My ISP has given me a 187.x.x.224/29 subnet. The gateway is 187.x.x.225 I have a Ubuntu server with 6 ethernet ports. The server does NAT routing and also acts as a webserver. My plan is to have eth1 and eth2 have seperate WAN ips: 187.x.x.226 and 187.x.x.227 respectively. I want the NAT trafffic to pass through 187.x.x.226 and the webserver and other local apps should listen on 187.x.x.227. But the gateway for both will be the same which is 187.x.x.225. eth0, eth3 and eth4 face 3 different NAT networks. The NAT works fine as of now, but traffic from NAT network and webserver traffic is forwarded only via eth1. So my question is how can I set route and defualt gateway so as to route webserver traffic through eth2.
EDIT 1: I do heavy traffic shaping on eth1, which acts as a uplink for the NAT networks. I don't want the webserver to be affected by it. My users do heavy bittorrent downloading, and always visit dodgy sites. As the eth1 ip has a domain associated with it, I find it very risky. I am planning to move the domain attached ip to eth2 and to give a anonymous ip to eth1 (WAN link for NAT network). The solution I am looking for is, if a reqest for webserver comes through eth2, the reply should go out of the same interface.
Best Answer
As mentioned before, the only way you're really going to be able to accomplish what you're trying to do is by using policy routing - it will allow you to set up multiple routing tables. Without "virtualizing" the routing table, per se, you're not going to be able to really get the desired outcome as you can't really have two NICs with IPs on the same subnet inside of the same routing table. You can only have one active default gateway in a routing table at a time and it will always try to egress out the interface specified in that.
It's going to require that your linux kernel supports policy routing. You'll also need the iproute2 utilities (likely either included in your distro or installed via package management).
Here are a few decent references I found:
How to automate all of the on startup depends on the linux distro being used.
Full disclosure - I ripped most of this from the first link I posted. I tested it out a bit in a VM and it seemed to work but your mileage may vary, especially since you're already doing NAT and traffic shaping.
If you've got the iproute2 utilities on your system, you can go about setting up the new routing table. In /etc/iproute2/rt_tables you'd add something similar to the following line:
This effectively creates a new routing table named "servers" (for this example, at least). To set up your routing table, you'll need to define the local subnet route and your default route.
It should be set up but you'll need to add it to the policy routing using the ip rule command:
Once you've done all this you should be able to execute ip rule show and see the policy routing rule sets above the default routing table rules. You can then execute ip rule flush cache to ensure the changes are committed.