hosts,
>> not just
>> networks)
>>
>> in addition, I believe that you will need to play around with arp
>> filtering to
>> make sure that each NIC only responds to arp requests for it's IP
>> addresses.
>>
>> if you really only have one remote IP address and two local addresses
>> and you
>> want all communications between the target and  10.1.1.1 to use eth0
>> while
>> all communications between the target and 10.1.1.2 to use eth1 things
>> get more
>> complicated
>>
>> you would need to look into packet/connection tagging and iptables
>> routeing
>> decisions.
>>
>> rather then try and go into that right now why don't you try to be a
>> little
>> clearer about exactly what you are trying to do.
>>
>> David Lang
>>
>
> Ok... you asked for the whole thing, here it is (forget my previous
> example):
>
> eth0 - 10.1.1.1
> eth1 - N/A
> eth2 - N/A
> br0 (eth1, eth2) - 10.1.1.2
> target - 10.1.1.3
>
> The bridge (br0) is setup using brctl and seems to work w/o problem...
> The eth1 and eth2 IP addresses really don't matter since they are both
> referenced via the bridge and are set to something invalid.  10.1.1.3
> is connected via cross-over cable to eth2 port.  br0 and eth0 are
> connected to my network on the same subnet.
>
> What I'd like:
> - all packets (from the network or local) where destination=10.1.1.3
> to be routed to eth2.
> - otherwise, all traffic from the network to use eth0 for I/O.
>
> Basically, I want to specify that ONLY traffic for 10.1.1.3 is to use
> eth2.
>


-- 
ZEN SOLUCIONES - Be in XForms take your "ConcentrÈ"
SÈbastien CRAMATTE 

Plaza Sandoval, 5, piso 4b
30004 Murcia - ESPA—A

MÛvil : +34 627 66 52 83
Fijo : +34 968 29 29 65

E-mail : scramatte@zensoluciones.com
Site : www.zensoluciones.com

Skype : scramatte
Msn : scramatte@hotmail.com
Jabber: scramatte@jabber.org
--

CONCENTR…
xml entreprise grade framework
http://concentre.zensoluciones.com

--
This e-mail is privileged and may contain confidential information intended only for the person(s) named above. If you receive this e-mail in error, please notify the sender immediately and delete it. E-mail and internet transmissions can't be warrant privacy, integrity or correct reception. The sender will not be liable for any damages resulting. 

Este mensaje va dirigido, de manera exclusiva, a su destinatario y puede contener informaciÛn confidencial. En caso de haber recibido este mensaje por error, informe al emisor inmediatamente y proceda a su eliminaciÛn. El correo electrÛnico y las comunicaciones por medio de Internet no permiten garantizar la confidencialidad de los mensajes transmitidos, asÌ como tampoco su integridad o su correcta de recepciÛn. El emisor no asume responsabilidad alguna por tales circunstancias.

Ce message est destinÈ exclusivement ‡ son destinataire et peut contenir des informations confidentielles. En cas de rÈception d'un tel message par erreur, informez l'expÈditeur immÈdiatement et procÈdez ‡ son effacement. Il n'est pas possible de garantir la confidentialitÈ, l'intÈgritÈ ou la rÈception correcte du courrier Èlectronique ainsi que des communications par internet. L'expÈditeur ne peut Ítre tenu pour responsable d'Èventuels dommages commis.

Re: Two NICs, same network...

[Mark L. Wise]

Is this not a routing issue?

