configuring Multiple network cards

Can anyone help me with this problem (I am new to linux) --

I'm trying to set up a machine as a network router in my lab with the
following configuration:

1. The router machine has 3 network cards
2. eth0 is connected to the outside world (it is working fine currently
- I am connected to the internet.)
3. eth1 is connected to a port to which 2 linux machines are connected.
This is the DMZ - each of the two machines has its own IP address. One
machine is a password and file server and the other is the mail and web
server. eth1 previously had its own IP address
4. eth2 is connected to another port to which all the 192.168 machines
are connected.

I am using this configuration because this is what existed before our
firewall router broke down.

I have these questions:

1. What gateway should I specify for eth1? Should it be the IP address
of eth0?

2. When I do use the IP address of eth0 as gateway for eth1, I am still
connected to the internet, but I cannot ping the machines inside my
domain any more!!

What might I be doing wrong?

--
Change 'T' to 'i' for mailing directly.

Siddharth S Malu wrote:

> Can anyone help me with this problem (I am new to linux) --
>
> I'm trying to set up a machine as a network router in my lab with the
> following configuration:
>
> 1. The router machine has 3 network cards
> 2. eth0 is connected to the outside world (it is working fine currently
> - I am connected to the internet.)
> 3. eth1 is connected to a port to which 2 linux machines are connected.
> This is the DMZ - each of the two machines has its own IP address. One
> machine is a password and file server and the other is the mail and web
> server. eth1 previously had its own IP address
> 4. eth2 is connected to another port to which all the 192.168 machines
> are connected.
>
> I am using this configuration because this is what existed before our
> firewall router broke down.
>
> I have these questions:
>
> 1. What gateway should I specify for eth1? Should it be the IP address
> of eth0?
>
> 2. When I do use the IP address of eth0 as gateway for eth1, I am still
> connected to the internet, but I cannot ping the machines inside my
> domain any more!!
>
> What might I be doing wrong?
>

Are the boxes at eth1 supposed to send password and file data out to the
internet or only to the boxes in the local domain?

To my knowledge, if you set the IP address of eth0 as the default gateway
for eth1, eth1 will send all packets there first. man route tells you about
the GW option:

gw GW route packets via a gateway. NOTE: The specified gateway must be
reachable first. This usually means that you have to set up a static route
to the gateway beforehand. -->If you specify the address of one of your
local interfaces, it will be used to decide about the interface to which
the packets should be routed to.<-- This is a BSDism compatibility hack.

So if eth0 is the default GW of eth1 and it doesn´t know where to route
packets that are supposed to go to one of the boxes connected to eth2, they
can of course not reach their destination. I think you´ll have to set your
own routes here.

Good luck!

On Wed, 26 Nov 2003, Siddharth S Malu
<(E-Mail Removed)> (T=i) wrote:
> Can anyone help me with this problem (I am new to linux) --
>
> I'm trying to set up a machine as a network router in my lab with the
> following configuration:
>
> 1. The router machine has 3 network cards
> 2. eth0 is connected to the outside world (it is working fine currently
> - I am connected to the internet.)
> 3. eth1 is connected to a port to which 2 linux machines are connected.
> This is the DMZ - each of the two machines has its own IP address. One
> machine is a password and file server and the other is the mail and web
> server. eth1 previously had its own IP address
> 4. eth2 is connected to another port to which all the 192.168 machines
> are connected.
>
> I am using this configuration because this is what existed before our
> firewall router broke down.
>
> I have these questions:
>
> 1. What gateway should I specify for eth1? Should it be the IP address
> of eth0?

None. You only use a gateway for non-local networks (not directly
connected), and I assume 2 boxes on eth1 are directly connected with
switch or hub. Those would only use network or host routing (no gw).

Unless you have any internal routers, your only gateway should be default
gw on eth0 that leads to internet.

> 2. When I do use the IP address of eth0 as gateway for eth1, I am still
> connected to the internet, but I cannot ping the machines inside my
> domain any more!!

You probably have incorrect netmasks and/or routing, but a specific answer
is impossible without knowing IPs/netmasks involved or whether eth0
network knows to use your eth0 IP as gw to reach IPs on eth1.

If using same netmask for eth0 and eth1, that would conflict. You could
try setting eth1 netmask as 255.255.255.255, broadcast same as IP, and
specific host routes for those 2 hosts on eth1 (no route is necessary for
your own eth1 IP). If eth0 network does not know those 2 IPs are behind
you, you may need to enable proxy_arp for eth0
(echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp)

Your iptables also has to be correctly configured (which is easy for 3
nics including DMZ in SuSE, but not sure what tools RH has).

--
David Efflandt - All spam ignored http://www.de-srv.com/