On Sat, 18 May 2002 [EMAIL PROTECTED] wrote: > You must use policy routing to implement this. > > Your problem is that there's only one routing table, and only one default > route on each machine. > > See the documentation on iproute2. > > -alex > On Sat, 18 May 2002, Roberto Campos wrote: > > > Hi, > > > > I have a firewall (RH 7.2) and it's working fine. > > It has 3 NICs one for the internal network and the other two > > goes for each of my two Internet Links. > > > > In my internal network i have a few machines running services > > like WWW, SMTP, etc... > > > > Each of those machines have two associated IPs, one for each > > of my internet links, let's say 192.168.0.xxx and 10.10.0.xxx > > for each machine.
http://www.policyrouting.org The reason I ask is that most of the detailed explanation assumes that you know how the ip utility is used. In a quick overview - and please feel free to ask me for more details eth0 = 1.1.1.1/24 eth1 = 2.2.2.2/24 Or you could have both addrs on one interface - Do not use coloned interfaces (ex eth0:0) as they have been deprecated for 4 years. These addresses are "bound" or assigned to these interfaces. The relevant ip commands are: ip addr add 1.1.1.1/24 brd + dev eth0 ip addr add 2.2.2.2/24 brd + dev eth1 For both addrs on one interface use: ip addr add 1.1.1.1/24 brd + dev eth0 ip addr add 2.2.2.2/24 brd + dev eth0 brd + defines the broadcast address as "standard" IE based on the Netmask (/24 = 255.255.255.0) Linux using 'ip' allows you to add as many of these as you want (addresses that is). ip route add default dev eth0 table 1 ip route add default dev eth1 table 2 These commands add specific routes into specific tables (see below) ip rule add from 1.1.1.1/32 dev lo table 1 prio 15000 ip rule add from 2.2.2.2/32 dev lo table 2 prio 16000 Policy routing consists of a Triad: Address defines a service location Route defines the path to an Address Rule defines the path/function of a Route So these two rules define how a specific route (a unitary route in this case as defined by the /32 - think 'host' route) originating from within the physical system (dev lo) is controlled by a specific route table. The priority refers to the ordering of rules (there are 2^32 possible rules) In this case we send any data originating within our host through specific route tables. Within these tables are the routes that we defined earlier. Simply put we have stated: 1. Any output from our system using 1.1.1.1 goes out eth0 ONLY. 2. Any output from our system using 2.2.2.2 goes out eth1 ONLY. Let me know if this is sufficient (or any other questions you have) > > The problem goes here: > > > > When the machine receives a request for answer from the 10.10.0 > > network it cames in directed to let's say 10.10.0.35 (the one at > > eth0:0) it answers using the other ip (the one at eth0) > > > > How can i correct this behavior? > > > > Thanks. > > > > Roberto Campos > > ____________________________________________ > > Meu Provedor Tecnologias e Inform�tica Ltda. > > Rua Camerino, 128 Grs. 302 > > Centro - Rio de Janeiro - RJ - CEP 20080-010 > > Tel.: 55 21 25181011 (PABX/FAX) > > Telefone M�vel - Celular: 55 21 91978284 > > > > > > ! > > > > > > -------------------------------------------------- Matthew G. Marsh, President Paktronix Systems LLC 1506 North 59th Street Omaha NE 68104 Phone: (402) 932-7250 x101 Email: [EMAIL PROTECTED] WWW: http://www.paktronix.com --------------------------------------------------