route add -host 10.1.1.3  gw <eth2 ethernet address> eth2

This would route all traffic to 10.1.1.3 to eth2

Mark



semi linux wrote:
> On 5/8/07, David Lang <david.lang@digitalinsight.com> wrote:
>> On Tue, 8 May 2007, semi linux wrote:
>>
>> > I've got an odd problem where I've got two NICs on the same network
>> > and I want all traffic to one IP to go out one interface and all other
>> > traffic to use the second interface.  I'm going to try an simplify my
>> > actual setup, because a lot of it makes no difference to this post...
>> >
>> > I know this has to be a iptables sort of setup since the routing table
>> > can only make a difference on different networks and not based on
>> > looking for a specific IP address.
>> >
>> > The question is:
>> >
>> > eth0 IP: 10.1.1.1
>> > eth1 IP: 10.1.1.2
>> >
>> > target: 10.1.1.3
>> >
>> > (these IPs are just examples, there are no hard-fast rules surrounding
>> > the other possibilities)
>> >
>> > How do I make sure this goes out eth1 instead of eth0?  Do I use the
>> > mangle rule with the physdev module?
>> >
>> > I feel like I'm overlooking something or forgetting my basic network
>> > ideas here...
>>
>> you haven't quite given enough info here
>>
>> if you have target2 10.1.1.4 and you want all traffic to target to go 
>> out eth0
>> and all traffic to target2 to go out eth1 then you would want to 
>> start out with
>> defining host routes (the routing table _can_ look at specific hosts, 
>> not just
>> networks)
>>
>> in addition, I believe that you will need to play around with arp 
>> filtering to
>> make sure that each NIC only responds to arp requests for it's IP 
>> addresses.
>>
>> if you really only have one remote IP address and two local addresses 
>> and you
>> want all communications between the target and  10.1.1.1 to use eth0 
>> while
>> all communications between the target and 10.1.1.2 to use eth1 things 
>> get more
>> complicated
>>
>> you would need to look into packet/connection tagging and iptables 
>> routeing
>> decisions.
>>
>> rather then try and go into that right now why don't you try to be a 
>> little
>> clearer about exactly what you are trying to do.
>>
>> David Lang
>>
>
> Ok... you asked for the whole thing, here it is (forget my previous 
> example):
>
> eth0 - 10.1.1.1
> eth1 - N/A
> eth2 - N/A
> br0 (eth1, eth2) - 10.1.1.2
> target - 10.1.1.3
>
> The bridge (br0) is setup using brctl and seems to work w/o problem...
> The eth1 and eth2 IP addresses really don't matter since they are both
> referenced via the bridge and are set to something invalid.  10.1.1.3
> is connected via cross-over cable to eth2 port.  br0 and eth0 are
> connected to my network on the same subnet.
>
> What I'd like:
> - all packets (from the network or local) where destination=10.1.1.3
> to be routed to eth2.
> - otherwise, all traffic from the network to use eth0 for I/O.
>
> Basically, I want to specify that ONLY traffic for 10.1.1.3 is to use 
> eth2.
>

-- 
Mark L. Wise

Alpha II Service, Inc.
1312 Epworth Ave
Reynoldsburg, Ohio 43068-2116
USA

Office: (614) 868-5033
Fax: (614) 868-1060
Email: mark@alpha2.com
WEB: www.alpha2.com

Re: Two NICs, same network...

[semi linux]

Sorry for the latent reply on this one guys - I got pulled off this
project and after this thread progressed I had a lot of test cases and
scenarios to work my way through.  While I haven't finished testing
and I'm not sure I adequately explained the situation I think I have
found a workable resolution.

Adding ETH0 to the bridge just got really compilcated and messy.
Packets started to be routed to all kinds of places in different
network scenarios and it wasn't the right answer to the problem
although it did show quite a bit of promise initially.  With this
approach, we also lost the ability to fine-tune the bridge routing and
left it up to the STP and other bridge algorithms.

Channel bonding is nice, but also not what we were after.  It worked
but in certain deployment scenarios we would need eth0 to be on
different network(s) from the rest of the machine and the setup of
this would be on a case-by-case basis.  this is a little too hands-on
for the guys who would be deploying the solution ;-)

Finally, we looked into modifying our default routing table.  I
_think_ this is going to be our end solution.  I have devised a set of
tests and hopefully it will expose any and all bugs that might come
from this solution.  Preliminary tests suggest that this will work
well and can be easily adapted to suit our installations.

thanks for all the help and suggestions guys!  I knew this was
possible but I didn't figure on there being 2-3 workable solutions.
Means to an end, I guess.  Thanks!

