[GRLUG] Routing question
Jeff DeFouw
mrj at plorb.com
Sat Apr 7 04:22:23 EDT 2012
On Fri, Apr 06, 2012 at 11:10:02PM -0500, L. V. Lammert wrote:
> Just figured out a nagging problem with a server in the shop that uses a
> Charter connection for most of the traffic [and default route], but a 2nd
> local NIC with a static IP from our server rack:
>
>
> Mickey
> + T1 = eth0
> + Internal 10.0.0.n = eth1
> + Charter = eth2
>
> An inbound ssh connetion from an internal server on eth0 works just fine,
> .. howerver an ssh connection from *outside* [eth2] times out.
>
> I just relized that the default route on the eth2 [with most of the
> bandwidth] would prevent an incoming connection from outside on the T1
> side! OpenSuSE 11.4, standard firewall, everything works fine *except* for
> incoming connections from the outside.
>
> Is anyone aware of a way to allow incoming connections on eth0 without
> messing with the default route? I would prefer Charter for the default
> route as it prevents saturating the T1 with office traffic.
I know you can do something with connection tracking, but it appears
there is an easier way I didn't know about. You can add an alternate
routing table based on a source address. Everything looks good when I
run the commands, but I don't have a test environment set up.
# add a direct route for the local network
ip route add <eth0_network> dev eth0 table 200
# add a default gateway for everything else
ip route add default via <eth0_gateway> dev eth0 table 200
# use routing table 200 when this machine uses its eth0 address
ip rule add from <eth0_ip_address> table 200
--
Jeff DeFouw <mrj at plorb.com>
More information about the grlug
mailing list