[lug] forcing certain services to use eth1 instead of eth0

Kevin Fenzi kevin at scrye.com
Tue Jan 3 17:14:24 MST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Michael" == Michael Belanger <mrb at ciclops.org> writes:

Michael> On Tuesday 03 January 2006 16:55, Nate Duehr wrote:
>> Hang on... seems like you're trying to get too fancy here.
>> 
>> I'm assuming that you've got two different IP addresses on eth0 and
>> eth1?
>> 
>> If so, then on the "inbound from clients" connection -- they're
>> connecting to the IP on eth1 -- nothing to set up there.  Your
>> router and/or switch should be ARP'ing for that IP and sending the
>> traffic to the physical port that answers the ARP request.
>> No-brainer.
>> 
>> On the "outbound toward client" side of the connection... your
>> daemon should be answering using the IP address (socket, really) it
>> received the connection on?  If so... it'd all be going out eth1
>> also.  If the application isn't doing that, something's not right.
>> 
>> So... I'm not sure why you'd need any firewall rules or anything
>> other than the correct IP's in everything, including the daemon
>> configurations for whatever is listening on your machine.  Traffic
>> to eth0's IP would use eth0... traffic to eth1's IP would use
>> eth1...???

that would be the case for local network traffic. 

However, the problem might well be the default route for outgoing
traffic. 

If both eth1 and eth0 are on the same network with the same subnet and
other settings (but diffrent ip's), the default route is going to use
one or the other of them. 

Either your default route is hard coded to use a particular interface,
or if you didn't specify then it will be whatever interface the kernel
saw the arp response from your gateway first. 

what does 'arp -an' show? 'route -n' ? 

>> Nate

Michael> I am all for making things simpler.  The eth1 is a seperate
Michael> IP but on the same network.  However, it is a new connection.
Michael> Perhaps I just need to clear the routing table?

Perhaps to avoid confusion you could subnet your internal network (if
you aren't using it all) or create a new vlan/diffrent network for the
other interface. 

kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQFDuxNj3imCezTjY0ERArTVAKCXlQ5JaCya/vvfpC5aj/bjHENwvQCeMm4O
fBfizkGu0rXnWc2DwoKvwGQ=
=TzUL
-----END PGP SIGNATURE-----

More information about the LUG mailing list