- Gareth

On 5/9/07, Mark L. Wise <mark@alpha2.com> wrote:
> Is this not a routing issue?
>
> route add -host 10.1.1.3  gw <eth2 ethernet address> eth2
>
> This would route all traffic to 10.1.1.3 to eth2
>
> Mark
>
>
>
> semi linux wrote:
> > On 5/8/07, David Lang <david.lang@digitalinsight.com> wrote:
> >> On Tue, 8 May 2007, semi linux wrote:
> >>
> >> > I've got an odd problem where I've got two NICs on the same network
> >> > and I want all traffic to one IP to go out one interface and all other
> >> > traffic to use the second interface.  I'm going to try an simplify my
> >> > actual setup, because a lot of it makes no difference to this post...
> >> >
> >> > I know this has to be a iptables sort of setup since the routing table
> >> > can only make a difference on different networks and not based on
> >> > looking for a specific IP address.
> >> >
> >> > The question is:
> >> >
> >> > eth0 IP: 10.1.1.1
> >> > eth1 IP: 10.1.1.2
> >> >
> >> > target: 10.1.1.3
> >> >
> >> > (these IPs are just examples, there are no hard-fast rules surrounding
> >> > the other possibilities)
> >> >
> >> > How do I make sure this goes out eth1 instead of eth0?  Do I use the
> >> > mangle rule with the physdev module?
> >> >
> >> > I feel like I'm overlooking something or forgetting my basic network
> >> > ideas here...
> >>
> >> you haven't quite given enough info here
> >>
> >> if you have target2 10.1.1.4 and you want all traffic to target to go
> >> out eth0
> >> and all traffic to target2 to go out eth1 then you would want to
> >> start out with
> >> defining host routes (the routing table _can_ look at specific hosts,
> >> not just
> >> networks)
> >>
> >> in addition, I believe that you will need to play around with arp
> >> filtering to
> >> make sure that each NIC only responds to arp requests for it's IP
> >> addresses.
> >>
> >> if you really only have one remote IP address and two local addresses
> >> and you
> >> want all communications between the target and  10.1.1.1 to use eth0
> >> while
> >> all communications between the target and 10.1.1.2 to use eth1 things
> >> get more
> >> complicated
> >>
> >> you would need to look into packet/connection tagging and iptables
> >> routeing
> >> decisions.
> >>
> >> rather then try and go into that right now why don't you try to be a
> >> little
> >> clearer about exactly what you are trying to do.
> >>
> >> David Lang
> >>
> >
> > Ok... you asked for the whole thing, here it is (forget my previous
> > example):
> >
> > eth0 - 10.1.1.1
> > eth1 - N/A
> > eth2 - N/A
> > br0 (eth1, eth2) - 10.1.1.2
> > target - 10.1.1.3
> >
> > The bridge (br0) is setup using brctl and seems to work w/o problem...
> > The eth1 and eth2 IP addresses really don't matter since they are both
> > referenced via the bridge and are set to something invalid.  10.1.1.3
> > is connected via cross-over cable to eth2 port.  br0 and eth0 are
> > connected to my network on the same subnet.
> >
> > What I'd like:
> > - all packets (from the network or local) where destination=10.1.1.3
> > to be routed to eth2.
> > - otherwise, all traffic from the network to use eth0 for I/O.
> >
> > Basically, I want to specify that ONLY traffic for 10.1.1.3 is to use
> > eth2.
> >
>
> --
> Mark L. Wise
>
> Alpha II Service, Inc.
> 1312 Epworth Ave
> Reynoldsburg, Ohio 43068-2116
> USA
>
> Office: (614) 868-5033
> Fax: (614) 868-1060
> Email: mark@alpha2.com
> WEB: www.alpha2.com
>
>

Re: Two NICs, same network...

[semi linux]

After much investigation, I'm sad to say that none of the suggestions
worked.  Messing with the routing table seems to be the only way your
can affect which interface is used to send a given packet.

Let me ask this question another way - How to I setup my machine to
use one interface (eth0) for ALL traffic with the exception of one IP
destination/source port (which is on eth1)?

Is this an iptables thing or is it a routing table thing? Can someone
point me in the right direction?

