# [SOLVED] Two interfaces, two public IP's, two domain names

## molot

I bet there is already howto / manual for it. I've been told to look for >> "force routing" linux howto << and I tried that and similar, but I simply can't find it.

My problem is - my machine is seen from the network under two domain names - molot.pl and bdsmclub.pl - each with own IP and hardware wired to eth0 and eth1 (in that order). eth2 is wired to adsl router for a backup line. Problem is - it responds only on first active interface. That's not what I want, I want it to "work" on all interfaces that are there. I want to be able to put www pages on both interfaces and ssh via all three names.

Other problem is outgoing traffic - if hardware firewall / router / "modem" on first interface is online, but the link between it and the Internet is down, outgoing traffic freezes - it goes to the eth0 even when the eth1 is now the first interface with actual net access. Not what I need.

I'm not an admin. Never was, never will be. I'm a developer who needs his machine online for couple personal projects and has problems with that. Is there any way you could help me, to make this stuff work "as expected by common sense"? Thanx for even reading thorough this whole post  :Wink: 

----------

## richard.scott

 *molot wrote:*   

> I'm not an admin. Never was, never will be.

 

I'm sorry to say that this is a really hard task even for an experiened admin. 

Due to the way routing and the internet works its not easily possible.

Why do you have two IP's for each domain name? If you creating a website you can host them both on the same IP and use name based virtual hosting that is commonly available in both IIS and Apache etc.

If your ADSL is on eth2, where do eth0 and eth1 go?

Rich

----------

## molot

 *richard.scott wrote:*   

> I'm sorry to say that this is a really hard task even for an experiened admin. 
> 
> Due to the way routing and the internet works its not easily possible.

 Two of my admin colegues already told me it shouldn't be hard. I think I'd have to dare them to do this, then.

 *richard.scott wrote:*   

> Why do you have two IP's for each domain name? If you creating a website you can host them both on the same IP and use name based virtual hosting that is commonly available in both IIS and Apache etc.

 Well, couple of reasons. Keeping download/upload speed limits and costs separate is thing I can't make any other way. Additionally there are minor reasons like making my client traffic to go only thorough the ip of the domain I don't bother being personally recognized as an owner on first sight, possibility of making it two cable setup easy, putting router in one of the lines so I could not bother configuring my box to also be a router...

 *richard.scott wrote:*   

> If your ADSL is on eth2, where do eth0 and eth1 go?

 Eth1 goes to the magic box* installed by my local multimedia provider. Eth0 goes to the router, and router to the magic box. Most of important ports are redirected from the router to my Gentoo machine.

*I'm not sure should I call it cable modem, router or what. I kinda don't care. It only requires me to ask dhcp and grants me IP's I'm paying for consistently, based on mac of the card that's asking.

Thank you for your interest, Rich.

----------

## richard.scott

Hi,

The hard part is if you want your websites on eth0 and eth1 to be available on eth2 if eth0 or eth1's internet connection isn't working.

You can do it with some external dns provider like dyndns.org... perhaps this is what your admin coleagues are talking about?

Rich.

----------

## molot

No no no, sorry if I didn't make myself clear. The auto-fallback to the next working interface should work from inside, client only. For example if my monitoring tool detects lack of traffic at eth0 it should be able to connect to the Internet thorough any of the interface that's still up and send me sms via the web->sms gate. Or when I'm physically at the comp's keyboard, I'd love to be able to send email to my ISP "hey, my first interface can't connect, go fix it" without the need of reconfiguration and/or manually switching interfaces. If the eth0 is dead, then it's dead, page is not shown, that's what I expect and agree for.

----------

## richard.scott

oh, in that case then you need a script that tries to ping your cable modem and when it fails run this:

```
route del default

route add default gw x.x.x.x
```

where x.x.x.x is the default gateway IP on your next available connection.

