Find the answer to your Linux question:
Results 1 to 6 of 6
Hello all! we have a problem regarding to multi nic environment. Our Linux box (CentOS 6.3) works as an application server and on this machine 6 NIC's are active. In ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2012
    Posts
    2

    DMZ - Multi NIC environment / IP rule problem


    Hello all!

    we have a problem regarding to multi nic environment.

    Our Linux box (CentOS 6.3) works as an application server and on this machine 6 NIC's are active.

    In all NIC's there are min. 1 IP set.

    All setted IP's are real IP's (Public Domain Network IP's) and are part of the DMZ.

    To avoid asynchroning networking, the necessary arp_ignore and arp_announce parameters are set.

    After setting the arp_ignore and arp_announce parameters, requests to the server are caught by the related NIC port (this is what we want) but the replay is made by another port (eth0, not acceptable for us).

    Writing routes was helpful for us but does fits only for the subnet, outside of the subnet (or internet) the server gets the request but does not answer for it.

    We have setted following routes:

    ip route add xxx.xxx.237.128/26 dev eth5 src xxx.xxx.237.167 table gw_eth5
    ip route add default via xxx.xxx.237.167 table gw_eth5
    ip rule add from xxx.xxx.237.167 table gw_eth5

    ip route add xxx.xxx.237.128/26 dev eth4 src xxx.xxx.237.166 table gw_eth4
    ip route add default via xxx.xxx.237.166 table gw_eth4
    ip rule add from xxx.xxx.237.166 table gw_eth4

    But how to set the rules for 0.0.0.0/0 to have correct response from related NIC of request from the internet?

    Many thanks for any hints in advance.

    Ali
    Last edited by exSTUDENT; 12-27-2012 at 04:12 PM.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    If I am understanding you correctly, you have a machine with 6 NIC's. All are part of the DMZ and have individual ip addresses. Is this correct so far?
    Why not bond all the NIC's together and use one IP Address for them? Problem solved.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Dec 2012
    Posts
    2
    Hello Lazydog,

    All are part of the DMZ and have individual ip adresses, correct.

    In our case, we have to operate with the individual ip adresses therefor bonding is not a solution for us.

    A proper route entry would solve our problem but I have no skill in network issues. Can you assist me?

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    What does your routing table look like now?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  5. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    Might find what you are looking for here too;

    Routing for multiple uplinks/providers

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #6
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,221
    I believe, Lazydog is right.
    What is missing in your setup is a line like this, but for all six interfaces.
    Code:
    ip route add default scope global nexthop via $P1 dev $IF1 weight 1 nexthop via $P2 dev $IF2 weight 1
    You probably want to to this via out-of-band-management or on a local console
    You must always face the curtain with a bow.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •