linux routing

Hi all,
We are running redhat 7.3 linux based firewall+nat+iptable server with 2
nics, with 1 public ip + 1 internal network. However, due to our setup and
upgrade recently, we cater additional public ip (belong to same network as
previous public ip). Due to iptables do not work with ip aliases, we are now
adding additional nic card to serve the new ip. Now, total 3 nics.


|------- public ip 1 (same network as public ip 2) x.y.37.19
(eth0)
|
|
|------- public ip 2 (same network as public ip 1) x.y.37.22
(eth2)
|
|
|------- internal network 192.168.1.0 (eth1)

We just tested the system and some mapping and routing do not work its way,
many mapping do not work thru eth0 -> eth1, some work. The following is the
routing table, generated automatically by the network service.

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
x.y.37.16 (broadcast) * 255.255.255.248 U 0 0 0
eth2
x.y.37.16 * 255.255.255.248 U 0 0 0 eth2
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth2
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default x.y.37.17 (gateway) 0.0.0.0 UG 0 0 0
eth2

Is there anything wrong or incomplete table? eth0 seems missing. Should it
be there? I am a newbie in configuring routing, should anything be
configured manually? Any suggestion is very much appreciated.

Thanks in advance.
Jemy






Jemy

Jemy wrote:
> Hi all,
> We are running redhat 7.3 linux based firewall+nat+iptable server with 2
> nics, with 1 public ip + 1 internal network. However, due to our setup and
> upgrade recently, we cater additional public ip (belong to same network as
> previous public ip). Due to iptables do not work with ip aliases, we are now
> adding additional nic card to serve the new ip. Now, total 3 nics.
>
>
> |------- public ip 1 (same network as public ip 2) x.y.37.19
> (eth0)
> |
> |
> |------- public ip 2 (same network as public ip 1) x.y.37.22
> (eth2)
> |
> |
> |------- internal network 192.168.1.0 (eth1)
>
> We just tested the system and some mapping and routing do not work its way,
> many mapping do not work thru eth0 -> eth1, some work. The following is the
> routing table, generated automatically by the network service.
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> x.y.37.16 (broadcast) * 255.255.255.248 U 0 0 0
> eth2
> x.y.37.16 * 255.255.255.248 U 0 0 0 eth2
> 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
> 169.254.0.0 * 255.255.0.0 U 0 0 0 eth2
> 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
> default x.y.37.17 (gateway) 0.0.0.0 UG 0 0 0
> eth2
>
> Is there anything wrong or incomplete table? eth0 seems missing. Should it
> be there? I am a newbie in configuring routing, should anything be
> configured manually? Any suggestion is very much appreciated.
>
> Thanks in advance.
>
>


You say traffic cannot go from eth0 ---> eth1

eth0 is missing and therefore you don't have routing from eth0 --->
eth1. If you need to route through say eth1, then eth1 MUST be in the
routing tables.

Also, eth2 ip from diagram is x.y.37.22 which is different that what is
found in the routing table.


You can get rid of the 169.254.0.0 by adding this "NOZEROCONF=yes" to
/etc/sysconfig/network.


Did you setup the third network card? try "ifup eth0"

rcr

Jemy,

You should be able to add the aliases to the original card and route
it through iptables. We do this right now with our firewall using 126
IP's. We have an alias for each one of then so the server responds to
it. We then SNAT/DNAT what we want to the internal servers. We also
have a per IP rule in place to lock everything down.

This is on RH 9.0 but we also applied the same thing to RH 7.3 some
time ago. The specifics for 7.3 are a little vague as a contractor
set it up. I did the 9.0 based on the documentation he left for 7.3

Gary

"Jemy" <(E-Mail Removed)> wrote in message news:<41246c42$(E-Mail Removed)>...
> Hi all,
> We are running redhat 7.3 linux based firewall+nat+iptable server with 2
> nics, with 1 public ip + 1 internal network. However, due to our setup and
> upgrade recently, we cater additional public ip (belong to same network as
> previous public ip). Due to iptables do not work with ip aliases, we are now
> adding additional nic card to serve the new ip. Now, total 3 nics.
>