Something like this should do it:

```
#!/bin/bash

#

# Default gatways in order of preference

#

DG1=x.x.x.x

DG2=x.x.x.x

DG3=x.x.x.x

#

# Check if DG1 is up (default gateway on eth0)

#

if ! ping -c 2 -w 2 ${DG1} > /dev/null 2>&1 ; then

  #

  # Check if DG2 is alive

  #

  if ! ping -c 2 -w 2 ${DG2} > /dev/null 2>&1 ; then

    #

    # Both DG1 and DG2 are offline, so setup DG3 as default

    #

    if ping -c 2 -w 2 ${DG3} > /dev/null 2>&1 ; then

      route del default

      route add default gw ${DG3}

    fi

  else

    #

    # DG1 is offline, but DG2 is up so setup DG2 as default

    #

    route del default

    route add default gw ${DG2}

  fi

else

  #

  # Check if DG1 is our current default gateway

  #

  if [ "${DG1}" != "$(route | grep "^default" | awk -F " " '{print $2}')" ]; then

    route del default

    route add default gw ${DG1}

  fi

fi
```

I've not tested or debugged that, but it may help as a starting point.

Oh, and depending on traffic loads the ping command may not be the best way of working out if a link is up or not.

Rich.

----------

## molot

Thank you. But I have more basic problem. Just try to ping:

1) molot.pl (that's eth0)

2) 62.121.121.110 (that's eth1)

As you can see, there is no ping reply. But from the inside it pings itself all right via both addresses. The same with ssh and http ports - they are open on the both IP's, but I can't get them to reply on 2) as long as 1) is up and running. from network sniffing it just looks like all replies are going thorough eth0, no matter where question came.

How to make both of those addresses connectible?

Until I solve this issue, the others are just minor things.

----------

## richard.scott

From the outside you'll only be able to connect to the IP with the active default gateway.

your pinging eth0 ok, which means that it has the default gateway active.

When you ping eth1, the server most likely accepts the packet, and then send the reply back via eth0 (the default gateway interface).

As this ip range isn't on their network, they may block it from being routed.

Thsi is what I was talking about when I said it was complicated.

AFAIK you won't be able to make them both work at the same time from the outside because of the way routing works.

Rich.

----------

## molot

So let's take them from the other side - is there any virtual/paravirtual computer software that would allow me to "bind" one of the physical interfaces directly to the virtual server? So the physical computer would ignore the very existence of eth1, and for some virtual environment inside this was the only (or at least default) route? That is a solution I would not like to much, but I'd accept.

----------

## richard.scott

You may be able to do that with vmware-server or virtual-box, but I'm not sure  :Sad: 

----------

## molot

I was not able to find that in vmware. Even bridged networking only bridged to the first interface.

----------

## richard.scott

Having random Internet traffic from the 3 networks coming to one box is where the problem is.

It's not designed to work like that  :Sad: 

It is possible with something like BGP Routing, but that's something all 3 ISP's would need to support and you'd have to register your own IP range for it. It's really only something you'd have in a data center.

Sorry, I don't think I can be of much more help  :Sad: 

Rich.

----------

## salmonix

 *molot wrote:*   

> Thank you. But I have more basic problem. Just try to ping:
> 
> 1) molot.pl (that's eth0)
> 
> 2) 62.121.121.110 (that's eth1)
> ...

 

That is similar to my problem only some more iptables salt is in it.

Check the end of the thread on my routing problem - that is the routing part of the story, probably helps.

https://forums.gentoo.org/viewtopic-t-804969.html

I am not a fw expert but it seems that you have to set MARKs to incoming connections and according to the markings you have to direct the outgoing traffic according to the interfaces.

Probably the hints there help.

----------

## molot

Thanks. So I am reading this stuff.

It looks the solution in my case is much much simpler than I was affraid of:

I don't need any marking. I just need packages marked as coming out from IP XXX.XXX.XXX.XXX go via eth0, the ones from YYY.YYY.YYY.YYY via eth1. It was so simple I haven't thought about it. Now when I know what I need to do (and why / how should it work) it'll be easier to find how to actually do this.

----------

## Zhaozhou

 *richard.scott wrote:*   

> From the outside you'll only be able to connect to the IP with the active default gateway.

