Linux (Ubuntu 12.04) two gateways one nic

gatewaylinuxlinux-networkingnetworkingUbuntu

I have Ubuntu 12.04 Server edition

Two gateways, both on 192.168.0. network, let's make them 192.168.0.1 and 192.168.0.2

I've read you should be able to add second gateway into /etc/network/interfaces, that it will build out all the routing automatically, but I get "duplicate option" error.

So if I have one default gateway, let's say 0.1, and a connection comes through from the 0.2 gateway, my understanding is that it still tries to respond through 0.1 gateway.

Can we change this behavior?

Best Answer

You need a way to distinguish which gateway the packet came in on in order to route the response out the correct gateway. This is usually done by having multiple IP addresses on the host, and using source policy routing to select the gateway based on the source address of the response packets. I'm assuming that the gateways are independent Internet connections, and that incoming connections are being DNATed (or port forwarded) by the gateways. You need to bind additional IP addresses to the machine and configure the gateways to DNAT to different addresses, so that the machine can tell the difference.

Related Solutions

Linux – Force Local IP Traffic to an External Interface

I expanded on caladona's answer since I could not see response packets. For this example:

On my local PC I have NIC's on different subnets, 192.168.1/24, 192.168.2/24
There is an external router/PC that has access to both subnets.
I want to send bi-directional traffic over the NICs on the local PC.
The configuration requires two unused IP addresses for each subnet.

Local PC iptable routes are set to SNAT and DNAT outgoing traffic to the 'fake' IP.

iptables -t nat -A POSTROUTING -d 192.168.1.100 -s 192.168.2.0/24 -j SNAT --to-source      192.168.2.100
iptables -t nat -A PREROUTING  -d 192.168.1.100 -i eth0           -j DNAT --to-destination 192.168.1.1
iptables -t nat -A POSTROUTING -d 192.168.2.100 -s 192.168.1.0/24 -j SNAT --to-source      192.168.1.100
iptables -t nat -A PREROUTING  -d 192.168.2.100 -i eth1           -j DNAT --to-destination 192.168.2.1

The rules do the following:

Rewrite 192.168.2.1 source to 192.168.2.100 on outgoing packets
Rewrite 192.168.1.100 destination to 192.168.1.1 on incoming packets
Rewrite 192.168.1.1 source to 192.168.1.100 on outgoing packets
Rewrite 192.168.2.100 destination to 192.168.2.1 on incoming packets

To summarize, the local system now can talk to a 'virtual' machine with addresses 192.168.1.100 and 192.168.2.100.

Next you have to force your local PC to use the external router to reach your fake IP. You do this by creating a direct route to the IP's through via the router. You want to make sure that you force the packets onto the opposite of the destination subnet.

ip route 192.168.1.100 via $ROUTER_2_SUBNET_IP 
ip route 192.168.2.100 via $ROUTER_1_SUBNET_IP

Finally to make this all work, the external router needs to know how to reach the faked IPs on your local PC. You can do thins by turning on proxy ARPs on for your system.

echo 1 | sudo tee /proc/sys/net/ipv4/conf/all/proxy_arp
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

With this setup, you can now treat the fake IPs as a real system on your local PC. Sending data to .1 subnet will force packets out the .2 interface. Sending data to the .2 subnet will force packets out the .1 interface.

ping 192.168.1.100
ping 192.168.2.100

Linux – Two NICs, one with static ip and one DHCP. IP Policy routing

Are you sure to plug the right cable? looks like that you plug the cable of the 192.168.0.x lan to eth1 not to eth0.

if it's not, have you tried to unplug BOTH cable and tries to ping with only one cable plugged? Like:

Unplug both
Plug the 3G cable to eth0 and ping 192.168.0.254
Unplug it again
Plug the lan cable to eth1
run: ifconfig eth1 down
run: ifconfig eth1 up
run: ifconfig eth1 and look the ip

BTW, CHANGE ONE LAN SETTINGS! If you can't change the eth1 lan configuretion, change the eth0 with 3G router, from 192.168.0.x to 192.168.1.x (to all computer in that lan) or you'll have ALWAYS TROUBLES with same ip lan.

Best Answer

Related Solutions

Linux – Force Local IP Traffic to an External Interface

Linux – Two NICs, one with static ip and one DHCP. IP Policy routing

Related Topic