confused routes with multiple nics

I've got 2 NICs I'm not able to reach my dns servers on eth0 unless I
disable eth1. Obviously, my routes are incorrect but my medeling with
them has caused more problems than not. Here is my setup:

eth0
ip 129.200.32.46
subnet 255.255.255.192
gateway 129.200.32.1
dns 129.200.101.3
dns 129.172.51.4

eth1
ip 10.0.0.211
subnet 255.255.255.0
gateway 10.0.0.1
no dns

I can ping hosts with 10.0.0.2xx IPs and hosts with 129.200.32.xxx IPs
but I cannot ping the DNS server IPs. When I do it tells me its using
the 10.0.0.211 interface(eth1). Any suggestions on how I should setup
my routes?



kevincw01

kevincw01 wrote:
> I've got 2 NICs I'm not able to reach my dns servers on eth0 unless I
> disable eth1. Obviously, my routes are incorrect but my medeling with
> them has caused more problems than not. Here is my setup:
>
> eth0
> ip 129.200.32.46
> subnet 255.255.255.192
> gateway 129.200.32.1
> dns 129.200.101.3
> dns 129.172.51.4
>
> eth1
> ip 10.0.0.211
> subnet 255.255.255.0
> gateway 10.0.0.1
> no dns
>
> I can ping hosts with 10.0.0.2xx IPs and hosts with 129.200.32.xxx IPs
> but I cannot ping the DNS server IPs. When I do it tells me its using
> the 10.0.0.211 interface(eth1). Any suggestions on how I should setup
> my routes?
>
You have two gateways to the rest of the internet; you should only have one!

Robert

On Aug 6, 2:16 pm, Robert Harris <robert.f.har...@blueyonder.co.uk>
wrote:
> kevincw01 wrote:
> > I've got 2 NICs I'm not able to reach my dns servers on eth0 unless I
> > disable eth1. Obviously, my routes are incorrect but my medeling with
> > them has caused more problems than not. Here is my setup:
>
> > eth0
> > ip 129.200.32.46
> > subnet 255.255.255.192
> > gateway 129.200.32.1
> > dns 129.200.101.3
> > dns 129.172.51.4
>
> > eth1
> > ip 10.0.0.211
> > subnet 255.255.255.0
> > gateway 10.0.0.1
> > no dns
>
> > I can ping hosts with 10.0.0.2xx IPs and hosts with 129.200.32.xxx IPs
> > but I cannot ping the DNS server IPs. When I do it tells me its using
> > the 10.0.0.211 interface(eth1). Any suggestions on how I should setup
> > my routes?
>
> You have two gateways to the rest of the internet; you should only have one!
>
> Robert

So, you're saying I should remove the gateway for eth1?

On Mon, 06 Aug 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <(E-Mail Removed). com>, kevincw01 wrote:

>I've got 2 NICs I'm not able to reach my dns servers on eth0 unless I
>disable eth1. Obviously, my routes are incorrect but my medeling with
>them has caused more problems than not. Here is my setup:

Ow, no indication of what distribution and release.

>eth0
>ip 129.200.32.46
>subnet 255.255.255.192
>gateway 129.200.32.1
>dns 129.200.101.3
>dns 129.172.51.4
>eth1
>ip 10.0.0.211
>subnet 255.255.255.0
>gateway 10.0.0.1
>no dns

One definite, one possible problem

>I can ping hosts with 10.0.0.2xx IPs and hosts with 129.200.32.xxx IPs
>but I cannot ping the DNS server IPs. When I do it tells me its using
>the 10.0.0.211 interface(eth1).

Where does the 10.0.0.1 gateway lead? I'd bet it does not lead to the
Internet, much less the 129.200.0.0/16 area, so it's almost certainly
wrong. The "normal" routing table for this box should look something
like

/sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
129.200.32.0 0.0.0.0 255.255.255.192 U 0 0 929 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 1450 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 388 lo
0.0.0.0 129.200.32.1 0.0.0.0 UG 0 0 79 eth0

Perhaps that 10.0.0.1 gateway leads to other subnets in the 10.0.0.0/8
range, and ONLY in that case should there be an entry for it, like
10.0.0.0 10.0.0.1 255.0.0.0 U 0 0 21 eth1

What you have done is mis-use the word "gateway". While the more simple
meaning of the word is "that host that leads elsewhere" - virtually all
Linux distributions (and the crappy "helper" tools provided by the various
distributions) make the _assumption_ that if you declare a gateway, it
MUST lead to the _world_ which is not always the case, and pretty uncommon
when there are multiple ways off of the local wire.

Read the routing table (above) like this:

There is a route to 129.200.32.0 - 129.200.32.63, and these hosts are
DIRECTLY attached to eth0. Because these hosts are directly attached, no
gateway is needed to reach them. There is a route to 10.0.0.0 - 10.0.0.255,
and these hosts are DIRECTLY attached to eth1. Again, no gateway is needed
to reach these hosts. There is a route to the loopback (120.0.0.0/8). IF
NONE OF THE ABOVE ROUTES LEAD WHERE YOU WANT TO GO, SEND THE PACKETS TO
129.200.32.1. This last sentence defines a "default" route (meaning if
nothing else works, use this). Now if you think about it, you can't have
two defaults in this scenario because you never NEED (much less 'see') the
second default - because the "first" one says "use me!!!".

>Any suggestions on how I should setup my routes?

Loose the second default route - OR set it up so that the kernel knows
where it _does_ lead to (which is obviously not "everywhere").

There are circumstances where two (or more) default routes may need to
exist. This is not one of those cases. For details on them, see the
Adv-Routing-HOWTO which should be on your system.

Above, I mentioned a "possible" problem. The DNS servers have to know about
all hosts you intend to talk to that are NOT included in /etc/hosts (or an
NIS file if using that). The kernel believes the first answer it receives
from a name resolver - and that includes the NXDOMAIN (does not exist in
_my_ records) response from DNS. Talk to your network administrator if
there are hostnames on the 10.0.0.0/24 network that the 129.x.x.x servers
don't know about. For what it's worth, we using internal name servers for
internal hosts (servers not reachable from the world) and these know how
to resolve external addresses as well. Internal hostnames are not visible
outside.

Old guy

On Aug 6, 5:18 pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
> One definite, one possible problem
>
> >I can ping hosts with 10.0.0.2xx IPs and hosts with 129.200.32.xxx IPs
> >but I cannot ping the DNS server IPs. When I do it tells me its using
> >the 10.0.0.211 interface(eth1).
>
> Where does the 10.0.0.1 gateway lead? I'd bet it does not lead to the
> Internet, much less the 129.200.0.0/16 area, so it's almost certainly
> wrong. The "normal" routing table for this box should look something
> like
>
> /sbin/route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 129.200.32.0 0.0.0.0 255.255.255.192 U 0 0 929 eth0
> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 1450 eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 388 lo
> 0.0.0.0 129.200.32.1 0.0.0.0 UG 0 0 79 eth0
>
> Perhaps that 10.0.0.1 gateway leads to other subnets in the 10.0.0.0/8
> range, and ONLY in that case should there be an entry for it, like
> 10.0.0.0 10.0.0.1 255.0.0.0 U 0 0 21 eth1
>
> What you have done is mis-use the word "gateway". While the more simple
> meaning of the word is "that host that leads elsewhere" - virtually all
> Linux distributions (and the crappy "helper" tools provided by the various
> distributions) make the _assumption_ that if you declare a gateway, it
> MUST lead to the _world_ which is not always the case, and pretty uncommon
> when there are multiple ways off of the local wire.
>
> Read the routing table (above) like this:
>
> There is a route to 129.200.32.0 - 129.200.32.63, and these hosts are
> DIRECTLY attached to eth0. Because these hosts are directly attached, no
> gateway is needed to reach them. There is a route to 10.0.0.0 - 10.0.0.255,
> and these hosts are DIRECTLY attached to eth1. Again, no gateway is needed
> to reach these hosts. There is a route to the loopback (120.0.0.0/8). IF
> NONE OF THE ABOVE ROUTES LEAD WHERE YOU WANT TO GO, SEND THE PACKETS TO
> 129.200.32.1. This last sentence defines a "default" route (meaning if
> nothing else works, use this). Now if you think about it, you can't have
> two defaults in this scenario because you never NEED (much less 'see') the
> second default - because the "first" one says "use me!!!".
>
> >Any suggestions on how I should setup my routes?
>
> Loose the second default route - OR set it up so that the kernel knows
> where it _does_ lead to (which is obviously not "everywhere").
>
> There are circumstances where two (or more) default routes may need to
> exist. This is not one of those cases. For details on them, see the
> Adv-Routing-HOWTO which should be on your system.
>
> Above, I mentioned a "possible" problem. The DNS servers have to know about
> all hosts you intend to talk to that are NOT included in /etc/hosts (or an
> NIS file if using that). The kernel believes the first answer it receives
> from a name resolver - and that includes the NXDOMAIN (does not exist in
> _my_ records) response from DNS. Talk to your network administrator if
> there are hostnames on the 10.0.0.0/24 network that the 129.x.x.x servers
> don't know about. For what it's worth, we using internal name servers for
> internal hosts (servers not reachable from the world) and these know how
> to resolve external addresses as well. Internal hostnames are not visible
> outside.