 

Why is this? Isn't default route only bound to outgoing connections?

----------

## richard.scott

 *Zhaozhou wrote:*   

>  *richard.scott wrote:*   From the outside you'll only be able to connect to the IP with the active default gateway. 
> 
> Why is this? Isn't default route only bound to outgoing connections?

 

It's relevant to all outgoing traffic.

If there's no route already setup for the destination IP it will (by default) go via the default route.

Rich

----------

## gentoo-dev

You need to google for "linux routing multiple interfaces" and read http://tldp.org/HOWTO/Adv-Routing-HOWTO/

Sorry there's no real easy 1-minute solution to this. Just challenge your admin to implement it since he said it was easy...  :Smile: 

```
                                                                 ________

                                          +------------+        /

                                          |            |       |

                            +-------------+ Provider 1 +-------

        __                  |             |            |     /

    ___/  \_         +------+-------+     +------------+    |

  _/        \__      |     if1      |                      /

 /             \     |              |                      |

| Local network -----+ Linux router |                      |     Internet

 \_           __/    |              |                      |

   \__     __/       |     if2      |                      \

      \___/          +------+-------+     +------------+    |

                            |             |            |     \

                            +-------------+ Provider 2 +-------

                                          |            |       |

                                          +------------+        \________
```

----------

## molot

Thanx to the links posted to salmonix in the thread he linked us to, I've understood the documentation  :Very Happy: 

So here is the link that made me understand:

http://linux-ip.net/html/adv-multi-internet.html (see 10.4.2. Inbound traffic Using Multiple Connections to the Internet)

Here you have the link from where I took the basics of the script:

http://lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS

And here you go with the script itself:

```
#!/bin/bash

IF0=eth0

IP0=172.16.1.2

P0=172.16.1.1

P0_NET=172.16.1.0/24

T0=cable0

IF1=eth1

IP1=62.121.121.110

P1=62.121.123.254

P1_NET=62.121.120.0/22

T1=cable1

IF2=eth2

IP2=192.168.0.1

P2=192.168.1.254

P2_NET=192.168.0.0/16

T2=adsl

ip route add $P0_NET dev $IF0 src $IP0 table $T0

ip route add default via $P0 table $T0

ip route add $P1_NET dev $IF1 src $IP1 table $T1

ip route add default via $P1 table $T1

ip route add $P2_NET dev $IF2 src $IP2 table $T2

ip route add default via $P2 table $T2

ip rule add from $IP0 table $T0

ip rule add from $IP1 table $T1

ip rule add from $IP2 table $T2

ip route add default via $P0
```

It do is extremely easy once one knows what's happening.

THANK YOU ALL FOR YOUR SUPPORT, without you I wouldn't make it.

Two minor questions more - how to make this script to run (just?) after all /etc/init.d/net.eth* started? And how to add second and third default routes, with higher metrics so they would be used for outbound if previous one fails?

----------

## salmonix

you can call it from /etc/conf.d/local_start. thingies here are executed at the end of the boot process. 

on the second:

theoretically 

in net conf: eth cards have no fallbacd so when they fail, they are not available

in the script: 

1. check the availability (ifconfig | grep ) creating a loop with the results

3. if the necessary NIC is there, grep its IP with eg. awk

4. set routing using the data available (NIC, its IP)

But I am not that fluent bash to simply put it together in ten seconds - I think it is not more for a basher. (bashar ?  :Smile:  )

----------

## Mad Merlin

 *molot wrote:*   

> So let's take them from the other side - is there any virtual/paravirtual computer software that would allow me to "bind" one of the physical interfaces directly to the virtual server? So the physical computer would ignore the very existence of eth1, and for some virtual environment inside this was the only (or at least default) route? That is a solution I would not like to much, but I'd accept.

 

This is certainly possible and straightforward with KVM, it's also possible with VMWare (at least vmware-server) although slightly less obvious because it initially only sets up the first NIC for bridging. Whether this is the simplest or most effective approach is debatable though (but I won't comment on that aspect).

----------

