> -----Original Message----- > From: plug-discuss-admin@lists.plug.phoenix.az.us > [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Bob > George > Sent: Friday, March 23, 2001 9:36 PM > To: plug-discuss@lists.plug.phoenix.az.us > Subject: Re: Three NIC problem > > > "Craig White" wrote: > > [...] > > I would like to see this topic remain public and not private so I can > > benefit from learning about 3 NIC setup since I am going to be trying to > do > > a similar thing. > > Are there any particular issues you're concerned about? I've got 3 10/100 > ethernet plus a token ring port going on my firewall at present. I'm using > Debian on a 2.4.1 kernel to support my internal LAN (general usage), DMZ > (mail, web servers), and lab (Cisco router pod). NAT to the Internet as > well. It's working great. In fact, a few of us are using Zebra to test > various BGP routing scenarios (GRE tunnels between Cisco and > Linux devices). > I'd be happy to share my notes. > ---- I asked about it yesterday. Your setup is rather easy... Card 1 - Internal lan - a single IP routes to all internal lan Card 2 - DMZ - single IP routes to all DMZ lan Card 3 - Public Internet - obviously has default gateway address attached to this device since it routes all ip traffic that isn't on internal lan or dmz lan. My scenario... Card 1 - Internal lan - single IP routes to all internal lan Card 2 - Public Internet - default gateway address Card 3 - Public Internet - different provider all three cards operational. I can ping devices on the 'network' segments from all 3 interfaces. Problem is - telnet to ip address on card 3 and no response because default gateway is on card 2 and return traffic doesn't go back the same way it came. I need to route traffic coming into that card back out thru that same card/ip address (at least acceptible traffic that isn't REJECTED/DENIED by the firewall script). Card 3 and ip address are definitely functional. If I telnet to unacceptable port, the firewall script logs the rejected packets. If I telnet to acceptable port (25 or 80), the responses (per tcpdump) come back from the default gateway interface IP which of course isn't acceptable. I am of the belief that iproute2 can in essence create the 2nd default gateway address so that traffic pointed to the ip on interface card 3 will be returned by the ip on interface card 3. I was hoping that someone could give me the 2 minute pointer so I didn't have to figure the thing out. Craig