...making Linux just a little more fun!
Deividson Okopnik [deivid.okop at gmail.com]
Hello TAG!
I have an unusual networking problem to solve here, and I'm needing some help.
Basically I got a machine with 2 network interfaces, eth0 and eth1, and both are connected in the same hub.
But eth0 has the ip 192.168.0.97, and doesnt need a proxy to access the internet. Eth1's ip is 192.168.0.200, and that IP needs a proxy to access the internet (and several sites are blocked, etc).
Alls configured, but it seems that everything's trying to use the eth1 to access the internet, and I need it to be accessed using eth0. Everything should use eth0, I just need eth1 to be used for apache and mysql...
Any clue on how to configure that?
Thanks
Deividson
René Pfeiffer [lynx at luchs.at]
On Mar 19, 2010 at 1100 -0300, Deividson Okopnik appeared and said:
> [...] > Basically I got a machine with 2 network interfaces, eth0 and eth1, > and both are connected in the same hub. > > But eth0 has the ip 192.168.0.97, and doesnt need a proxy to access > the internet. > Eth1's ip is 192.168.0.200, and that IP needs a proxy to access the > internet (and several sites are blocked, etc).
What is your network? Is it 192.168.0.0/24 (I assume)? Why do both network interfaces use IP addresses from the same network?
> Alls configured, but it seems that everythings trying to use the eth1 > to access the internet, and i need it to be accessed using eth0. > Everything should use eth0, i just need eth1 to be used for apache and mysql...
What OS do you use? If Debian/Ubuntu, which declaration has the gateway option in /etc/network/interfaces?
You could try using something like this:
ip route del default ip route add default via 192.168.0.x dev eth0
Best, René.
Dimitrios Siganos [dimitris at siganos.org]
René Pfeiffer wrote:
> On Mar 19, 2010 at 1100 -0300, Deividson Okopnik appeared and said: > >> [...] >> Basically I got a machine with 2 network interfaces, eth0 and eth1, >> and both are connected in the same hub. >> >> But eth0 has the ip 192.168.0.97, and doesnt need a proxy to access >> the internet. >> Eth1's ip is 192.168.0.200, and that IP needs a proxy to access the >> internet (and several sites are blocked, etc). >> > > What is your network? Is it 192.168.0.0/24 (I assume)? > Why do both network interfaces use IP addresses from the same network? > > >> Alls configured, but it seems that everythings trying to use the eth1 >> to access the internet, and i need it to be accessed using eth0. >> Everything should use eth0, i just need eth1 to be used for apache and mysql... >> > > What OS do you use? If Debian/Ubuntu, which declaration has the gateway > option in /etc/network/interfaces? > > You could try using something like this: > ip route del default > ip route add default via 192.168.0.x dev eth0
If you haven't done so already, you probably want to switch on "arp_filter" as well. Otherwise both interfaces will respond to ARP requests, causing chaos.
Dimitris Siganos
Deividson Okopnik [deivid.okop at gmail.com]
2010/3/19 René Pfeiffer <lynx@luchs.at>:
> On Mar 19, 2010 at 1100 -0300, Deividson Okopnik appeared and said: > > What is your network? Is it 192.168.0.0/24 (I assume)? > Why do both network interfaces use IP addresses from the same network? >
192.168.0.0/24 yes, and both use IPs from the same network cause the machine was 192.168.0.200, but that blocks access to several pages, and i need a free pass to the internet, and ip 192.168.0.97 does that.
But several other computers use 192.168.0.200 to access apache/mysql from that machine, and I didnt want to change that,.
> > What OS do you use? If Debian/Ubuntu, which declaration has the gateway > option in /etc/network/interfaces? >
Ubuntu 9.10, both interfaces got the proper gateway configured (192.168.0.100), but not directly on the file, U9.10 uses that network manager...
> > You could try using something like this: > ip route del default > ip route add default via 192.168.0.x dev eth0 >
Did that, still doesnt work (after a network restart) - it seems to work as i want when i disable eth1 (but of course then apache and mysql = unresponsible)
Thanks a ton
Wow, youre fast.
Deividson
Deividson Okopnik [deivid.okop at gmail.com]
And it is working
Thanks for the help guys - I swapped the IPs of both interfaces and it's working like a charm now.
And in case anyone's got any idea on how could I solve that problem in a better way, feel free to drop me a line.
Thanks again Deividson
Dimitrios Siganos [dimitris at siganos.org]
Deividson Okopnik wrote:
> And it is working > > Thanks for the help guys - I swapped the IPs of both interfaces and > its working like a charm now. > > And incase anyones got any ideia on how could i solve that problem in > a better way, fell free to drop me a line.
I imagine you have two default routes and it picks the first one it finds. What do you see if you type:
ip routein a terminal?
The better solution is to:
* right click on nm icon on taskbar * click edit connection * select the one that shouldn't go out on the internet * goto to the "IPV4 settings" tab * click on "Routes" * and finally, click on "Use this connection only for resources on its network"
that will stop nm from adding a default route through that interface.