- Gareth


On 5/24/07, semi linux <linuxsemi@gmail.com> wrote:
> Sorry for the latent reply on this one guys - I got pulled off this
> project and after this thread progressed I had a lot of test cases and
> scenarios to work my way through.  While I haven't finished testing
> and I'm not sure I adequately explained the situation I think I have
> found a workable resolution.
>
> Adding ETH0 to the bridge just got really compilcated and messy.
> Packets started to be routed to all kinds of places in different
> network scenarios and it wasn't the right answer to the problem
> although it did show quite a bit of promise initially.  With this
> approach, we also lost the ability to fine-tune the bridge routing and
> left it up to the STP and other bridge algorithms.
>
> Channel bonding is nice, but also not what we were after.  It worked
> but in certain deployment scenarios we would need eth0 to be on
> different network(s) from the rest of the machine and the setup of
> this would be on a case-by-case basis.  this is a little too hands-on
> for the guys who would be deploying the solution ;-)
>
> Finally, we looked into modifying our default routing table.  I
> _think_ this is going to be our end solution.  I have devised a set of
> tests and hopefully it will expose any and all bugs that might come
> from this solution.  Preliminary tests suggest that this will work
> well and can be easily adapted to suit our installations.
>
> thanks for all the help and suggestions guys!  I knew this was
> possible but I didn't figure on there being 2-3 workable solutions.
> Means to an end, I guess.  Thanks!
>
> - Gareth
>
> On 5/9/07, Mark L. Wise <mark@alpha2.com> wrote:
> > Is this not a routing issue?
> >
> > route add -host 10.1.1.3  gw <eth2 ethernet address> eth2
> >
> > This would route all traffic to 10.1.1.3 to eth2
> >
> > Mark
> >
> >
> >
> > semi linux wrote:
> > > On 5/8/07, David Lang <david.lang@digitalinsight.com> wrote:
> > >> On Tue, 8 May 2007, semi linux wrote:
> > >>
> > >> > I've got an odd problem where I've got two NICs on the same network
> > >> > and I want all traffic to one IP to go out one interface and all other
> > >> > traffic to use the second interface.  I'm going to try an simplify my
> > >> > actual setup, because a lot of it makes no difference to this post...
> > >> >
> > >> > I know this has to be a iptables sort of setup since the routing table
> > >> > can only make a difference on different networks and not based on
> > >> > looking for a specific IP address.
> > >> >
> > >> > The question is:
> > >> >
> > >> > eth0 IP: 10.1.1.1
> > >> > eth1 IP: 10.1.1.2
> > >> >
> > >> > target: 10.1.1.3
> > >> >
> > >> > (these IPs are just examples, there are no hard-fast rules surrounding
> > >> > the other possibilities)
> > >> >
> > >> > How do I make sure this goes out eth1 instead of eth0?  Do I use the
> > >> > mangle rule with the physdev module?
> > >> >
> > >> > I feel like I'm overlooking something or forgetting my basic network
> > >> > ideas here...
> > >>
> > >> you haven't quite given enough info here
> > >>
> > >> if you have target2 10.1.1.4 and you want all traffic to target to go
> > >> out eth0
> > >> and all traffic to target2 to go out eth1 then you would want to
> > >> start out with
> > >> defining host routes (the routing table _can_ look at specific hosts,
> > >> not just
> > >> networks)
> > >>
> > >> in addition, I believe that you will need to play around with arp
> > >> filtering to
> > >> make sure that each NIC only responds to arp requests for it's IP
> > >> addresses.
> > >>
> > >> if you really only have one remote IP address and two local addresses
> > >> and you
> > >> want all communications between the target and  10.1.1.1 to use eth0
> > >> while
> > >> all communications between the target and 10.1.1.2 to use eth1 things
> > >> get more
> > >> complicated
> > >>
> > >> you would need to look into packet/connection tagging and iptables
> > >> routeing
> > >> decisions.
> > >>
> > >> rather then try and go into that right now why don't you try to be a
> > >> little
> > >> clearer about exactly what you are trying to do.
> > >>
> > >> David Lang
> > >>
> > >
> > > Ok... you asked for the whole thing, here it is (forget my previous
> > > example):
> > >
> > > eth0 - 10.1.1.1
> > > eth1 - N/A
> > > eth2 - N/A
> > > br0 (eth1, eth2) - 10.1.1.2
> > > target - 10.1.1.3
> > >
> > > The bridge (br0) is setup using brctl and seems to work w/o problem...
> > > The eth1 and eth2 IP addresses really don't matter since they are both
> > > referenced via the bridge and are set to something invalid.  10.1.1.3
> > > is connected via cross-over cable to eth2 port.  br0 and eth0 are
> > > connected to my network on the same subnet.
> > >
> > > What I'd like:
> > > - all packets (from the network or local) where destination=10.1.1.3
> > > to be routed to eth2.
> > > - otherwise, all traffic from the network to use eth0 for I/O.
> > >
> > > Basically, I want to specify that ONLY traffic for 10.1.1.3 is to use
> > > eth2.
> > >
> >
> > --
> > Mark L. Wise
> >
> > Alpha II Service, Inc.
> > 1312 Epworth Ave
> > Reynoldsburg, Ohio 43068-2116
> > USA
> >
> > Office: (614) 868-5033
> > Fax: (614) 868-1060
> > Email: mark@alpha2.com
> > WEB: www.alpha2.com
> >
> >
>

