Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 19
Hello, I have 2 network interfaces with internet connectivity (public ips - although i'm considering having home routers set as to not expose the server directly). For the 2 interfaces ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2009
    Posts
    8

    routing on 2 network interfaces


    Hello,

    I have 2 network interfaces with internet connectivity (public ips - although i'm considering having home routers set as to not expose the server directly).

    For the 2 interfaces I have (eth0, eth1) I want to setup apache to listen and route connections on eth0 interface, and the ftp daemon to listen and route connections through eth1 interface.

    I know it's possible to bind the actual server on a specific interface, but I wonder how can this be done at the network setup level (since it would mean to have separate default routes). Is this possible ? Is it a special case of load balancing ? How do I go about setting this up (pointers to reading material is also appreciated).

  2. #2
    Just Joined!
    Join Date
    Apr 2009
    Posts
    90
    Well, just set the prospective applications to only listen on the IP addresses to which the individual eth interfaces are bound.

    if eth0 is 10.1.1.1, set apache to only listen on 10.1.1.1
    if eth1 is 10.1.1.2, set your ftp server to listen on 10.1.1.2

    I think?

  3. #3
    Linux Newbie Ziplock's Avatar
    Join Date
    Jan 2009
    Location
    Adelaide
    Posts
    169
    Hi there,

    In apache the following should bind the server to the appropriate interface:

    Code:
    Listen 192.0.2.1:80
    Obviously, replace the IP address and port appropriately.

    For the FTP server, I am going to assume vsftpd, the following line in /etc/vsftpd/vsftpd.conf should set the interface:

    Code:
    listen_address=192.168.2.2
    Configuration options for apache are here: Apache HTTP Server Version 2.2 Documentation - Apache HTTP Server

    I found the information for vsftpd by searching for 'vsftpd.conf'

    Hope this helps.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Apr 2009
    Posts
    8
    Thank you for the information guys. I admit I haven't gotten to test this yet since I don't have the shell available from this location but I'll get back with info regarding your tips asap.

    What I was wondering though is if this setup works both ways. Suppose I have this setup:
    - eth0 configured as 192.168.1.0/24 network
    - eth1 configured as 192.168.2.0/24 network
    I'm using default gateway as 192.168.1.1 (eth0)

    If I bind apache to listen on 192.168.2.1 (eth1), wouldn't a request received on this interface be routed back through the default gateway 192.168.1.1, so back on the eth0 interface.

    I'm beginning to guess i need to work on the routing tables to have this setup working

  6. #5
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    If I bind apache to listen on 192.168.2.1 (eth1), wouldn't a request received on this interface be routed back through the default gateway 192.168.1.1, so back on the eth0 interface.
    I don't believe so. I think that the default gateway is used when packets can't be directly routed to the correct network. So if an http(s) request comes from a client on the 192.168.2.0/24 network the reply will return to the client via the appropriate interface in this case eth1.

    If the request arrived from an unknown network 192.168.1.3.0/24 for example I think that the response would then go through the default gateway ( 192.168.1.1 ) and "get lost".

    I'm sure that if this is wrong I'll be corrected PDQ
    RHCE #100-015-395
    Please don't PM me with questions as no reply may offend, that's what the forums are for.

  7. #6
    Just Joined!
    Join Date
    Apr 2009
    Posts
    90
    Firstly, if you are configuring eth1 as 192.168.2.0, then any request to 192.168.2.1 will be ignored -as there is no such IP address.

    The gateway will simply see your two IP addresses 1.0 and 2.0 as two different hosts essentially, as I assume both of them connect via a seperate cat5 cable to the gateway/router, and it will forward the appropriate information along the appropriate cable.

  8. #7
    Just Joined!
    Join Date
    Apr 2009
    Posts
    8
    Quote Originally Posted by matonb View Post
    I don't believe so. I think that the default gateway is used when packets can't be directly routed to the correct network. So if an http(s) request comes from a client on the 192.168.2.0/24 network the reply will return to the client via the appropriate interface in this case eth1.
    Yes, I think you have a point matonb - the default route should take care of the packets that specify a destination not known in the routing table.

    Quote Originally Posted by Touchtecservers View Post
    Firstly, if you are configuring eth1 as 192.168.2.0, then any request to 192.168.2.1 will be ignored -as there is no such IP address.

    The gateway will simply see your two IP addresses 1.0 and 2.0 as two different hosts essentially, as I assume both of them connect via a seperate cat5 cable to the gateway/router, and it will forward the appropriate information along the appropriate cable.
    I'm planning to configure eth1 as 192.168.2.2 (192.168.2.0 being the network address, I didn't specify this in my post above) and the two interfaces will connect 2 distinct internet connections through separate cable and separate routers.

    What I was wondering about was the outbound connection that as I understood gets routed according to the specified routing table and so, in my example I thought replies might go through the default route.

  9. #8
    Linux Enthusiast
    Join Date
    Aug 2006
    Location
    Portsmouth, UK
    Posts
    539
    What I was wondering about was the outbound connection that as I understood gets routed according to the specified routing table and so, in my example I thought replies might go through the default route.
    Well your http server (I assume that's what we're still talking about) shouldn't be making any outbound connections, just replying to connections made from clients.

    As per the previous posts, aslong as the request comes in on eth1 ( 192.168.2.0/24 ) the reply will go back out on that interface.

    If the host computer makes an outbound request i.e. you want to do a yum update or what ever then the outbound packet will uses the default gw ( unless you've got a local repository )

    I think the key here is that the http server is replying, not initiating.

    And I'm not going to bother with Touchtecservers comments on the never mentioned .0 ip address
    RHCE #100-015-395
    Please don't PM me with questions as no reply may offend, that's what the forums are for.

  10. #9
    Just Joined!
    Join Date
    Apr 2009
    Posts
    8
    Thank you guys for your replies

    The setup appears to be working, it seems ifconfig also adds the routes to the routing table, so I didn't have to worry about that.

    However I've noticed a problem: This only works when connecting the interfaces directly (and assigning public IP addresses to them). When behind a router (and forward relevant ports through NAT) I cannot connect to the servers anymore.

    So far I've tried connecting to apache and it didn't work, however connecting to local private addresses worked, so I'm guessing this to be a router NAT problem (it's a home router) ?

  11. #10
    Just Joined!
    Join Date
    Apr 2009
    Posts
    14
    Quote Originally Posted by xandrei View Post
    So far I've tried connecting to apache and it didn't work, however connecting to local private addresses worked, so I'm guessing this to be a router NAT problem (it's a home router) ?
    I think yes, since if something works when connecting from network A, but not network B, it's certainly a routing problem Currently I'm having exactly the same problem as You, the firewall doesn't DNAT anything to local network. I can advise You to try to connect to Your router on forwarded port somewhere from the Internet and then check apache logs or iftop to look for connections from the external IP. If You can find it, I think the problem might lie in connection tracking.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •