Multi-NIC Issues

[Sparksis]

I'm sorry I haven't really searched for it, so links are ok.

I have no idea what I should search for.

---

I have a server that is mostly headless running with a public facing dedicated IP. I decided I wanted to transfer files between it and my local home network more quickly so I purchased a second NIC to connect to my home switch.

Upon dhcp connection ssh fail's (STALLS?)

From remote machine(with eth0 up)

Code:

# ifconfig eth1 up
# dhclient eth1
#

Beyond getting the prompt I can no longer connect to the remote computer via my public IP.

My iptables has exceptionally permisive at this point and has no interface usage.

I was under the impression that if a OpenSSHD was listening on the wild card it could listen to all Interfaces (Am I wrong?)
sshd is the only program that switches bindings.

So how can I have it listen to both NICs?

Also I want to know how force eth0 to be my primary connection and eth1 to connect only to its local subnet (Do I just use iptables I what does gnome network manager do when you click the check-box "Use connection for local access only")

Sorry My questions are jumbled I'm really confused

[Lazydog]

Post the output from the following commands;

Code:

ifconfig
route -n

[Sparksis]

ifconfig

Code:

eth0      Link encap:Ethernet  HWaddr 00:1C:25:3F:52:22  
          inet addr:174.0.131.xx  Bcast:255.255.255.255  Mask:255.255.252.0
          UP BROADCAST RUNNING MULTICAST  MTU:576  Metric:1
          RX packets:8651958 errors:0 dropped:562 overruns:0 frame:562
          TX packets:2368491 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2793546271 (2664.1 Mb)  TX bytes:164478767 (156.8 Mb)
          Interrupt:19 

eth1      Link encap:Ethernet  HWaddr 00:25:86:BD:53:12  
          inet addr:172.16.0.1  Bcast:172.16.0.15  Mask:255.255.255.240
          inet6 addr: fe80::225:86ff:febd:5312/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:267 errors:0 dropped:0 overruns:0 frame:0
          TX packets:226 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:31850 (31.1 Kb)  TX bytes:46440 (45.3 Kb)
          Interrupt:21 Base address:0xe000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:482 errors:0 dropped:0 overruns:0 frame:0
          TX packets:482 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:36535 (35.6 Kb)  TX bytes:36535 (35.6 Kb)

route -n

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.0.0      0.0.0.0         255.255.255.240 U     0      0        0 eth1
174.0.128.0     0.0.0.0         255.255.252.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         172.16.0.14     0.0.0.0         UG    0      0        0 eth1
0.0.0.0         174.0.128.1     0.0.0.0         UG    0      0        0 eth0

netstat -lnt

Code:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2902/sshd           
tcp        0      0 :::8080                 :::*                    LISTEN      3571/java           
tcp        0      0 :::22                   :::*                    LISTEN      2902/sshd

iptables -L -n

Code:

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW,ESTABLISHED tcp dpt:8080 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[Lazydog]

First thing I would say is to configure this headless box with static ip addresses. Turn off ipv6 if you are not using it.

Don't understand why you have 2 default routes in your routing table. There should only be one and that pointing to the internet.

Check your ssh configs to see how they are setup and ensure that it is not locked down to listen on one interface (which it really shouldn't be).

Setup a firewall to block everything and then open what you want to allow through. Make sure you have a established, related line in your output rules also.

Looking at what you posted ssh doesn't seem to be setup as a stateful rule which it should be. Post the iptables file so we can see raw rules and not just what iptables -ln prints.

[Sparksis]

I spent a few hours googling it. I when it clicked I had to static roughts to the internet. All my packets where getting lost.

As for static IPs this would work, however I cannot do that with my current ISP. And it required more work.

[Lazydog]

What does your setup look like now?

<internet><firewall><server><lan>?

[sitting_duck]

That's my life you messing with!
Why are you trying to manipulate my system? Have I done something to upset the delicate balance of "tech world" that has promted such interest and such an personal assault? WTF u guys?