Re: Fedora Box with TWO NIC's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Julian Underwood wrote:

I have a Fedora box with two working NIC's:

DSL, static IP:
(NIC 1)
ip:168.101.199.6
nm:255.255.255.248
gw:168.101.199.5
dns:168.101.1.3, 168.101.1.9

LAN, has a sonicwall router to Cable modem:
(NIC 2)
ip:192.168.0.7
nm:255.255.255.0
gw:192.168.0.1 (currently NOT SET so at least the DSL NIC is functional)
dns:not needed

With this setup, /nothing/ works. Can't ping anything, can't browse from the box locally, nothing. However if I remove the gateway on NIC 2 (192.168.0.1), then I can at least browse through NIC 1 and it can be pinged. However--the LAN interface is still useless, can't ping it.

The reverse works the same. Remove the GW on NIC 1 (168.101.199.5) and place it on NIC 2 (192.168.0.1) then I can browse through NIC 2 on the Cable modem side, but then the DSL NIC becomes useless (can't ping).

So I am asking, what is the trick to make BOTH interfaces work and if the server needs to go out onto the net, it will by default browse out on the DSL side of things? I would like to be able to manage the server and provide file services from the LAN side.

$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
168.101.199.6 0.0.0.0 255.255.255.248 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 168.100.199.5 0.0.0.0 UG 0 0 0 eth1


Again, I think this output is with my LAN NIC disabled, again: the LAN NIC doesn't have a gw because /nothing/ works when it is defined. Goal: be able to provide management and file services from the LAN NIC and still function with the DSL NIC.

Julian Underwood wrote:

Scroll down for the output of netstat -nr!


I have a Fedora box with two working NIC's:

DSL, static IP:
(NIC 1)
ip:168.101.199.6
nm:255.255.255.248
gw:168.101.199.5
dns:168.101.1.3, 168.101.1.9


LAN, has a sonicwall router to Cable modem: (NIC 2) ip:192.168.0.7 nm:255.255.255.0 gw:192.168.0.1 (currently NOT SET so at least the DSL NIC is functional) dns:not needed

With this setup, /nothing/ works. Can't ping anything, can't browse from the box locally, nothing. However if I remove the gateway on NIC 2 (192.168.0.1), then I can at least browse through NIC 1 and it can be pinged. However--the LAN interface is still useless, can't ping it.

The reverse works the same. Remove the GW on NIC 1 (168.101.199.5) and place it on NIC 2 (192.168.0.1) then I can browse through NIC 2 on the Cable modem side, but then the DSL NIC becomes useless (can't ping).

So I am asking, what is the trick to make BOTH interfaces work and if the server needs to go out onto the net, it will by default browse out on the DSL side of things? I would like to be able to manage the server and provide file services from the LAN side.

$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
168.101.199.6 0.0.0.0 255.255.255.248 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 168.100.199.5 0.0.0.0 UG 0 0 0 eth1


Again, I think this output is with my LAN NIC disabled, again: the LAN NIC doesn't have a gw because /nothing/ works when it is defined. Goal: be able to provide management and file services from the LAN NIC and still function with the DSL NIC.


I'm still a little confused.  Is this right:
You have a cable modem on the LAN for office internet access.
You have a DSL connected to the server to provide a public web service.

Is the firewall on the DSL router? And another one on the cable modem?
You may want to consider beefing this upfrom the security standpoint. At least add a firewall on the server.


The usual setup is

internet--->firewall--->LAN and servers, or

internet---->firewall--->LAN
            |
            |-->firewall---->DMZ-- ->servers

The server's only route to the internet should be via 168.101.199.5 and the netmask is 255.255.255.248 (not 0.0.0.0) if that is the mask they gave you for the server.
168.101.199.5 should be a firewall/gateway. (although using the .1 address for the gateway would be more conventional)


So your routing table might look about like this:

168.101.199.6 0.0.0.0 255.255.255.248 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
(the above route should get you to the LAN)


169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
(I don't know what the above is. Probably learned from the cable modem. Keep the "routed" process turned off.)


127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 168.100.199.5 255.255.255.248 UG 0 0 0 eth1
(note the mask was changed in the line above)


Another possible issue is your NIC1/NIC2 nomenclature. The one you are calling NIC1 is on the public address which is assigned to eth1. The one you are calling NIC2 is on the private address which is assigned to eth0. Make sure it's connected the way you think it should be. Verify with ifconfig.

Unless FC2 is different, the files which set this up whenever you do a boot or service network restart are in /etc/sysconfig/network-scripts/ifcfg-eth? and /etc/sysconfig/network. There's also a gui, I think redhat-config-network.

To temporarily fix the default route, try
route del default
route add default gw 168.100.199.5 netmask 255.255.255.248

And of course, on your LAN, make sure the workstations are pointed to the cable modem as default gateway.
Make sure the DSL router and everything else on the segment has the 255.255.255.248 netmask.
The server's DNS address in the server's /etc/resolv.conf should be the one from the DSL company.




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux