2002-07-31 05:25:19

by David Shirley

[permalink] [raw]
Subject: Network Routing Problems on Dual NIC Box

Hi All,

I'm not sure this is the right list for this question so bear with me :)

I have a machine that has 2 NIC's both on different subnet's lets
say 192.168.2.200 and 192.168.3.200

We are running a proxy server on this box, and the box is called proxy
which when you do a lookup points to 192.168.3.200

the problem is when machines on the 192.168.2.0 subnet try to
access proxy:80 the session connects but no data is being received on the
192.168.2.0 box.

I think its because proxy accepts on the .3 but then tries to send all the data
via the .2 interface because its directly connected and the .2 box ignores it
because its not coming from the .3

is this true?
how can i get proxy to send data back via the .3 interface? rather than via .2

btw its 2.2.19 box running redhat 6.2

Cheers
Dave








/----------------------------------------------------------
David Shirley
System's Administrator
Computer Science - Curtin University
(08) 9266 2986
----------------------------------------------------------/


2002-07-31 18:51:39

by Bill Davidsen

[permalink] [raw]
Subject: Re: Network Routing Problems on Dual NIC Box

On Wed, 31 Jul 2002, David Shirley wrote:

> I'm not sure this is the right list for this question so bear with me :)
>
> I have a machine that has 2 NIC's both on different subnet's lets
> say 192.168.2.200 and 192.168.3.200
>
> We are running a proxy server on this box, and the box is called proxy
> which when you do a lookup points to 192.168.3.200
>
> the problem is when machines on the 192.168.2.0 subnet try to
> access proxy:80 the session connects but no data is being received on the
> 192.168.2.0 box.
>
> I think its because proxy accepts on the .3 but then tries to send all the data
> via the .2 interface because its directly connected and the .2 box ignores it
> because its not coming from the .3
>
> is this true?
> how can i get proxy to send data back via the .3 interface? rather than via .2

The short answer is that Linux works that way because the network folks
want it to and quote an RFC which says that's alowed conforming behaviour.
It also does proxy arp by default and bunch of other stuff. Your packets
are probably going out the other interface.

The long answer is that you can probably use iproute2 to route packets by
source address to the correct interface. I haven't used 2.2 in a while and
didn't ever try that back when, so I am totally guessing. You might repeat
this question in the cosl.networking for a better answer if iproute2 won't
do this in 2.2.

> btw its 2.2.19 box running redhat 6.2

2.4 is better in many ways, but that implementation decision hasn't
changed. What you probably want is a single rule to choose interface by
source address, but you can get what you need by routing as long as you
have only a few subnets (the tables are 255 entries long IIRC).

Hope this helps.

--
bill davidsen <[email protected]>
CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.