[gentoo-user] Double network cards

[gentoo-user] Double network cards

[Marco Calviani]

Hi list,
   i would like some technical advice concerning the possibility of
mounting two network devices on the same desktop computer. One network
card (which is binded to a fixed IP) allows me to allow the machine to
be visible on the public network, while the second one (faster, the
one i've installed now) is used to work. Would it be possible to
install both of them, with the first one used only for accessing the
machine from an external site?

Thanks in advance,
marco
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Double network cards

[Dan Farrell]

On Mon, 11 Jun 2007 16:19:58 +0200
"Marco Calviani" <marco.calviani@gmail.com> wrote:

> Hi list,
>    i would like some technical advice concerning the possibility of
> mounting two network devices on the same desktop computer. One network
> card (which is binded to a fixed IP) allows me to allow the machine to
> be visible on the public network...
I call it 'eth0'
> while the second one (faster, the
> one i've installed now) is used to work. 
I call it 'eth1' -- I am a little confused whether you mean 'it used to
work' or you 'use it to work' on a private subnet perchance.  
> Would it be possible to
> install both of them, with the first one used only for accessing the
> machine from an external site?
That should be possible.  If the second interface is to be on a
seperate subnet, it's so easy to do this that it's almost trivial.  All
you have to do is to assign a private ip address and plug it in to the
private network, and you'll have two devices, on private, one public,
and your computer can even function as a 'gateway' or 'router' if you
want it to.  

Is that what you are trying to do?
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Double network cards

[Hans-Werner Hilse]

Hi,

On Mon, 11 Jun 2007 16:19:58 +0200 "Marco Calviani"
<marco.calviani@gmail.com> wrote:

>    i would like some technical advice concerning the possibility of
> mounting two network devices on the same desktop computer. One network
> card (which is binded to a fixed IP) allows me to allow the machine to
> be visible on the public network, while the second one (faster, the
> one i've installed now) is used to work. Would it be possible to
> install both of them, with the first one used only for accessing the
> machine from an external site?

>From hardware and driver side of the problem: Yes, of course. The other
question, and you really didn't clarify on this, is whether your
intended routing setup would work with such a configuration. But since
Linux is extremely configurable in that regard, you probably can
archive sensible results. Just specify a bit more information, like the
networks (address/netmask) coming into play here.

If both of your NICs are routing to the internet and you're offering
services to the internet, the answer packets from those services will
always take the route w/ lowest metric by default. You'd have to mark
the packets e.g. w/ iptables on a user or application basis in order to
influence routing so that outgoing "service traffic" takes another way
than outgoing "other traffic". But don't hesitate to tell more about
your intended setup, it'll get probably easier to help you then.

-hwh
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: Double network cards

[Grant Edwards]

On 2007-06-11, Marco Calviani <marco.calviani@gmail.com> wrote:

> i would like some technical advice concerning the possibility of
> mounting two network devices on the same desktop computer. One network
> card (which is binded to a fixed IP) allows me to allow the machine to
> be visible on the public network, while the second one (faster, the
> one i've installed now) is used to work. Would it be possible to
> install both of them, with the first one used only for accessing the
> machine from an external site?

Yes.

-- 
Grant Edwards                   grante             Yow! I joined scientology
                                  at               at a garage sale!!
                               visi.com            

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Double network cards

[Marco Calviani]

Hi all,
  thanks for replying. Actually the network with the fixed IP would be
used only for accessing the machine from the internet (that would be
its only use), since the other address is masked behind closed
network.

regards,
marco

On 6/11/07, Hans-Werner Hilse <hilse@web.de> wrote:
> Hi,
>
> On Mon, 11 Jun 2007 16:19:58 +0200 "Marco Calviani"
> <marco.calviani@gmail.com> wrote:
>
> >    i would like some technical advice concerning the possibility of
> > mounting two network devices on the same desktop computer. One network
> > card (which is binded to a fixed IP) allows me to allow the machine to
> > be visible on the public network, while the second one (faster, the
> > one i've installed now) is used to work. Would it be possible to
> > install both of them, with the first one used only for accessing the
> > machine from an external site?
>
> From hardware and driver side of the problem: Yes, of course. The other
> question, and you really didn't clarify on this, is whether your
> intended routing setup would work with such a configuration. But since
> Linux is extremely configurable in that regard, you probably can
> archive sensible results. Just specify a bit more information, like the
> networks (address/netmask) coming into play here.
>
> If both of your NICs are routing to the internet and you're offering
> services to the internet, the answer packets from those services will
> always take the route w/ lowest metric by default. You'd have to mark
> the packets e.g. w/ iptables on a user or application basis in order to
> influence routing so that outgoing "service traffic" takes another way
> than outgoing "other traffic". But don't hesitate to tell more about
> your intended setup, it'll get probably easier to help you then.
>
> -hwh
> --
> gentoo-user@gentoo.org mailing list
>
>
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Double network cards

[Hans-Werner Hilse]

Hi,

On Mon, 11 Jun 2007 18:42:04 +0200 "Marco Calviani"
<marco.calviani@gmail.com> wrote:

>   thanks for replying. Actually the network with the fixed IP would be
> used only for accessing the machine from the internet (that would be
> its only use), since the other address is masked behind closed
> network.

