# [solved] 1 NIC, 2 IPs, 2 Different Routes ?

## Steve_Mac_G

Hi Everyone

I have a little problem setting up a NIC with 2 IPs. Every IP should have their own Route and own dns Server.

The Scene: 

Server have 1 NIC and 2 IPs:

 -192.168.0.15

 -192.168.0.16

And 2 Gateways in the same Subnet, that have different ways to connect to the internet.

 -192.168.0.2 for high speed services (like Streaming)

 -192.168.0.1 for a DSL connection

The server have 3 Main Services

 -IRC

 -Apache

 -Icecast

All 3 uses the standardports (Irc 6665-6669,6697 Apache 80,443 and Icecast 8000,8001)

The Unrealircd and the Apache are bound to 192.168.0.15 and should use only this IP and Gateway, The Icecast2 to 192.168.0.16 and similar GW. Here the Conf:

```
luci ~ #cat /etc/conf.d/net

config_eth0=(

        "192.168.0.15/24 brd 192.168.0.255"

        "192.168.0.16/24 brd 192.168.0.255"

)

routes_eth0=(

        "192.168.0.15 via 192.168.0.1"

        "192.168.0.16 via 192.168.0.2"

        "default gw 192.168.0.1"

)

dns_servers_eth0=( "192.168.0.1 192.168.0.2" )

fallback_eth0=( "dhcp" )
```

this results in this situation:

```
luci ~ # ifconfig

eth0      Protokoll:Ethernet  Hardware Adresse 00:0c:29:10:f5:4f

          inet Adresse:192.168.0.15  Bcast:192.168.0.255  Maske:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:12155376 errors:10 dropped:8 overruns:0 frame:0

          TX packets:7097052 errors:0 dropped:0 overruns:0 carrier:0

          Kollisionen:0 Sendewarteschlangenla:nge:1000

          RX bytes:3284942630 (3.0 GiB)  TX bytes:875524591 (834.9 MiB)

          Interrupt:17 Basisadresse:0x1400

eth0:1    Protokoll:Ethernet  Hardware Adresse 00:0c:29:10:f5:4f

          inet Adresse:192.168.0.16  Bcast:192.168.0.255  Maske:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          Interrupt:17 Basisadresse:0x1400

lo        Protokoll:Lokale Schleife

          inet Adresse:127.0.0.1  Maske:255.0.0.0

          inet6 Adresse: ::1/128 Gu:ltigkeitsbereich:Maschine

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:154358 errors:0 dropped:0 overruns:0 frame:0

          TX packets:154358 errors:0 dropped:0 overruns:0 carrier:0

          Kollisionen:0 Sendewarteschlangenla:nge:0

          RX bytes:14241971 (13.5 MiB)  TX bytes:14241971 (13.5 MiB)

luci ~ # route -n

Kernel IP Routentabelle

Ziel            Router          Genmask         Flags Metric Ref    Use Iface

192.168.0.16 192.168.0.2 255.255.255.255 UGH   0      0        0 eth0

192.168.0.15 192.168.0.1 255.255.255.255 UGH   0      0        0 eth0

192.168.0.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

0.0.0.0         192.168.0.1 0.0.0.0         UG    0      0        0 eth0

