Simple (?) routing question

Discussion in 'Linux Networking' started by Dario, Nov 23, 2004.

  1. Dario

    Dario Guest

    Hi Community,
    I setup a Debian Gnu/Linux box as a firewall with a public IP address
    on the eth0 and a private IP address on the eth1 just for local
    I tried to access the box remotely on the eth0 (public IP) with a not
    'natted' private address from our NOC network (and
    keep staying inside of our AS). IPTables rules were ok, but since the
    box had an interface (eth1) directely connected with ip address, it tried to respond with the eth1 to traffic coming in on
    the eth0 as
    I believed that the default 'public' route was a more important
    information, but that's not the case.
    Is this a general/elementary routing issue, or is the Gnu/Linux box
    that behaves this way?

    Thanks a lot in advance for you comments

    Dario, Nov 23, 2004
    1. Advertisements

  2. Dario

    Mike Jagdis Guest

    That's correct. Routing prefers the longest match. If 10/8 is
    routed to eth1 then that is where it goes - not via the 0/0
    (aka default) rule to eth0. That's kinda fundamental to IP...

    If you _want_ on the public side (cable/ADSL/WiFi
    router?) you either need to add a more specific route to eth0
    (e.g. "iproute add 10.174/16 dev eth0") or use a subnet on
    eth1 that doesn't include the space you need
    (e.g. 10.0/16)

    Mike Jagdis, Nov 23, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.