Re: Two NICs, same network...

[Pascal Hambourg]

Hello,

semi linux a écrit :
> 
> Let me ask this question another way - How to I setup my machine to
> use one interface (eth0) for ALL traffic with the exception of one IP
> destination/source port (which is on eth1)?

You need to setup a routing policy.

> Is this an iptables thing or is it a routing table thing?

Both.

> Can someone point me in the right direction?

Linux Advanced Routing & Traffic Control (LARTC) HOWTO.
Chapters 4 & 11.

Re: Two NICs, same network...

[Tommy W]

On Friday 01 June 2007 00:16, semi linux wrote:
> After much investigation, I'm sad to say that none of the suggestions
> worked.  Messing with the routing table seems to be the only way your
> can affect which interface is used to send a given packet.
>
> Let me ask this question another way - How to I setup my machine to
> use one interface (eth0) for ALL traffic with the exception of one IP
> destination/source port (which is on eth1)?
>
> Is this an iptables thing or is it a routing table thing? Can someone
> point me in the right direction?

I'm doing a similar thing, I send all port 80 traffic out using isp2 (eth1)
and everything else on isp1 (eth0).
I use the mark target.

iptables -t mangle -D PREROUTING -s 192.168.0.0/255.255.0.0 -p tcp --dport 80 
-j MARK --set-mark 0x02

then I have set up a different routing table using the tool 'ip'

where BOSTREAMIP is my ip on eth1
and INTIF is  my internal if  eth3

ip rule add from $BOSTREAMIP table bostream
ip rule add fwmark 0x02 lookup bostream

ip route add default via $BOSTREAMGW dev $BOSTREAMIF table bostream
ip route add 192.168.0.0 dev $INTIF table bostream

