A number of weeks ago I had huge help from many of you configuring routing on a server with multiple Internet facing nics. Thanks for all of your help!!!!
I am still having a routing issue that I am hoping someone can help me tweek. This server, besides acting as our gateway to the internet, is also our web and email server. The server has 4 nics. Two are connected to the internet and the other two route traffic to internal subnets.
Our network topography in question looks like this:
Internet - Gateway Server - 192.168.4 subnet - Internal Server - 192.168.6 subnet - Clients
The problem that I am experiencing is that part of our internal network, the 192.168.6 subnet cannot view our website that is hosted on our Gateway server. Our Internal Server can access the site but the Clients simply time out looking for it.
If I point the Client to the internal address of the Gateway Server I can pull up the site but if I use the URL the browser times out.
If I turn off my ip rules I can then view the URL on my Clients but of course external routing falls apart.
/etc/sysconfig/network-scripts/rule-eth2
from 173.11.51.45 table Cable /etc/sysconfig/network-scripts/rule-eth3
from 67.152.166.2 table T1 /etc/sysconfig/network-scripts/route-eth0
GATEWAY1=192.168.4.3 NETMASK1=255.255.255.0 ADDRESS1=192.168.6.0 GATEWAY0=192.168.4.2 NETMASK0=255.255.255.0 ADDRESS0=192.168.5.0 /etc/sysconfig/network-scripts/route-eth1
GATEWAY0=192.168.4.1 NETMASK0=255.255.255.0 ADDRESS0=192.168.4.0
/etc/sysconfig/network-scripts/route-eth2
173.11.51.44/30 dev eth2 proto kernel scope link src 173.11.51.45 table Cable 173.11.51.44/30 dev eth2 src 173.11.51.45 default via 173.11.51.46 table Cable default via 173.11.51.46 192.168.4.0/24 dev eth0 proto kernel scope link src 192.168.4.1 table Cable /etc/sysconfig/network-scripts/route-eth3
67.152.166.0/27 dev eth3 proto kernel scope link src 67.152.166.2 table T1 67.152.166.0/27 dev eth3 src 67.152.166.2 default via 67.152.166.1 table T1 192.168.4.0/24 dev eth0 proto kernel scope link src 192.168.4.1 table T1 # ip rule list 0: from all lookup 255 32764: from 67.152.166.2 lookup T1 32765: from 173.11.51.45 lookup Cable 32766: from all lookup main 32767: from all lookup default # ip route show 173.11.51.44/30 dev eth2 scope link src 173.11.51.45 67.152.166.0/27 dev eth3 proto kernel scope link src 67.152.166.2 192.168.6.0/24 via 192.168.4.3 dev eth0 192.168.5.0/24 via 192.168.4.2 dev eth0 192.168.4.0/24 dev eth0 proto kernel scope link src 192.168.4.1 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1 169.254.0.0/16 dev eth3 scope link default via 173.11.51.46 dev eth2 # ip route show table cable 173.11.51.44/30 dev eth2 proto kernel scope link src 173.11.51.45 192.168.4.0/24 dev eth0 proto kernel scope link src 192.168.4.1 default via 173.11.51.46 dev eth2 # ip route show tabel T1 67.152.166.0/27 dev eth3 proto kernel scope link src 67.152.166.2 192.168.4.0/24 dev eth0 proto kernel scope link src 192.168.4.1 default via 67.152.166.1 dev eth3 Any insight would be greatly appreciated! I have been pecking away at it and I just can't seem to get it right.
Thanks - Doug
Hi,
When you return packets from your webserver/gateway machine, they will come from the external address (173.11.51.45 or 67.152.166.2), so they will use routing table Cable or T1, and network 192.168.6.0 is not in that routing table, so it will try to use the default gateway and send the packets to the internet instead of back to the internal network. See here:
On Wed, Jul 22, 2009 at 02:10, Doug Coatsdcoatshca@gmail.com wrote:
# ip route show table cable 173.11.51.44/30 dev eth2 proto kernel scope link src 173.11.51.45 192.168.4.0/24 dev eth0 proto kernel scope link src 192.168.4.1 default via 173.11.51.46 dev eth2 # ip route show tabel T1 67.152.166.0/27 dev eth3 proto kernel scope link src 67.152.166.2 192.168.4.0/24 dev eth0 proto kernel scope link src 192.168.4.1 default via 67.152.166.1 dev eth3
I believe what you need to fix this issue is:
# ip route add 192.168.6.0/24 via 192.168.4.3 dev eth0 table Cable # ip route add 192.168.6.0/24 via 192.168.4.3 dev eth0 table T1
If you are doing NAT on your gateway/webserver, it might also affect this connection, so you should look for it.
You should try to use "tcpdump" (or "ethereal") and run one instance of it in each interface to see where the packets are going. For instance, you can use it to see that the response packets are going out in interface eth2 or eth3 instead of eth0 as they should. You will also be able to see if NAT is being done when receiving the packets and if it's being undone when they are returned.
HTH, Filipe
You were exactly correct. This resolved my issue. Thanks so much!!! As you can tell I am new to using iproute2.
Thanks again!!!
I believe what you need to fix this issue is:
# ip route add 192.168.6.0/24 via 192.168.4.3 dev eth0 table Cable # ip route add 192.168.6.0/24 via 192.168.4.3 dev eth0 table T1
-
Doug Coats -
Filipe Brandenburger