Azure – Multi-NIC Linux VM (ubuntu 16.04 LTS) in Azure and default gateway route

azureazure-networkingnic

Can some one please share steps on how to add default gateway address route permanently to the route table on Ubuntu 16.04 LTS on Azure for the secondary nic?

As you know Azure DHCP only populate the default gateway address for the primary nic.

so basically, in my route table I want to have eth0 –> default gateway address pointing to the subnet gateway address (xx.1) that it is attached to (this is all fine since it's handled by the azure because it's a primary nic) and for the secondary nic i.e. eth1 –> i have to add a manual default gateway address for the subnet that this nic is attached. hoping this is clear and makes sense

Here is the document that I'm referring that provides the background.

https://docs.microsoft.com/en-us/azure/virtual-machines/linux/multiple-nics#configure-guest-os-for-multiple-nics

Appreciate any help.

Best Answer

https://my.esecuredata.com/index.php?/knowledgebase/article/2/add-a-static-route-on-centos

ip route add ???.16.5.0/24 via ??.0.0.101 dev eth?

You MUST make sure that the IP address is the start of the CIDR address range you have been allocated, otherwise it will fail.

http://jodies.de/ipcalc

will help you find the CIDR start, of you only have one IP address and mask to go by.

Related Solutions

Firewall – Route Between Two Virtual Interfaces on one NIC Linux

Your configuration generally should work out of the box. Routing in principle is supported by Linux routing code and has nothing to do with Netfilter. "iptables" is userspace utility for configuration of kernel Netfilter framework, which do filtering and packet modification (mangling and address translation), but does not do any routing. So it is incorrect to say "I route using iptables".

Bridging is also different sort of things and isn't supposed to help you here. Bridging of aliased interfaces probably should make a loop and thus break networking in that ethernet segment.

You need routes on both sides, for example, ip route add 192.168.2.0/24 via 192.168.1.103 on hosts in 192.168.1.0/24 network and set up 192.168.2.1 as default gateway on hosts in 192.168.2.0/24 network.

If you have tightly set firewall on firewall box, you need to enable forwarding of traffic from eth1 to eth1:1 and back:

iptables -A FORWARD -i eth1 -o eth1:0 -j ACCEPT
iptables -A FORWARD -o eth1 -i eth1:0 -j ACCEPT

Or you might need only one first rule, if you alredy have configured stateful firewall with iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT or with -m state (obsolete).

Special iptables configuration is only needed if you want to masquerade that traffic, for hosts in 192.168.1.0/24 to not know that you are connecting from 192.168.2.0/24 network. Then you not need any additional routes on .1.0/24 side, but need NAT rule and forward enable rule:

iptables -t nat -A POSTROUTING -o eth1:1 -s 192.168.2.0/24 -o 192.168.1.0/24 -j SNAT --to-source 192.168.1.103
iptables -A FORWARD -i eth1 -o eth1:0 -j ACCEPT

Azure – Unable to connect to Azure SQL server through Point-to-Site VPN

The simplest solution to this is to use service endpoints. Have your users connect to teh VPN to route traffic through the virtual network, then turn on Service Endpoints on your SQL server to only allow traffic from that virtual network.

Best Answer

Related Solutions

Firewall – Route Between Two Virtual Interfaces on one NIC Linux

Azure – Unable to connect to Azure SQL server through Point-to-Site VPN

Related Topic