Three NIC problem
Craig White
craigwhite@azapple.com
Sat, 24 Mar 2001 01:25:17 -0700
> -----Original Message-----
> From: plug-discuss-admin@lists.plug.phoenix.az.us
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Bob
> George
> Sent: Friday, March 23, 2001 9:36 PM
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: Three NIC problem
>
>
> "Craig White" <craigwhite@azapple.com> wrote:
> > [...]
> > I would like to see this topic remain public and not private so I can
> > benefit from learning about 3 NIC setup since I am going to be trying to
> do
> > a similar thing.
>
> Are there any particular issues you're concerned about? I've got 3 10/100
> ethernet plus a token ring port going on my firewall at present. I'm using
> Debian on a 2.4.1 kernel to support my internal LAN (general usage), DMZ
> (mail, web servers), and lab (Cisco router pod). NAT to the Internet as
> well. It's working great. In fact, a few of us are using Zebra to test
> various BGP routing scenarios (GRE tunnels between Cisco and
> Linux devices).
> I'd be happy to share my notes.
>
----
I asked about it yesterday.
Your setup is rather easy...
Card 1 - Internal lan - a single IP routes to all internal lan
Card 2 - DMZ - single IP routes to all DMZ lan
Card 3 - Public Internet - obviously has default gateway address
attached to this device since it routes all ip traffic
that isn't on internal lan or dmz lan.
My scenario...
Card 1 - Internal lan - single IP routes to all internal lan
Card 2 - Public Internet - default gateway address
Card 3 - Public Internet - different provider
all three cards operational. I can ping devices on the 'network' segments
from all 3 interfaces.
Problem is - telnet to ip address on card 3 and no response because default
gateway is on card 2 and return traffic doesn't go back the same way it
came. I need to route traffic coming into that card back out thru that same
card/ip address (at least acceptible traffic that isn't REJECTED/DENIED by
the firewall script).
Card 3 and ip address are definitely functional. If I telnet to unacceptable
port, the firewall script logs the rejected packets. If I telnet to
acceptable port (25 or 80), the responses (per tcpdump) come back from the
default gateway interface IP which of course isn't acceptable.
I am of the belief that iproute2 can in essence create the 2nd default
gateway address so that traffic pointed to the ip on interface card 3 will
be returned by the ip on interface card 3. I was hoping that someone could
give me the 2 minute pointer so I didn't have to figure the thing out.
Craig