Multiple NIC Configuration Help

[eusanpe]

Hello all,

I am sorry for the double post. I posted this question 11 months ago in the Server Help forum and it was never replied to and I think only one person looked at it.

I have a server running Funtoo with two NICS. I want to be able to connect to my Dell MD3600i backup server.

This is the IP Info:

Internal
eth0---> IP: 192.168.20.100 ---> Gateway: 192.168.20.1 (Cisco Router to internet)

External
eth1---> IP: 192.168.3.40 ---> Gateway: 192.168.3.1 (Cisco Managed Switch)

Dell MD3600i Backup Server---> 192.168.3.113

I want to be able to connect to my Dell MD3600i backup server at address 192.168.3.113

Can anyone give me some pointers for setting up routing so I can reach 192.168.3.113?

Thanks,

Tony

netif.eth0

template="interface"
ipaddr="192.168.20.100/24"
gateway="192.168.20.1"
nameservers="192.168.20.1"
domain="xxxxxx.com"

netif.eth1

template="interface"
ipaddr="192.168.3.40/24"
domain="xxxxx.com"

netstat

# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.20.1    0.0.0.0         UG        0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
192.168.3.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
192.168.20.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0

[eusanpe]

Quote

I am not an expert on networks but why are your nameservers for eth1 pointing to a different network? Any special reason or is that just a typo?

I have a managed switch that has the 192.168.3.0 network attached along with the 192.168.2.0 network. The 192.168.3.0 network was going outbound but not incoming. The server on the 192.168.3.0 network was an independent server

and working fine going outbound until I added the second NIC to the network so I could use my backup server to use from the internal network. I am editing it to remove.

Thanks for catching that!

Tony

[senyai]

I'm no network expert too, and for me your setup looks fine. Could It be something else, like that "Cisco Managed Switch" firewalling your connection? Could you dump you network card traffic when you try to connect to `192.168.3.113` using this command "tcpdump -i eth1 -s 65535 -w 1940-multiple-nic-configuration-help.pcap"?

[digifuzzy]

Looks like you have a decent start. You've defined the two openrc init files net.eth0 and net.eth1.
Let's make sure you have those running at startup (rc-update add net.eth{0,1}) WIth dual nic's, I ran into a host of issues with conflicts in dhcpcd service. It wants to overwrite, take charge of stuff. I agonized over this part until I found it by accident. So `rc-update del dhcpcd default` removed the service.

I run my own LAN sever providing dhcp. The NIC talking to ISP box has net.eth file that just contains the line "template=dhcpcd" and that's it. I do other configuration on ISP box but generally it only uses ISP supplied dhcp. The other NIC(LAN w/ static IP for downstream for network service) is configured with base ip address w/ netmask as well as domain name.

I then  installed dhcpd (NOTE: different NOT DHCPCD - two different pieces of software) to manage LAN needs. In the `/etc/conf.d/dhcpd` file I have at the top `rc_need=net.ethX` where X is the LAN facing NIC. We tell openRC don't start the DHCP until you have this NIC card going. Also in the same file is the line `DHCPD_IFACE="ethX" (same as before).

There's other dhcp and bind setup stuff... but you get the idea.

The magic happens with `net-firewall/shorewall` - A nicer version of iptables. I used it's configuration to bridge the two NIC's. This occurs in its `/etc/shorwall/interfaces` who you marry up NIC to function one eth goes to WAN, other goes to LAN. And off to the races we go.

Probably more information that you want. My suspicion is you have having issues with dhcpcd taking charge when you don't want it to. Disable the service and come back. We can go from there.

BTW, IRC works too... ?

[safulkin]

This settings looks fine. few basic tests.

ping 192.168.3.1

is it ok? or 100% loss?

ifconfig

check that eth1 RX packets is not 0. if RX packets is 0 then cisco managed switch block all traffic, or cable plugged in wrong port, or something wrong with switch configuration for this port (something like VLAN, ACL)

ping 192.168.3.113?

is it ok? or 100% loss?

arp -n

any arp records for 192.168.3.0/24 network on interface eth1?

 

[digifuzzy]

3 hours ago, safulkin said:

ping 192.168.3.1

 

is it ok? or 100% loss?

ifconfig

check that eth1 RX packets is not 0. if RX packets is 0 then cisco managed switch block all traffic, or cable plugged in wrong port, or something wrong with switch configuration for this port (something like VLAN, ACL)

ping 192.168.3.113?

is it ok? or 100% loss?

arp -n

any arp records for 192.168.3.0/24 network on interface eth1?

 

100% loss is bad. Means card isn't talking.

w/ ifconfig also ensure you don't see 169.x.x.x address. That's a "not connected" type address that NICs will assume if something isn't right.

arp is good. Shows all external IP connections. Should see meaningful results.