You sir, are awesome. Your explanation was eloquent and descriptive
and I got the point immediately. I have also fixed the problem based
on your feedback. I now understand the meaning of a gateway in this
context. The 10.x.x.x gateway did not lead to the internet and
really, i had no use for it since all the hosts on that network are on
the same switch as eth1.

-Kevin

On Tue, 07 Aug 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <(E-Mail Removed) om>, kevincw01 wrote:

>(Moe Trin) wrote:

>> What you have done is mis-use the word "gateway". While the more simple
>> meaning of the word is "that host that leads elsewhere" - virtually all
>> Linux distributions (and the crappy "helper" tools provided by the
>> various distributions) make the _assumption_ that if you declare a
>> gateway, it MUST lead to the _world_ which is not always the case, and
>> pretty uncommon when there are multiple ways off of the local wire.

>You sir, are awesome. Your explanation was eloquent and descriptive
>and I got the point immediately. I have also fixed the problem based
>on your feedback. I now understand the meaning of a gateway in this
>context.

Glad to hear it! This problem is seen a few times a month, fostered by
the misunderstanding caused by the way windoze shows routing tables with
the 'route print' command (which shows a "gateway" for every route
including the loopback), and an overly helpful Linux routing setup that
accepts a second (or more) default route, and _replaces_ the function of
the existing route (under the impression that you changed your mind).

>The 10.x.x.x gateway did not lead to the internet and really, i had no
>use for it since all the hosts on that network are on the same switch
>as eth1.

Sounds like a helpful tool that was overly helpful. Glad it's working

Old guy

On Mon, 06 Aug 2007 22:04:38 -0000 kevincw01 <(E-Mail Removed)> wrote:
| On Aug 6, 2:16 pm, Robert Harris <robert.f.har...@blueyonder.co.uk>
| wrote:
|> kevincw01 wrote:
|> > I've got 2 NICs I'm not able to reach my dns servers on eth0 unless I
|> > disable eth1. Obviously, my routes are incorrect but my medeling with
|> > them has caused more problems than not. Here is my setup:
|>
|> > eth0
|> > ip 129.200.32.46
|> > subnet 255.255.255.192
|> > gateway 129.200.32.1
|> > dns 129.200.101.3
|> > dns 129.172.51.4
|>
|> > eth1
|> > ip 10.0.0.211
|> > subnet 255.255.255.0
|> > gateway 10.0.0.1
|> > no dns
|>
|> > I can ping hosts with 10.0.0.2xx IPs and hosts with 129.200.32.xxx IPs
|> > but I cannot ping the DNS server IPs. When I do it tells me its using
|> > the 10.0.0.211 interface(eth1). Any suggestions on how I should setup
|> > my routes?
|>
|> You have two gateways to the rest of the internet; you should only have one!
|>
|> Robert
|
| So, you're saying I should remove the gateway for eth1?

Out which interface do you want the packets destined for the internet to go?

--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2007-08-07-(E-Mail Removed) |
|------------------------------------/-------------------------------------|