Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
I have a slackware12 box that I am trying to use as a NAT router. I've got my iptables and routes finished but I've run into a snag. Due to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2007
    Posts
    6

    2 NIC, same subnet how?


    I have a slackware12 box that I am trying to use as a NAT router. I've got my iptables and routes finished but I've run into a snag. Due to an existing topology both NIC's have to be on the same network/subnet. I've read somewhere that with 2 NIC's on the same subnt 1 NIC will respond for both(which I've tested and it does). How do I fix this?

    I Found that I can get the computer to forward packets fine if after a boot I log in and do:
    Code:
    #/bin/sh
    ifconfig eth1 down
    route del default
    route add default gw {ip of gateway} eth0
    ifconfig eth1 up
    Granted even after I do this the 1st NIC responds for both... but at least it routes.

    details:
    eth0: x.x.x.128 subnet: 255.255.255.0
    eth1: x.x.x.11 subnet: 255.255.255.0

    eth0 is on an IP that has internet access eth1 is NOT. there is a firewall blocking and granting internet based on IP address.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    First thing I would ask is what you plan to accomplish with this setup?
    Is there a real need to have both nics up and running at the same time?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Nov 2007
    Posts
    6
    What I am trying to accomplish is the have the box perform NAT and be a router to the internet. It already has two NIC in it so I didn't need to make a eth0:1.

    As I said the entire network does NOT have access to the internet, only select IPs do. (i did not set up or do not maintain this network) I want to setup the box to make it the gateway for other non-internet IPs to get access to the internet.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    2 NIC within the same subnet isn't going to work. It also sounds like you are trying to circumvent security that the network Admin has setup and this I will not help you do!

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #5
    Just Joined!
    Join Date
    Nov 2007
    Posts
    6
    No I am not trying to circumvent security on a network. I am in charge of IT for the company, however the "network admin" is not even employed here. We have a point to point T1 connection to another site which provides us internet and Wan capabilities. We have devices that need to once every 14 days hit a vendors website to validate the license of a software. I have 50ish computers that need this, I also only was given 8 internet IPs from the T1 provider. because he(the network admin) is a moron his solution is to every 14 days go to each of the 50 computer and change the IP to a valid internet IP update the software change it back, rinse repeat 50 times. This is NOT acceptable as it kills over 2 hours of my day.

    Also IP based access would be the lowest possible form of security. Anyone can defeat that with an off the shelf linksys (or whatever brand) device. As I said earlier I've already got the device to forward packets It just does it all on 1 card that gets 2 IPs. I wanted to know the kernel module or setting that would allow 2 nics on the same subnet. (it was changed in i believe 2.2.x and up.) As this would allow the card not to be a bottleneck in traffic.

  7. #6
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    Location
    the hills
    Posts
    1,134
    I'm afraid you are going to have to take all the boxes that
    will be getting their internet through this router and put them
    on their own subnet. I can't imagine another way.

  8. #7
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by kalmon View Post
    No I am not trying to circumvent security on a network. I am in charge of IT for the company, however the "network admin" is not even employed here. We have a point to point T1 connection to another site which provides us internet and Wan capabilities. We have devices that need to once every 14 days hit a vendors website to validate the license of a software. I have 50ish computers that need this, I also only was given 8 internet IPs from the T1 provider. because he(the network admin) is a moron his solution is to every 14 days go to each of the 50 computer and change the IP to a valid internet IP update the software change it back, rinse repeat 50 times. This is NOT acceptable as it kills over 2 hours of my day.
    OK then that is the first mistake not having control over you own network. Your Network Admin should be able to help you do what you are looking to do. If he cannot then their he doesn't know what he is doing or you are trying to do something that they (network admin) does not allow you to do. What you are trying to do is a 'no brainer'.

    Also IP based access would be the lowest possible form of security. Anyone can defeat that with an off the shelf linksys (or whatever brand) device. As I said earlier I've already got the device to forward packets It just does it all on 1 card that gets 2 IPs. I wanted to know the kernel module or setting that would allow 2 nics on the same subnet. (it was changed in i believe 2.2.x and up.) As this would allow the card not to be a bottleneck in traffic.
    Tell you what, for $150/hr I'll set you up. I have 10+ years in IT and Networking.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  9. #8
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,762
    I'd agree this is a bad design, but regardless of that, you already have your answer.

    Put the commands you run manually into a shell script and add it to the end of your init scripts:

    #/bin/sh
    ifconfig eth1 down
    route del default
    route add default gw {ip of gateway} eth0
    ifconfig eth1 up

    Problem solved.

  10. #9
    Just Joined!
    Join Date
    Nov 2007
    Posts
    6
    Quote Originally Posted by Lazydog View Post
    Tell you what, for $150/hr I'll set you up. I have 10+ years in IT and Networking.
    Well seeing as you are not even able to fix a problem that I have already solved, no thanks to you accusations of circumventing security. Maybe you could pay me $200 an hour to explain how I did it... Tool.

    By the way I have 12 years in Networking and IT. Three of those as the Network Administrator of the University of Detroit Mercy Dental School. Next time do some research before you say it cant be done and don't be afraid to say you don't know how to do something.

    later newb

    To HROAdmin, thank you for the help, I actually figured it out on Friday but helpful people like you are the reason these forums exist. I ended up doing somthing very similar to that but route del and route add for some reason didn't work as expected. I had to use "ip route add/del"
    ip route del x.x.x.x/24 dev eth0
    ip route add {ip of gateway} dev eth0

    I added this to my rc.local so that it runs after most of the init scripts

  11. #10
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by kalmon View Post
    Well seeing as you are not even able to fix a problem that I have already solved, no thanks to you accusations of circumventing security.
    Never said I could not fix it. In fact I offered to set things up. This is a very simple thing to do and not like you are doing it now.

    Maybe you could pay me $200 an hour to explain how I did it... Tool.
    No thanks! Sounds what you did isn't the proper/best way of doing thing but because you get what you want you believe it is correct.

    By the way I have 12 years in Networking and IT. Three of those as the Network Administrator of the University of Detroit Mercy Dental School. Next time do some research before you say it cant be done and don't be afraid to say you don't know how to do something.
    And this should impress me how? Three years Network Admin. Hmm and what does this Network Admin mean? Server setup? Router/Switch setup? Wishfull thinking?

    later newb
    Dream on, just don't wonder what happens when reallity sets in.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •