Determine which eth card is internal/external

I need help with setting up this router!

I have gone through the Cool Solutions:SUSE Router How-To about 4-40 times now.

For whatever reason internal pings use the external NIC and external pings use the internal NIC.

How can I manually tell the system which NIC to use for which purpose?!

  • I’ve set the DNS and Hostnames
  • I’ve set the eth1 with static (internal
    ) and eth0 with DHCP (external) IP address
  • I’ve set the Routing to use the internal IP, the DSL modem and to my mother’s birth date! (just kidding
  • I’ve set the internal NIC card to act as a DHCP server
  • If I do not have the external NIC plugged into the router, then sometimes I can SSH into the system.
  • I’ve kicked it once and that didn’t fix it.
  • I’m at the stage of making random changes in Yast to see if that helps (yes, I am getting that desperate!

I am getting frustrated about this and no matter how many times I go through the darn tutorials and how-to’s it isn’t working!

btw, I’m using 10.2 and yes I have looked at both Cool Solutions (for 9x and 10x).

Which interface a packet goes to depends on the destination in the packet and the routing. I assume that you have set up the interface addresses and routing correctly, but if you post, maybe we can double check.

Are you sure you know which physical cards are eth0 and eth1? In the case of identical models, detection is usually in order of PCI bus order. If the cards have LEDs, there is a utility called ethtool. You can use the --blink feature to check which is which.

ethtool --blink eth1 10

Blink the link LED for 10 seconds

I’ll try the blink-test when I get home.

I’ve tested which one is which by plugging only one into the switch/DSL modem and seeing which eth gets the IP address (both were set to DHCP). Although I must admit, I am sometimes not 100% sure…

I’ve noticed with the routing that the documentation has said to set the Routing to the box’s IP address ( and other documentation says to the modem address ( Any idea which is it?

You mention “if you post”, is there a partiular output I should post that will help?

P.S. Thank you for responding.

Generally the gateway address is that of your router, not the box itself. Post the output of

ip addr
route -n
lspci | grep Ethernet

You should be root to do these commands, or some of them may not be found. Use su -, not su, to become root, to get root’s $PATH.

I’m pretty sure I have the right NIC cards. I am connected
{laptop }–{switch}–{eth0}–{router}–{eth1}–{DSL modem}–{internet}
and am SSH-ing in to run these commands. The DSL modem is connected directly to the other ethernet card (eth1). What is funny is that the eth0 is a PCI card while eth1 seems to be the onboard connection.

Just for clarification = router’s internal staic IP = my laptop (SSH-ed in) = DSL modem

ip addr

suserouter:/ # ip addr
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:10:4b:29:19:d3 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
    inet6 fe80::210:4bff:fe29:19d3/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:b0:d0:7c:e5:b1 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth1
    inet6 fe80::2b0:d0ff:fe7c:e5b1/64 scope link
       valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
    link/sit brd

route -n
I notice that both eth0 and eth1 have the same Destination.

suserouter:/ # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface   U     0      0        0 eth0   U     0      0        0 eth1     U     0      0        0 eth0       U     0      0        0 lo         UG    0      0        0 eth1         UG    0      0        0 eth0

lspci | grep Ethernet

suserouter:/ # lspci | grep Ethernet
01:09.0 Ethernet controller: 3Com Corporation 3c905 100BaseTX [Boomerang]
01:0c.0 Ethernet controller: 3Com Corporation 3c905C-TX/TX-M [Tornado] (rev 78)

Thank you for taking a look at this.

You have two interfaces on the same subnet:

inet brd scope global eth0
inet brd scope global eth1

Both are in the subnet And the broadcast address for the second is wrong.

There will be no difference whether the traffic goes out through one interface or the other, or so the route table thinks. Are you sure you intended this?

valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:b0:d0:7c:e5:b1 brd ff:ff:ff:ff:ff:ff
inet brd ** **scope global eth1
inet6 fe80::2b0:d0ff:fe7c:e5b1/64 scope link
valid_lft forever preferred_lft forever

Broadcast and subnet allocation doesn’t look like it will work. I advise different subnets for internal and external.

I have had much more success with the SuSE machine being the gateway. i.e. Modem plugged into eth0 set to DHCP and eth1 handling the routing etc.
so eth0 10.113.54.X (DHCP)
eth1 192.168.50.X (STATIC-Routing-DHCP server-DNS-NAT)

So I should change the subnet mask for one of the eth cards in the network card configuration? Like make one and another

Do they have to be "255"s?

Since the DSL modem is on and it assigns an internal IP of to all who connect, should I make the static internal IP like and netmask in the Network Card configuration?

No, the main problem are not the subnet masks, the main problem is that your subnets overlap. For routing to work, the interfaces must be on non-overlapping subnets. Either your modem/router’s DHCP subnet must be changed or the static IP address subnet must be changed. This is Routing 101.

You are on the right track with your second suggestion to put the internal IP on 192.168.0.x, but you guess wrong with regard to subnet masks. The short answer is just make the netmasks of both interfaces (/24). The long answer is to read up on how the netmask influences the size of the subnet.

Does the IP range supplied by the DHCP Server have to change to so the first 3 parts match between the IP’s being passed out and the IP of the static internal eth card?

**192.168.0.**1 to 99 = supplied IP addresses (via DHCP server)
** = router static internal IP
.1.**254 = DSL Modem

Thanks for your patience.

This the DHCP server on the SUSE machine? Well, you will be telling it to serve eth0, the internal network, and that network has a subnet of so any addresses given out by the DHCP server has to lie in that range. Otherwise you will get a startup error from dhcpd. So, yes.

Getting closer…
Last night I changed the IP address internally ( and changed the DHCP range to 10.0.7.x-y.

Now from the router I can ping externally and the DSL modem.

From the client I can ping and ssh into the router.

Unfortunately the buck stops there. It seems the internal nic is not handing off external traffic.

In the Router Network Services when it asks for Gateway, just to be certain, I put the address of the modem ( or the address of the opensuse box (

I do have IP forwarding checked as well as Masquerade. Does it matter which eth card has IP forwarding checked on it?

This is the default gateway for the router? This should be the DSL modem. The default gateway is the gateway used to reach the majority of addresses. Since most addresses are in the outside world, it will be the router.

But for the client, the default gateway (specified in the DHCP lease) will be the router, since it is one hop closer to the Internet.

IP forwarding is generally global, usually you do not specify it per interface.

Because the modem won’t know where packets for 10.0.7.x are to go (unless there are some routing settings in the modem), you would have to get the router to masquerade the client so that it seems as if the client traffic is originating from the router. This means you have to set up SUSEfirewall2 to do both forwarding and masquerading.

Alternatively if you just want to access web and ftp sites with the client and nothing else, you can setup an application level proxy like squid on the router.

Thank you for all of your help.