network brain bender

Michael Torrie torriem at gmail.com
Fri Nov 7 11:18:16 MST 2008


Stuart Jansen wrote:
> I would like to setup a server with two NICs plugged into two seperate
> networks that use the same addresses. The server should be able to
> respond to ICMP, DNS, NFS, HTTP & FTP. At first this would seem
> ridiculous and impossible, but a little experimenting suggests it
> _might_ be possible.

This is very possible.  The only thing that presents a problem is
routing.  In fact this is entirely a routing issue.  Basically you want
to make sure replies from a particular interface are sent back out the
interface, right?

I have a similar situation where I have a server that sits on both a
private and public network.  The problem is that if I want to talk to,
say www.byu.edu, there are now two routes to it, but the default route
always favored one interface, which I chose to be the private 10. one.

So if you were on some BYU host, say 128.187.d.e, and you tried to ping
the server's private address of 10.x.y.z, inbound packets would go in
the 10. interface, but out 128.187. interface, leading to 100% loss.  So
here's the solution I did, which may provide _part_ of your answer,
except that in my case, my interfaces had different ip addresses.  I
think the rules could still be adapted, since they are based on
device/address tuples.

ip route add 128.187.a.0/24 dev eth0 src 128.187.a.b table PUBLIC
ip route add default via 128.187.a.1 table PUBLIC
ip route add 10.x.y.0/25 dev eth1 src 10.x.y.z table PRIVATE
ip route add default via 10.x.y.1 table PRIVATE

ip rule add from 128.187.a.b table PUBLIC
ip rule add from 10.x.y.z table PRIVATE

ip route flush cache

This will ensure that replies to packets coming in an interface go out
that interface, regardless of the default route.

Note that my use of "PUBLIC" and "PRIVATE" is entirely arbitrary.  On my
RHEL machine, these are defined in /etc/iproute2/rt_tables.  Here's what
mine looks like:

#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#

4       PUBLIC
6       PRIVATE






More information about the PLUG mailing list