I a ubuntu installation which has two nic,
NIC 1 -> Public facing with public ip, 74...*
NIC 2 -> Internal facing with internal ip 192.168.3.1
What i am trying to get out of it is
NIC 1 will be listening on port 80 and 443 and respond back
But this machine can't do any out going communication through NIC 1, it is not allowed through firewall and no gateway defined for NIC 1
All out going communication go through NIC 2's gateway.
So below is what i have configured
NIC 1
Ip 74.XXXXX
Mask 255.255.255.XXX
NIC 2
IP 192.168.3.2
MASK 255.255.255.0
Gateway 192.168.3.1
Now i either do not understand correctly how to do what i want to do, or it is implemented incorrectly in linux.
Do you see anything wrong with this setup?
Also in box i do not have configured anything else other than /etc/network/interfaces file.
Also forgot to mention what is the problem i see,
problem is everything seem to work but public ip is accessible only from outside router only, mean i have 74.1.1.1 ip for this box then all devices connected to that router in that subnet can access that public ip, out side of that router it's not responding.
I do not have list of ip handly so mentioned ips are from my random thought but subnet and first part is correct.
ip route
74.XXX.XXX.216/29 dev eth1 proto kernel scope link src 74.XXX.XXX.221
10.2.0.0/16 dev eth0 proto kernel scope link src 10.2.182.121
default via 10.2.182.12 dev eth0 metric 100
/etc/network/interfaces
auto eth0
iface eth0 inet static
address 10.2.182.121
netmask 255.255.0.0
gateway 10.2.182.12
auto eth1
iface eth1 inet static
address 74.XXX.XXX.221
netmask 255.255.255.248
gateway 74.XXX.XXX.217
Best Answer
You don't apply a gateway to an interface as such - you apply a gateway to a routing instance - generally, unless you've defined multiple routing tables, just one.
Assuming there is actually a gateway on each network, and you are just trying to define a specific behaviour (regular host traffic going out the private network, but public facing traffic sending it's return traffic to the gateway it came in on) - you need some kind of policy routing based on source address.
What's probably happening right now is traffic is coming in on the correct interface, and then, if it's a non-local address, it's going out the default route to another gateway, which is probably a firewall that's dropping the packets because it's not seeing the other half of the session. The reason it works from other devices on the same public network you are using is because they don't have to go out the default route - they have a more specific interface route to use, which gets the return traffic to where it needs to be correctly.
In linux, you should be able to handle this by creating a second routing table that specifies the gateway on the public network side, whatever it is, and then a policy routing entry that says that anything with a source address of should use that routing table rather than the system default one.
You do not want the two default gateways you have specified now - that's going to create strange behaviour - drop the public one from the configuration. It should go in it's own routing table via the iproute2 mechanism.
Google for "iproute2 policy routing" and look for "simple source routing" or somethign similar - it should get you where you want to go.