```

The Problem is, it seems all 3 services listening on the first ip:

```
luci ~ # nmap -v -sT 192.168.0.15

Starting Nmap 4.76 ( http://nmap.org ) at 2009-07-20 23:34 CEST

Initiating Parallel DNS resolution of 1 host. at 23:34

Completed Parallel DNS resolution of 1 host. at 23:34, 0.00s elapsed

Initiating Connect Scan at 23:34

Scanning 192.168.0.15 [1000 ports]

Discovered open port 80/tcp on 192.168.0.15

Discovered open port 22/tcp on 192.168.0.15

Discovered open port 6666/tcp on 192.168.0.15

Discovered open port 443/tcp on 192.168.0.15

Discovered open port 6667/tcp on 192.168.0.15

Discovered open port 6668/tcp on 192.168.0.15

Discovered open port 7000/tcp on 192.168.0.15

Discovered open port 6669/tcp on 192.168.0.15

Discovered open port 8000/tcp on 192.168.0.15

Completed Connect Scan at 23:34, 0.07s elapsed (1000 total ports)

Host 192.168.0.15 appears to be up ... good.

Interesting ports on 192.168.0.15:

Not shown: 991 closed ports

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

443/tcp  open  https

6666/tcp open  irc

6667/tcp open  irc

6668/tcp open  irc

6669/tcp open  irc

7000/tcp open  afs3-fileserver

8000/tcp open  http-alt

Read data files from: /usr/share/nmap

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds

           Raw packets sent: 0 (0B) | Rcvd: 0 (0B)

luci ~ # nmap -v -sT 192.168.0.16

Starting Nmap 4.76 ( http://nmap.org ) at 2009-07-20 23:34 CEST

Initiating ARP Ping Scan at 23:34

Scanning 192.168.0.16 [1 port]

Completed ARP Ping Scan at 23:34, 0.27s elapsed (1 total hosts)

Read data files from: /usr/share/nmap

Note: Host seems down. If it is really up, but blocking our ping probes, try -PN

Nmap done: 1 IP address (0 hosts up) scanned in 0.37 seconds

           Raw packets sent: 2 (84B) | Rcvd: 0 (0B)

luci ~ # nmap -vPN -sT 192.168.0.16

Starting Nmap 4.76 ( http://nmap.org ) at 2009-07-20 23:37 CEST

Initiating Parallel DNS resolution of 1 host. at 23:37

Completed Parallel DNS resolution of 1 host. at 23:37, 0.01s elapsed

Initiating Connect Scan at 23:37

Scanning 192.168.0.16 [1000 ports]

Discovered open port 22/tcp on 192.168.0.16

Discovered open port 8000/tcp on 192.168.0.16

Discovered open port 7000/tcp on 192.168.0.16

Completed Connect Scan at 23:37, 0.06s elapsed (1000 total ports)

Host 192.168.0.16 appears to be up ... good.

Interesting ports on 192.168.0.16:

Not shown: 995 closed ports

PORT     STATE SERVICE

22/tcp   open  ssh

7000/tcp open  afs3-fileserver

8000/tcp open  http-alt

Read data files from: /usr/share/nmap

Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds

```

Now, The Problem is, that an external connect over the high speed Gateway to the Server fails during a Timeout, but all 3 Services are over the DSL Gateway reachable.

i tryed to Ping the gateways with the -I option:

```
luci ~ # ping -c1 -I 192.168.0.15 192.168.0.1

PING 192.168.0.1 (192.168.0.1) from 192.168.0.15 : 56(84) bytes of data.

64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=39.7 ms

--- 192.168.124.254 ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 39.754/39.754/39.754/0.000 ms

luci ~ # ping -c1 -I 192.168.0.16 192.168.0.2

PING 192.168.0.2 (192.168.0.2) from 192.168.0.16 : 56(84) bytes of data.

--- 192.168.124.253 ping statistics ---

1 packets transmitted, 0 received, 100% packet loss, time 0ms

```

The ping fails, but the Firewall on the Gateway registered this Attempt, so i can say, the ping is go out successfully.

I'm a little bit experienced with Linux but my Knowlegde reaches her end here. Please show me a Hint whats wrong on my Config or help me to find another Way.

a Second Question is, My Unreal is configured with useflag ssl and needs another Port (6697) for ssl Client connections. But nmap don't show this port in this List. Why Not ?

[Edit] I have to add, that the second Gateways FW have a Static rule, that all pacets came in from 8000 and 8001 are forwarded to the 192.168.0.16 and the Stream from the 192.168.0.16 is reachable in the Subnet after the second Gateway[/Edit]

Thx so far

SteveLast edited by Steve_Mac_G on Tue Jul 21, 2009 4:33 pm; edited 1 time in total

----------

## Kulfaangaren!

Would you mind posting the output of ...

```
luci ~ # netstat -tanp | grep LISTEN
```

This should list all TCP sockets that your programs are binding to.

I'm not very experienced when it comes to networking but if I were you, I would try changing eth0:1's MAC address with something like ...

```
mac_eth0:1="00:0c:29:10:f5:50"
```

... in /etc/conf.d/net

This is just to make sure that the clients and server knows for sure that they are sending packets to different NICs.

Also, I would check if the server runs without a default GW, that the default GW is the same route as for eth0 might confuse things for eth0:1 traffic ?

Good luck

// Fredrik

----------

## Mad Merlin

 *Steve_Mac_G wrote:*   

> 
> 
> ```
> 
> routes_eth0=( 
> ...

 

This doesn't do what you're hoping for. What you're actually saying here is "to reach 192.168.0.15, talk to 192.168.0.1", and "to reach 192.168.0.16, talk to 192.168.0.2", which is obviously nonsense, as that's your IP in both cases. Unless you can segment your routes at an IP level (for example, traffic to 24.0.0.0/8 via 192.168.0.1, everything else via 192.168.0.2), you're going to have a lot of fun trying to set this up (because I'm pretty sure it won't work).

What might be a more workable solution would be to have another machine (like a router) that can pick gateways based on higher level information (for example, route all FTP traffic via 192.168.0.1, everything else via 192.168.0.2). However, I'm not familiar with a setup like this, but you might start by googling something like "layer 7 load balancing". I'm fairly sure iptables can accomplish something like this.

