2 NICs, 1 server - Networking

This is a discussion on 2 NICs, 1 server - Networking ; Hi, I have a situation where I have one NIC connected to a switch on a server, and two internet connections on the switch, before I continue, I don't need channel bonding and I don't need load balencing because that's ...

+ Reply to Thread
Results 1 to 13 of 13

Thread: 2 NICs, 1 server

  1. 2 NICs, 1 server

    Hi,

    I have a situation where I have one NIC connected to a switch on a server,
    and two internet connections on the switch, before I continue, I don't need
    channel bonding and I don't need load balencing because that's not what I
    need nor want.

    Here's my physical configuration (Best viewed in monospace font):

    ---[ISP 1]
    |
    [NAT]
    |
    -------[SWITCH] (note: Both NAT routers are on the same subnet)
    |
    [NAT]
    |
    ---[ISP 2]

    The server is only able to route out one connection or the other at the
    moment. Basically what I want is for the server to be able to route out the
    connection it came in on. I wish for this to have the least impacting
    solution on the system.

    Thank you,

    --
    --Krad Xeron

  2. Re: 2 NICs, 1 server

    On Dec 20, 12:21 am, Kradorex Xeron wrote:
    > Hi,
    >
    > I have a situation where I have one NIC connected to a switch on a server,
    > and two internet connections on the switch, before I continue, I don't need
    > channel bonding and I don't need load balencing because that's not what I
    > need nor want.
    >
    > Here's my physical configuration (Best viewed in monospace font):
    >
    > ---[ISP 1]
    > |
    > [NAT]
    > |
    > -------[SWITCH] (note: Both NAT routers are on the same subnet)
    > |
    > [NAT]
    > |
    > ---[ISP 2]
    >
    > The server is only able to route out one connection or the other at the
    > moment. Basically what I want is for the server to be able to route out the
    > connection it came in on. I wish for this to have the least impacting
    > solution on the system.


    Why doesn't this happen automatically? If the server receives a
    request from a client on connection 1, the NAT for connection 1 should
    make the connection appear to have come from that NAT machine. Since
    both NAT routers are on the same subnet, the server should send the
    packets directly to that NAT machine, which should send them out
    connection 1.

    The same argument goes for connection 2.

    If I understand your situation correctly, the problem is not in the
    server but in the NAT setups. The server will always send the reply to
    the NAT that it got the query from, no?

    DS

  3. Re: 2 NICs, 1 server

    On Thu, 20 Dec 2007 12:55:00 -0800 (PST), David Schwartz
    wrote:

    >On Dec 20, 12:21 am, Kradorex Xeron wrote:
    >> Hi,
    >>
    >> I have a situation where I have one NIC connected to a switch on a server,
    >> and two internet connections on the switch, before I continue, I don't need
    >> channel bonding and I don't need load balencing because that's not what I
    >> need nor want.
    >>
    >> Here's my physical configuration (Best viewed in monospace font):
    >>
    >> ---[ISP 1]
    >> |
    >> [NAT]
    >> |
    >> -------[SWITCH] (note: Both NAT routers are on the same subnet)
    >> |
    >> [NAT]
    >> |
    >> ---[ISP 2]
    >>
    >> The server is only able to route out one connection or the other at the
    >> moment. Basically what I want is for the server to be able to route out the
    >> connection it came in on. I wish for this to have the least impacting
    >> solution on the system.

    >
    >Why doesn't this happen automatically? If the server receives a
    >request from a client on connection 1, the NAT for connection 1 should
    >make the connection appear to have come from that NAT machine. Since
    >both NAT routers are on the same subnet, the server should send the
    >packets directly to that NAT machine, which should send them out
    >connection 1.
    >
    >The same argument goes for connection 2.
    >
    >If I understand your situation correctly, the problem is not in the
    >server but in the NAT setups. The server will always send the reply to
    >the NAT that it got the query from, no?
    >
    >DS


    That's fine for externally initiated connections, but your answer does
    not address connections initiated by the server. There, the default
    gw will determine which connection is used.

    From the OP's posting, it is not clear What Bad Thing Is Happening...
    --
    buck

  4. Re: 2 NICs, 1 server

    On Dec 20, 7:01 pm, buck wrote:

    > That's fine for externally initiated connections, but your answer does
    > not address connections initiated by the server. There, the default
    > gw will determine which connection is used.


    The OP asks to "route out the connection it came in on". That doesn't
    sound like a question about connections initiated by the server.
    (Though it might be, it's hard to tell.)

    > From the OP's posting, it is not clear What Bad Thing Is Happening...


    Right.

    DS

  5. Re: 2 NICs, 1 server

    David Schwartz wrote in
    <70c36de9-2bdf-4576-9d98-8f53e1a5c6ab@t1g2000pra.googlegroups.com>:

    > On Dec 20, 7:01 pm, buck wrote:
    >
    >> That's fine for externally initiated connections, but your answer does
    >> not address connections initiated by the server. There, the default
    >> gw will determine which connection is used.

    >
    > The OP asks to "route out the connection it came in on". That doesn't
    > sound like a question about connections initiated by the server.
    > (Though it might be, it's hard to tell.)
    >
    >> From the OP's posting, it is not clear What Bad Thing Is Happening...

    >
    > Right.
    >
    > DS


    Sorry I was unclear on that item, it is regarding the externally-initated
    connections. (i.e. someone accesses a service on conn 2, it should reply
    via conn 2, not conn 1)

    --
    --Krad Xeron

  6. Re: 2 NICs, 1 server

    buck a écrit :
    > On Thu, 20 Dec 2007 12:55:00 -0800 (PST), David Schwartz
    > wrote:
    >
    >>On Dec 20, 12:21 am, Kradorex Xeron wrote:
    >>>
    >>>Basically what I want is for the server to be able to route out the
    >>>connection it came in on.

