Three NIC problem

Craig White craigwhite@azapple.com
Sat, 24 Mar 2001 02:37:31 -0700 

> -----Original Message-----
> From: plug-discuss-admin@lists.plug.phoenix.az.us
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Craig
> White
> Sent: Saturday, March 24, 2001 1:25 AM
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: RE: Three NIC problem
>
>
> > -----Original Message-----
> > From: plug-discuss-admin@lists.plug.phoenix.az.us
> > [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Bob
> > George
> > Sent: Friday, March 23, 2001 9:36 PM
> > To: plug-discuss@lists.plug.phoenix.az.us
> > Subject: Re: Three NIC problem
> >
> >
> > "Craig White" <craigwhite@azapple.com> wrote:
> > > [...]
> > > I would like to see this topic remain public and not private so I can
> > > benefit from learning about 3 NIC setup since I am going to
> be trying to
> > do
> > > a similar thing.
> >
> > Are there any particular issues you're concerned about? I've
> got 3 10/100
> > ethernet plus a token ring port going on my firewall at
> present. I'm using
> > Debian on a 2.4.1 kernel to support my internal LAN (general usage), DMZ
> > (mail, web servers), and lab (Cisco router pod). NAT to the Internet as
> > well. It's working great. In fact, a few of us are using Zebra to test
> > various BGP routing scenarios (GRE tunnels between Cisco and
> > Linux devices).
> > I'd be happy to share my notes.
> >
> ----
> I asked about it yesterday.
>
> Your setup is rather easy...
> Card 1 - Internal lan - a single IP routes to all internal lan
> Card 2 - DMZ - single IP routes to all DMZ lan
> Card 3 - Public Internet - obviously has default gateway address
>          attached to this device since it routes all ip traffic
>          that isn't on internal lan or dmz lan.
>
> My scenario...
> Card 1 - Internal lan - single IP routes to all internal lan
> Card 2 - Public Internet - default gateway address
> Card 3 - Public Internet - different provider
>
> all three cards operational. I can ping devices on the 'network' segments
> from all 3 interfaces.
>
> Problem is - telnet to ip address on card 3 and no response
> because default
> gateway is on card 2 and return traffic doesn't go back the same way it
> came. I need to route traffic coming into that card back out thru
> that same
> card/ip address (at least acceptible traffic that isn't REJECTED/DENIED by
> the firewall script).
>
> Card 3 and ip address are definitely functional. If I telnet to
> unacceptable
> port, the firewall script logs the rejected packets. If I telnet to
> acceptable port (25 or 80), the responses (per tcpdump) come back from the
> default gateway interface IP which of course isn't acceptable.
>
> I am of the belief that iproute2 can in essence create the 2nd default
> gateway address so that traffic pointed to the ip on interface card 3 will
> be returned by the ip on interface card 3. I was hoping that someone could
> give me the 2 minute pointer so I didn't have to figure the thing out.
>
> Craig
>
---
I got it working...took me about an hour.

duh...

Craig