OK, with non-ambiguous routing, I don't see any problems at all.
Except, maybe, for your security policy if that server is now in DMZ
_and_ LAN. But I think you're probably very aware of that...

-hwh
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Double network cards

[Dan Farrell]

On Mon, 11 Jun 2007 18:42:04 +0200
"Marco Calviani" <marco.calviani@gmail.com> wrote:

> Hi all,
>   thanks for replying. Actually the network with the fixed IP would be
> used only for accessing the machine from the internet (that would be
> its only use), since the other address is masked behind closed
> network.
> 
> regards,
> marco

You probably want to set your routing table up so that packets to your
internal subnet(s) go straight out internal interface, or to internal
gateway, and the default route out your external interface.  
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Double network cards

[Boyd Stephen Smith Jr.]

[-- Attachment #1: Type: text/plain, Size: 2436 bytes --]

On Monday 11 June 2007, dexter <dexters84@gmail.com> wrote about 'Re: 
[gentoo-user] Double network cards':
> Marco Calviani pisze:
> > Hi list,
> >   i would like some technical advice concerning the possibility of
> > mounting two network devices on the same desktop computer. One network
> > card (which is binded to a fixed IP) allows me to allow the machine to
> > be visible on the public network, while the second one (faster, the
> > one i've installed now) is used to work.
>
> Hello
> If You are going to use both devices to access the same address space
> then afaik it is not possible.
> I think it could be done with static routing, but You would require
> properly configured router.

Which (surprise!) is the same thing as a properly configured linux box. :P

Basically, you simply need to make sure you configure routing for 
the "internet at large" correctly.  This will generally involve some sort 
of source-based routing and/or some custom dhclient scripts and/or 
assigning proper metrics to your routes and telling the kernel how to use 
those metrics when there are multiple routes to a single IP.

We have two networks here at the house: the cable internet (9Mbps/1Mbps, 
but those speeds can't be counted on, dynamic IP) and the DSL 
(1.5Mbps/512Kbps, I think, block of static IPs).  I've got two NICs so I'm 
on both of them.  Virtually all traffic uses the cable connection (http 
requests, bittorrent, etc.), but the DSL connection is available for 
traffic (ssh, local mail server [on the same subnet], etc.). Here's the 
relevant parts of my setup:

/etc/conf.d/net:
config_eth0=( "dhcp" )
modules_eth0=( "pump" )
pump_eth0=""
config_eth1=( "69.154.123.205/29 brd 69.154.123.207" )
modules_eth1=( "!plug" )

/etc/iproute2/rt_tables:
127     dsl

/etc/conf.d/local.start:
sbr-init

/usr/local/sbin/sbr-init:
#!/bin/bash

# Clear tables
ip route flush table dsl 2>&-

# Fill tables
ip route add 69.154.123.200/29 dev eth1 table dsl
ip route add 0.0.0.0/0 via 69.154.123.206 table dsl

# Reset rules
ip rule del pref 16000 from 69.154.123.205 2>&-

# Set rules
ip rule add pref 16000 from 69.154.123.205 table dsl

-- 
Boyd Stephen Smith Jr.                     ,= ,-_-. =. 
bss03@volumehost.net                      ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy           `-'(. .)`-' 
http://iguanasuicide.org/                      \_/     

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Double network cards

[Jerry McBride]

On Monday 11 June 2007 10:19:58 am Marco Calviani wrote:
> Hi list,
>    i would like some technical advice concerning the possibility of
> mounting two network devices on the same desktop computer. One network
> card (which is binded to a fixed IP) allows me to allow the machine to
> be visible on the public network, while the second one (faster, the
> one i've installed now) is used to work. Would it be possible to
> install both of them, with the first one used only for accessing the
> machine from an external site?
>
> Thanks in advance,
> marco

Absolutely... the only limit is how many slots you have to work with. 


-- 


Jerry McBride
-- 
gentoo-user@gentoo.org mailing list