    >>
    >>Why doesn't this happen automatically? If the server receives a
    >>request from a client on connection 1, the NAT for connection 1 should
    >>make the connection appear to have come from that NAT machine.


    To my understanding the masqueraded one is the server, not the clients.

    > That's fine for externally initiated connections


    Not so fine IMO : it would hide the real source address from the server,
    which is not very convenient for logging, access control or accounting.

  7. Re: 2 NICs, 1 server

    On Thu, 20 Dec 2007 22:34:26 -0500, Kradorex Xeron wrote:

    > Sorry I was unclear on that item, it is regarding the externally-initated
    > connections. (i.e. someone accesses a service on conn 2, it should reply
    > via conn 2, not conn 1)


    4.2.1. Split access
    http://lartc.org/howto/lartc.rpdb.multiple-links.html



    --


    --
    Posted via a free Usenet account from http://www.teranews.com


  8. Re: 2 NICs, 1 server

    Snowbat wrote in :

    > On Thu, 20 Dec 2007 22:34:26 -0500, Kradorex Xeron wrote:
    >
    >> Sorry I was unclear on that item, it is regarding the externally-initated
    >> connections. (i.e. someone accesses a service on conn 2, it should reply
    >> via conn 2, not conn 1)

    >
    > 4.2.1. Split access
    > http://lartc.org/howto/lartc.rpdb.multiple-links.html
    >
    >
    >


    Unfortunately that howto doesn't cover my configuration, the routers
    themselves are not Linux, and they are seperate units (as in the diagram,
    marked as "NAT"). I was hoping I can do something at the server itself.

    My apologies, the subject line was in error (and confusing), there are 2
    routers, not NICs, once again, my sincerest apologies to everyone
    --
    --Krad Xeron

  9. Re: 2 NICs, 1 server

    On Dec 20, 7:34 pm, Kradorex Xeron wrote:

    > Sorry I was unclear on that item, it is regarding the externally-initated
    > connections. (i.e. someone accesses a service on conn 2, it should reply
    > via conn 2, not conn 1)


    What is the purpose of the NAT boxes? Is it to do inbound NAT so that
    the server can have two connections to the Internet? Or is it to do
    outbound NAT so that the server can have no connections to the
    Internet?

    If the former, it should "just work". If the latter, you need to
    create connection entries based on the source MAC address as seen at
    the Linux box.

    Actually, it shouldn't be that complex. I presume the Linux box has
    two addresses, one inside the LAN range of each NAT box. That means
    you should be able to route based upon the source IP address.

    If the Linux box's IP address on NAT1 is 192.168.1.10 and NAT1 is
    192.168.1.1 and the IP address on NAT2 192.168.2.10 and NAT2 is
    192.168.2.1, the rule is simply:

    If the source address is 192.168.1.10, the next hop is 192.168.1.1. If
    the source address is 192.168.2.10, the next hop is 192.168.2.1. Done.

    DS

  10. Re: 2 NICs, 1 server

    On Fri, 21 Dec 2007 14:29:56 -0500, Kradorex Xeron wrote:

    > Snowbat wrote in :
    >
    >> On Thu, 20 Dec 2007 22:34:26 -0500, Kradorex Xeron wrote:
    >>
    >>> Sorry I was unclear on that item, it is regarding the
    >>> externally-initated connections. (i.e. someone accesses a service on
    >>> conn 2, it should reply via conn 2, not conn 1)

    >>
    >> 4.2.1. Split access
    >> http://lartc.org/howto/lartc.rpdb.multiple-links.html
    >>
    >>

    > Unfortunately that howto doesn't cover my configuration, the routers
    > themselves are not Linux, and they are seperate units (as in the
    > diagram, marked as "NAT"). I was hoping I can do something at the server
    > itself.
    >
    > My apologies, the subject line was in error (and confusing), there are 2
    > routers, not NICs, once again, my sincerest apologies to everyone


    If you create an alias of ethX, it may be possible to use split access
    across ethX and ethX:0




    --


    --
    Posted via a free Usenet account from http://www.teranews.com


  11. Re: 2 NICs, 1 server

    On Dec 21, 8:00 pm, David Schwartz wrote:

    > If the source address is 192.168.1.10, the next hop is 192.168.1.1. If
    > the source address is 192.168.2.10, the next hop is 192.168.2.1. Done.
    >
    > DS


    And how exactly do you implement this? by iptables? shell scripting?

    Thanks

  12. Re: 2 NICs, 1 server

    On Dec 23, 9:20 am, Louis.Soni...@gmail.com wrote:

    > On Dec 21, 8:00 pm, David Schwartz wrote:


    > > If the source address is 192.168.1.10, the next hop is 192.168.1.1. If
    > > the source address is 192.168.2.10, the next hop is 192.168.2.1. Done.


    > And how exactly do you implement this? by iptables? shell scripting?


    You can do it with iptables.

    DS

  13. Re: 2 NICs, 1 server

    David Schwartz a écrit :
    >
    >>>If the source address is 192.168.1.10, the next hop is 192.168.1.1. If
    >>>the source address is 192.168.2.10, the next hop is 192.168.2.1. Done.

    >
    >>And how exactly do you implement this? by iptables? shell scripting?

    >
    > You can do it with iptables.


    Rather with ip rule and ip route, as explained in my first approach. You
    do not need iptables for source address based routing. You may do it
    using iptables, but you need ip rule and ip route anyway (don't even
    think about using the ROUTE target).

+ Reply to Thread