> -----Original Message----- > From: plug-discuss-admin@lists.plug.phoenix.az.us > [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Craig > White > Sent: Saturday, March 24, 2001 1:25 AM > To: plug-discuss@lists.plug.phoenix.az.us > Subject: RE: Three NIC problem > > > > -----Original Message----- > > From: plug-discuss-admin@lists.plug.phoenix.az.us > > [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Bob > > George > > Sent: Friday, March 23, 2001 9:36 PM > > To: plug-discuss@lists.plug.phoenix.az.us > > Subject: Re: Three NIC problem > > > > > > "Craig White" wrote: > > > [...] > > > I would like to see this topic remain public and not private so I can > > > benefit from learning about 3 NIC setup since I am going to > be trying to > > do > > > a similar thing. > > > > Are there any particular issues you're concerned about? I've > got 3 10/100 > > ethernet plus a token ring port going on my firewall at > present. I'm using > > Debian on a 2.4.1 kernel to support my internal LAN (general usage), DMZ > > (mail, web servers), and lab (Cisco router pod). NAT to the Internet as > > well. It's working great. In fact, a few of us are using Zebra to test > > various BGP routing scenarios (GRE tunnels between Cisco and > > Linux devices). > > I'd be happy to share my notes. > > > ---- > I asked about it yesterday. > > Your setup is rather easy... > Card 1 - Internal lan - a single IP routes to all internal lan > Card 2 - DMZ - single IP routes to all DMZ lan > Card 3 - Public Internet - obviously has default gateway address > attached to this device since it routes all ip traffic > that isn't on internal lan or dmz lan. > > My scenario... > Card 1 - Internal lan - single IP routes to all internal lan > Card 2 - Public Internet - default gateway address > Card 3 - Public Internet - different provider > > all three cards operational. I can ping devices on the 'network' segments > from all 3 interfaces. > > Problem is - telnet to ip address on card 3 and no response > because default > gateway is on card 2 and return traffic doesn't go back the same way it > came. I need to route traffic coming into that card back out thru > that same > card/ip address (at least acceptible traffic that isn't REJECTED/DENIED by > the firewall script). > > Card 3 and ip address are definitely functional. If I telnet to > unacceptable > port, the firewall script logs the rejected packets. If I telnet to > acceptable port (25 or 80), the responses (per tcpdump) come back from the > default gateway interface IP which of course isn't acceptable. > > I am of the belief that iproute2 can in essence create the 2nd default > gateway address so that traffic pointed to the ip on interface card 3 will > be returned by the ip on interface card 3. I was hoping that someone could > give me the 2 minute pointer so I didn't have to figure the thing out. > > Craig > --- I got it working...took me about an hour. duh... Craig