Simple (?) routing question

Discussion in 'Linux Networking' started by Dario, Nov 23, 2004.

  1. Dario

    Dario Guest

    Hi Community,
    I setup a Debian Gnu/Linux box as a firewall with a public IP address
    on the eth0 and a private IP address on the eth1 just for local
    access/administration: 10.0.0.1/8.
    I tried to access the box remotely on the eth0 (public IP) with a not
    'natted' private address 10.174.190.0/24 from our NOC network (and
    keep staying inside of our AS). IPTables rules were ok, but since the
    box had an interface (eth1) directely connected with ip address
    10.0.0.1/8, it tried to respond with the eth1 to traffic coming in on
    the eth0 as 10.174.190.0.
    I believed that the default 'public' route was a more important
    information, but that's not the case.
    Is this a general/elementary routing issue, or is the Gnu/Linux box
    that behaves this way?

    Thanks a lot in advance for you comments


    Dario
     
    Dario, Nov 23, 2004
    #1
    1. Advertisements

  2. Dario

    Mike Jagdis Guest

    That's correct. Routing prefers the longest match. If 10/8 is
    routed to eth1 then that is where it goes - not via the 0/0
    (aka default) rule to eth0. That's kinda fundamental to IP...

    If you _want_ 10.174.90.0 on the public side (cable/ADSL/WiFi
    router?) you either need to add a more specific route to eth0
    (e.g. "iproute add 10.174/16 dev eth0") or use a subnet on
    eth1 that doesn't include the 10.174.90.0 space you need
    (e.g. 10.0/16)

    Mike
     
    Mike Jagdis, Nov 23, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.