 *Kulfaangaren! wrote:*   

> 
> 
> I'm not very experienced when it comes to networking but if I were you, I would try changing eth0:1's MAC address with something like ...
> 
> 

 

This isn't possible, eth0 and eth0:1 are the same NIC and thus have the same MAC address. Nevertheless, you don't need to worry about this part, eth0:1 is just an aliased IP, it doesn't need a distinct MAC address.

----------

## Steve_Mac_G

Kulfaangaren, Sure here is it:

```
luci ~ # netstat -tanp | grep LISTEN

tcp        0      0 0.0.0.0:14534           0.0.0.0:*               LISTEN     12328/server_linux

tcp        0      0 192.168.0.15:6665    0.0.0.0:*               LISTEN     11859/unrealircd

tcp        0      0 192.168.0.15:6697    0.0.0.0:*               LISTEN     11859/unrealircd

tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     11739/mysqld

tcp        0      0 192.168.0.15:6666    0.0.0.0:*               LISTEN     11859/unrealircd

tcp        0      0 192.168.0.15:6667    0.0.0.0:*               LISTEN     11859/unrealircd

tcp        0      0 192.168.0.15:6668    0.0.0.0:*               LISTEN     11859/unrealircd

tcp        0      0 192.168.0.15:6669    0.0.0.0:*               LISTEN     11859/unrealircd

tcp        0      0 0.0.0.0:7029            0.0.0.0:*               LISTEN     11859/unrealircd

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     11971/sshd

tcp        0      0 0.0.0.0:7000            0.0.0.0:*               LISTEN     11859/unrealircd

tcp        0      0 0.0.0.0:8767            0.0.0.0:*               LISTEN     12328/server_linux

tcp6       0      0 :::80                   :::*                    LISTEN     12029/apache2

tcp6       0      0 :::22                   :::*                    LISTEN     11971/sshd

tcp6       0      0 :::443                  :::*                    LISTEN     12029/apache2

```

Whow, the ssl port of my Unreal is showing up here  :Smile: 

Yo. The Setup from the Mashine is variable, its still a VM. We try some different setups. The only constant Thing are the Gateways, and the fact that icecast should use the High Speed connection and all other services can have the other Access. Can i specify 2 Subnets in this mashine, one uses the High lane, the other the low one? Can work a setup like this? :

```
luci ~ # cat /etc/conf.d/net #Example written by hand

config_eth0=( 

        "192.168.0.15/24 brd 192.168.0.255" 

        "192.168.1.15/24 brd 192.168.1.255" 

) 

routes_eth0=( 

        "192.168.0.15/24 via 192.168.0.1" 

        "192.168.1.15/24 via 192.168.0.2"

) 

dns_servers_eth0=( "192.168.0.1 192.168.0.2" ) 

```

My Problem is, that both Gateways are in the same Subnet and (its planned) my Mashine is physically conneted to this Subnet with one wire and one NIC.

----------

## rrbrussell

I am assuming that you want these services available on the internet and the firewalls are correctly setup for port forwarding.

Basic steps:Seperate the current combined network into two different subnets.192.168.0.1/24 for all traffic traversing the DSL connection192.168.1.1/24 for all traffic traversing the higher speed connectionAssign the server 1 IP in each subnet.On the DSL gateway.Assign 1 IP from the DSL subnet to its lan interface. Do not assign any IP from the higher speed subnet to its lan interface.Setup its firewall to only forward the ports that should be routed out through the DSL connection.On the higher speed gatewayAssign 1 IP from the higher speed subnet to its lan interface. Do not assign any IP from the DSL subnet to its lan interface.Setup its firewall to only forward the ports that should be routed out through the higher speed connection.Setup the services to only listen to the IP in the correct subnet for which gateway they should use.

The next step is to make use of seperate routing tables on the server. For that I recomend reading The Linux Advanced Routing & Traffic Control website for further information. The basic objective is to move a packet generated with the DSL IP onto a routing table with the DSL firewall as the default gateway for that table and to repeat the same process with a packet generated with the higher speed IP onto a seperate routing table with the higher speed gateway as the default gateway for that table. You may be required to create a network bridge with the ethernet card and two tap devices in order to get some of the routing to work correctly. If you need help or further explanation of the briding process just ask. I have no idea how well the Gentoo init scripts will cope with trying to load multiple routing tables into memory so I cannot help you with that task.

----------

## Steve_Mac_G

Hi

Many thx for your Tips and Hints. Now we have another solution. 2 NICs, 2 IPs and all works fine.

Sorry for trouble here and a lot of Thanks.

Steve

----------