Dimitrios Siganos
Ben Okopnik [ben at okopnik.com]
On Fri, Mar 19, 2010 at 02:48:26PM +0000, Dimitrios Siganos wrote:
> > The better solution is to: > * right click on nm icon on taskbar > * click edit connection > * select the one that shouldn't go out on the internet > * goto to the "IPV4 settings" tab > * click on "Routes" > * and finally, click on "Use this connection only for resources on > its network" > > that will stop nm from adding a default route through that interface.
Nice tip, Dimitrios! I've just tweaked my own 'nm' settings this way, which should help get rid of at least one minor annoyance. Thanks!
-- * Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
Deividson Okopnik [deivid.okop at gmail.com]
2010/3/19 Ben Okopnik <ben@okopnik.com>:
> On Fri, Mar 19, 2010 at 02:48:26PM +0000, Dimitrios Siganos wrote: >> >> The better solution is to: >> * right click on nm icon on taskbar >> * click edit connection >> * select the one that shouldn't go out on the internet >> * goto to the "IPV4 settings" tab >> * click on "Routes" >> * and finally, click on "Use this connection only for resources on >> its network" >> >> that will stop nm from adding a default route through that interface. > > Nice tip, Dimitrios! I've just tweaked my own 'nm' settings this way, > which should help get rid of at least one minor annoyance. Thanks! >
Very weird - even like this it seems that the pc is still trying to use the wrong route, cause internet is extra slow (3-minutes-to-open-twitter slow), and as soon as i disable eth1 it gets normal again
Jim Jackson [jj at franjam.org.uk]
On Fri, 19 Mar 2010, Deividson Okopnik wrote:
> 2010/3/19 Ben Okopnik <ben@okopnik.com>: >>> * right click on nm icon on taskbar >>> * click edit connection >>> * select the one that shouldn't go out on the internet >>> * goto to the "IPV4 settings" tab >>> * click on "Routes" >>> * and finally, click on "Use this connection only for resources on >>> its network" >>> >>> that will stop nm from adding a default route through that interface. >> >> Nice tip, Dimitrios! I've just tweaked my own 'nm' settings this way, >> which should help get rid of at least one minor annoyance. Thanks! >> > > Very weird - even like this it seems that the pc is still trying to > use the wrong route, cause internet is extra slow > (3-minutes-to-open-twitter slow), and as soon as i disable eth1 it > gets normal again
There's a discussion here...
http://mailman.nanog.org/pipermail/nanog/2009-May/010434.html
on having 2 interfaces on one subnet. "Usually" this is not encouraged - depending on your platform you may not be able to arrange this at all. But Linux of course can do anything It just might not be easy, and you are likely to get bit in the bum as you've discovered. Use 2 sessions of wireshark or tcpdump to sniff both interfaces, just to check which interface packets are goin gout of, and with what local addresses?
Another possible starting point for experiments would be to use one interface with 2 addresses.
ifconfig eth0 192.168.0.50 up ifconfig eth0:1 192.168.0.60 up
This may get round arp problems. Remember you will have to force an application to use the non-default IP address as it's source address.
good luck
Jim
René Pfeiffer [lynx at luchs.at]
On Mar 19, 2010 at 2024 +0000, Jim Jackson appeared and said:
> [...] > Another possible starting point for experiments would be to use one > interface with 2 addresses. > > ifconfig eth0 192.168.0.50 up > ifconfig eth0:1 192.168.0.60 up
You can do the same on the fly without using different network device names:
ip link set dev eth0 up ip address add 192.168.0.50/24 dev eth0 ip address add 192.168.0.60/24 dev eth0
ip is easier to use and you can always delete addresses without hassle:
ip address del 192.168.0.60/24 dev eth0
This is quite useful for testing.
Best, René.
jose [jmanel at gmail.com]
Since i am not using any dinamic feature as DHCP i uninstalled nm and configured manually the network(in the file) and problems related went away.
Just an answer for a particular case
Josep
René Pfeiffer [lynx at luchs.at]
On Mar 19, 2010 at 1125 -0300, Deividson Okopnik appeared and said:
> 2010/3/19 René Pfeiffer <lynx@luchs.at>: > > [...] > > You could try using something like this: > > ip route del default > > ip route add default via 192.168.0.x dev eth0 > > > > Did that, still doesnt work (after a network restart) - it seems to > work as i want when i disable eth1 (but of course then apache and > mysql = unresponsible)
Mind the ARP settings. The Linux kernel answers to ARP requests on both interfaces (as was pointed out by a previous posting). The behaviour is called "ARP flux".
http://lwn.net/Articles/45373/ http://robertlathanh.com/2009/08/two-subnetworks-on-one-lan-and-linux-arp_filter/
The last link explains the arp_filter settings a bit more.
> Thanks a ton > Wow, youre fast.
Recharging my caffeine levels after 5 days of being away from the office coffee machine. ;)
Best, René.