I'm still a little confused. Is this right: You have a cable modem on the LAN for office internet access. You have a DSL connected to the server to provide a public web service.
Is the firewall on the DSL router? And another one on the cable modem?
You may want to consider beefing this upfrom the security standpoint. At least add a firewall on the server.
The usual setup is
internet--->firewall--->LAN and servers, or
internet---->firewall--->LAN | |-->firewall---->DMZ-- ->servers
My setup:
eth 0 eth 1 web services(internet,DSL)-->[server]<-->LAN-->Cable Modem (sonicwall)
The DSL side of the server is for the server only! Clients on the LAN don't touch this; they go out onto the net via the Cable Modem. They should be able just to access the server's resources at 192.168.0.7.
** I want to achive these settings:
eth0: 168.101.199.6,255.255.255.248,gw:168.101.199.5,dns:provided by ISP eth1: 192.168.0.7,255.255.255.0,gw:192.168.0.7,dns:no dns **
Seems like two gateways is a "NO,NO", linux doesn't know what to do and doesn't do anything at all! (can't ping either interface when two GW's are specified.)
I did some asking on IRC and someone suggested I try using iproute2--I tried his suggestion and couldn't make any headway. Is this something I should continue to try?
The server's only route to the internet should be via 168.101.199.5 and the netmask is 255.255.255.248 (not 0.0.0.0) if that is the mask they gave you for the server.
Right, 'cause the server is only going to go out onto the net via the DSL! BUT, if I don't specify a GW for the internal LAN, then that interface becomes defunct.
168.101.199.5 should be a firewall/gateway. (although using the .1 address for the gateway would be more conventional)
Agreed.
Here is my current routing table with my internal LAN NIC disabled (it's not doing any good anyhow!)
Destination Gateway Genmask Flags Metric Ref Use Iface 168.101.199.4 * 255.255.255.248 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 199-5.customer 0.0.0.0 UG 0 0 0 eth0
Another possible issue is your NIC1/NIC2 nomenclature. The one you are calling NIC1 is on the public address which is assigned to eth1. The one you are calling NIC2 is on the private address which is assigned to eth0. Make sure it's connected the way you think it should be. Verify with ifconfig.
Yeah, everything is connected correctly. I would assume it doesn't matter what the interface is called, provided it's connected correctly.
To temporarily fix the default route, try route del default route add default gw 168.100.199.5 netmask 255.255.255.248
Would this help 192.168.0.7 at all?
Thank you VERY much for your help and sticking with me on this one... If anyone else has any insight, please give a shout! I'm also surprised that I can't simply specify the 192.168.0.7 interface WITHOUT a gateway and have it work--well not that surprised really--but I wish there was a simpler solution to make both NIC's work.
TIA,
Julian
