[Shorewall-newbies] One range and 2 network adapters

Tom Eastep teastep at shorewall.net
Fri Feb 13 16:03:17 PST 2004


On Friday 13 February 2004 03:52 pm, Tom Eastep wrote:

> > >
> > > If I define my card  like follow :
> > >
> > > eth0: 192.1.1.98/27 gateway .97
> >
> > No -- 192.168.1.98/32 gateway .97 and add a host route to .97.
> >
> > > eth1: 192.1.1.99/27 gateway .98
>
> Also, no need to define a gateway on that interface. Hosts in your DMZ will
> use .99 as their gateway.
>

And finally -- you really only need one IP address (you can do this with 
Debian -- the GUI tools on your distro might pitch a fit if you tried to 
configure this through the GUI).

eth0: 192.1.1.98/32 gateway .97

eth1: 192.1.1.98/27

Here is a similar setup at work here at Shorewall net (slightly edited):

gateway:/etc/network# ip addr ls
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 1000
    link/ether 02:00:08:e3:fa:55 brd ff:ff:ff:ff:ff:ff
    inet 206.124.146.176/24 brd 206.124.146.255 scope global eth0
    inet 206.124.146.178/24 brd 206.124.146.255 scope global secondary eth0:0
    inet 206.124.146.180/24 brd 206.124.146.255 scope global secondary eth0:1
    inet 206.124.146.179/24 brd 206.124.146.255 scope global secondary eth0:2
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:a0:cc:d1:db:12 brd ff:ff:ff:ff:ff:ff
    inet 206.124.146.176/32 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 02:00:08:e3:4c:48 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.254/24 brd 192.168.1.255 scope global eth2
    inet 192.168.1.193/24 brd 192.168.1.255 scope global secondary eth2:0
5: eth3: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:08:c7:c0:e2:15 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.254/24 brd 192.168.3.255 scope global eth3
gateway:/etc/network#

Note that the IP address of eth1 is the same as one of the IP addresses of 
eth0. Here's the routing table:

gateway:/etc/network# ip route ls
206.124.146.177 dev eth1  scope link
192.168.3.0/24 dev eth3  proto kernel  scope link  src 192.168.3.254
192.168.1.0/24 dev eth2  proto kernel  scope link  src 192.168.1.254
206.124.146.0/24 dev eth0  proto kernel  scope link  src 206.124.146.176
default via 206.124.146.254 dev eth0
gateway:/etc/network#

The difference in mine is that the host route on the /32 interface (eth1) 
isn't the default route.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list