[CentOS] Need help getting two NICs to work on CentOS 7

Mon Nov 7 09:06:45 UTC 2016
Peter Brady <subscriptions at simonplace.net>

On 7/11/2016 6:00 PM, Sean Son wrote:
> Hello all
>
> Here is the scenario:  We have a mail server VM which currently has two
> virtual NICs attached to it. One NIC is has an IP on a subnet with a
> default gateway defined and the other NIC has an IP on a different subnet
> with a different gateway on a different VLAN defined. Now when I activate
> both NICs, and run an ifconfig -a, I see that both IP addresses are
> showing. Now here is the problem. When I ping the VM, the first NIC's IP is
> not pingable at all, but the second NIC's IP is pingable. How do I
> configure the networking so that both IPs are pingable and the VM is
> reachable via both IPs? Please let me know what I may be doing wrong!
>
I've done this recently on C7.  The key words for your Google Fu is
policy based routing.  That ensures the incoming packets come back out
the same interface they came in on.  Mind you, depending on the routers
in the way this may not be a problem.  CISCO ASAs get really picky but
otherwise there may be other problems to deal with as well.

If you're using Network Manager then the package:
NetworkManager-config-routing-rules will help.

After that you create the rules and routes files in
/etc/sysconfig/network-scripts

So in my case I have:

  * enp3s0: 192.168.20.253 (the default gateway on this subnet is
    192.168.20.2)
  * vlan22 at enp3s0: 192.168.22.253 (the default gateway on this subnet is
    192.168.22.1)

[root at host network-scripts]# cat route-enp3s0
192.168.20.0/24 dev enp3s0 tab 20
default via 192.168.20.2 dev enp3s0 tab 20

[root at host network-scripts]# cat rule-enp3s0
from 192.168.20.0/24 tab 20 priority 20

[root at host network-scripts]# cat route-vlan22
192.168.22.0/24 dev vlan22 tab 22
default via 192.168.22.1 dev vlan22 tab 22

[root at host network-scripts]# cat rule-vlan22
from 192.168.22.0/24 tab 22 priority 22

Wireshark can be really helpful here as it can confirm that the
"unpingable" NIC is actually receiving the packets that you think it
is.  And hopefully in that case can also confirm if the echo packets are
going out the alternate NIC.  If there are no incoming packets then the
PBR is no real help at all and you'd need to look further upstream.

Hope that helps,
-pete


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20161107/1ed82493/attachment-0005.sig>