A while back I posted about a situation where I have a computer that sites simultaneously on the BYU private and public networks. Someone mentioned that linux shouldn't have a problem with this because packets just know to go back out the interface they came in on. This turns out to be untrue.
When I first set up the machine, with the default route set to be the private network, any traffic that arrived in on the public interface would have responses sent out the private interface, since that was the default route. When I set the default route to be the public interface, then outside computers could ping it again, but not people on the private network. The solution lies in the advanced routing features of the linux kernel. This is described here: http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html Only the stuff in the first section was needed, since this computer isn't routing traffic on behalf of other computers. Now with routing tables and special rules (the ip rule command) that mark packets and bind them to a certain routing table, everything is working. It turns out the same thing can be accomplished with iptables and packet mangling, but I think the ip rule command actually sets the mangling mechanism implicitly. So basically if you ever have a machine that has two upstream providers (multi-homed interface), you'll need to at least implement routing in this way. -- Michael Torrie Assistant CSR, System Administrator Chemistry and Biochemistry Department Brigham Young University Provo, UT 84602 +1.801.422.5771 /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