Perhaps you can use something in my example?
/Tommy Wallberg

> - Gareth
>
> On 5/24/07, semi linux <linuxsemi@gmail.com> wrote:
> > Sorry for the latent reply on this one guys - I got pulled off this
> > project and after this thread progressed I had a lot of test cases and
> > scenarios to work my way through.  While I haven't finished testing
> > and I'm not sure I adequately explained the situation I think I have
> > found a workable resolution.
> >
> > Adding ETH0 to the bridge just got really compilcated and messy.
> > Packets started to be routed to all kinds of places in different
> > network scenarios and it wasn't the right answer to the problem
> > although it did show quite a bit of promise initially.  With this
> > approach, we also lost the ability to fine-tune the bridge routing and
> > left it up to the STP and other bridge algorithms.
> >
> > Channel bonding is nice, but also not what we were after.  It worked
> > but in certain deployment scenarios we would need eth0 to be on
> > different network(s) from the rest of the machine and the setup of
> > this would be on a case-by-case basis.  this is a little too hands-on
> > for the guys who would be deploying the solution ;-)
> >
> > Finally, we looked into modifying our default routing table.  I
> > _think_ this is going to be our end solution.  I have devised a set of
> > tests and hopefully it will expose any and all bugs that might come
> > from this solution.  Preliminary tests suggest that this will work
> > well and can be easily adapted to suit our installations.
> >
> > thanks for all the help and suggestions guys!  I knew this was
> > possible but I didn't figure on there being 2-3 workable solutions.
> > Means to an end, I guess.  Thanks!
> >
> > - Gareth
> >
> > On 5/9/07, Mark L. Wise <mark@alpha2.com> wrote:
> > > Is this not a routing issue?
> > >
> > > route add -host 10.1.1.3  gw <eth2 ethernet address> eth2
> > >
> > > This would route all traffic to 10.1.1.3 to eth2
> > >
> > > Mark
> > >
> > > semi linux wrote:
> > > > On 5/8/07, David Lang <david.lang@digitalinsight.com> wrote:
> > > >> On Tue, 8 May 2007, semi linux wrote:
> > > >> > I've got an odd problem where I've got two NICs on the same
> > > >> > network and I want all traffic to one IP to go out one interface
> > > >> > and all other traffic to use the second interface.  I'm going to
> > > >> > try an simplify my actual setup, because a lot of it makes no
> > > >> > difference to this post...
> > > >> >
> > > >> > I know this has to be a iptables sort of setup since the routing
> > > >> > table can only make a difference on different networks and not
> > > >> > based on looking for a specific IP address.
> > > >> >
> > > >> > The question is:
> > > >> >
> > > >> > eth0 IP: 10.1.1.1
> > > >> > eth1 IP: 10.1.1.2
> > > >> >
> > > >> > target: 10.1.1.3
> > > >> >
> > > >> > (these IPs are just examples, there are no hard-fast rules
> > > >> > surrounding the other possibilities)
> > > >> >
> > > >> > How do I make sure this goes out eth1 instead of eth0?  Do I use
> > > >> > the mangle rule with the physdev module?
> > > >> >
> > > >> > I feel like I'm overlooking something or forgetting my basic
> > > >> > network ideas here...
> > > >>
> > > >> you haven't quite given enough info here
> > > >>
> > > >> if you have target2 10.1.1.4 and you want all traffic to target to
> > > >> go out eth0
> > > >> and all traffic to target2 to go out eth1 then you would want to
> > > >> start out with
> > > >> defining host routes (the routing table _can_ look at specific
> > > >> hosts, not just
> > > >> networks)
> > > >>
> > > >> in addition, I believe that you will need to play around with arp
> > > >> filtering to
> > > >> make sure that each NIC only responds to arp requests for it's IP
> > > >> addresses.
> > > >>
> > > >> if you really only have one remote IP address and two local
> > > >> addresses and you
> > > >> want all communications between the target and  10.1.1.1 to use eth0
> > > >> while
> > > >> all communications between the target and 10.1.1.2 to use eth1
> > > >> things get more
> > > >> complicated
> > > >>
> > > >> you would need to look into packet/connection tagging and iptables
> > > >> routeing
> > > >> decisions.
> > > >>
> > > >> rather then try and go into that right now why don't you try to be a
> > > >> little
> > > >> clearer about exactly what you are trying to do.
> > > >>
> > > >> David Lang
> > > >
> > > > Ok... you asked for the whole thing, here it is (forget my previous
> > > > example):
> > > >
> > > > eth0 - 10.1.1.1
> > > > eth1 - N/A
> > > > eth2 - N/A
> > > > br0 (eth1, eth2) - 10.1.1.2
> > > > target - 10.1.1.3
> > > >
> > > > The bridge (br0) is setup using brctl and seems to work w/o
> > > > problem... The eth1 and eth2 IP addresses really don't matter since
> > > > they are both referenced via the bridge and are set to something
> > > > invalid.  10.1.1.3 is connected via cross-over cable to eth2 port. 
> > > > br0 and eth0 are connected to my network on the same subnet.
> > > >
> > > > What I'd like:
> > > > - all packets (from the network or local) where destination=10.1.1.3
> > > > to be routed to eth2.
> > > > - otherwise, all traffic from the network to use eth0 for I/O.
> > > >
> > > > Basically, I want to specify that ONLY traffic for 10.1.1.3 is to use
> > > > eth2.
> > >
> > > --
> > > Mark L. Wise
> > >
> > > Alpha II Service, Inc.
> > > 1312 Epworth Ave
> > > Reynoldsburg, Ohio 43068-2116
> > > USA
> > >
> > > Office: (614) 868-5033
> > > Fax: (614) 868-1060
> > > Email: mark@alpha2.com
> > > WEB: www.alpha2.com
>
> !DSPAM:1000,46600600313041053320138!