Which interface a packet goes to depends on the destination in the packet and the routing. I assume that you have set up the interface addresses and routing correctly, but if you post, maybe we can double check.
Are you sure you know which physical cards are eth0 and eth1? In the case of identical models, detection is usually in order of PCI bus order. If the cards have LEDs, there is a utility called ethtool. You can use the --blink feature to check which is which.
I’ve tested which one is which by plugging only one into the switch/DSL modem and seeing which eth gets the IP address (both were set to DHCP). Although I must admit, I am sometimes not 100% sure…
I’ve noticed with the routing that the documentation has said to set the Routing to the box’s IP address (192.168.1.201) and other documentation says to the modem address (192.168.1.254). Any idea which is it?
You mention “if you post”, is there a partiular output I should post that will help?
I’m pretty sure I have the right NIC cards. I am connected
{laptop }–{switch}–{eth0}–{router}–{eth1}–{DSL modem}–{internet}
and am SSH-ing in to run these commands. The DSL modem is connected directly to the other ethernet card (eth1). What is funny is that the eth0 is a PCI card while eth1 seems to be the onboard connection.
Just for clarification
192.168.1.201 = router’s internal staic IP
192.168.1.197 = my laptop (SSH-ed in)
192.168.1.254 = DSL modem
ip addr
suserouter:/ # ip addr
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:10:4b:29:19:d3 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.201/24 brd 192.168.1.255 scope global eth0
inet6 fe80::210:4bff:fe29:19d3/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:b0:d0:7c:e5:b1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.64/24 brd 255.255.255.255 scope global eth1
inet6 fe80::2b0:d0ff:fe7c:e5b1/64 scope link
valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
route -n
I notice that both eth0 and eth1 have the same Destination.
suserouter:/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
inet 192.168.1.201/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.64/24 brd 255.255.255.255 scope global eth1
Both are in the subnet 192.168.1.0/24. And the broadcast address for the second is wrong.
There will be no difference whether the traffic goes out through one interface or the other, or so the route table thinks. Are you sure you intended this?
Broadcast and subnet allocation doesn’t look like it will work. I advise different subnets for internal and external.
I have had much more success with the SuSE machine being the gateway. i.e. Modem plugged into eth0 set to DHCP and eth1 handling the routing etc.
so eth0 10.113.54.X (DHCP)
eth1 192.168.50.X (STATIC-Routing-DHCP server-DNS-NAT)
So I should change the subnet mask for one of the eth cards in the network card configuration? Like make one 255.255.0.0 and another 255.255.255.0?
Do they have to be "255"s?
Since the DSL modem is on 192.168.1.xxx and it assigns an internal IP of 192.168.1.66 to all who connect, should I make the static internal IP like 192.168.0.xxx and netmask 255.255.0.0 in the Network Card configuration?
No, the main problem are not the subnet masks, the main problem is that your subnets overlap. For routing to work, the interfaces must be on non-overlapping subnets. Either your modem/router’s DHCP subnet must be changed or the static IP address subnet must be changed. This is Routing 101.
You are on the right track with your second suggestion to put the internal IP on 192.168.0.x, but you guess wrong with regard to subnet masks. The short answer is just make the netmasks of both interfaces 255.255.255.0 (/24). The long answer is to read up on how the netmask influences the size of the subnet.
Does the IP range supplied by the DHCP Server have to change to 192.168.0.xxx so the first 3 parts match between the IP’s being passed out and the IP of the static internal eth card?
**192.168.0.**1 to 99 = supplied IP addresses (via DHCP server)
**192.168.0.201 = router static internal IP
192.168.1.**254 = DSL Modem
This the DHCP server on the SUSE machine? Well, you will be telling it to serve eth0, the internal network, and that network has a subnet of 192.168.0.0/24 so any addresses given out by the DHCP server has to lie in that range. Otherwise you will get a startup error from dhcpd. So, yes.
Getting closer…
Last night I changed the IP address internally (10.0.7.1) and changed the DHCP range to 10.0.7.x-y.
Now from the router I can ping externally and the DSL modem.
From the client I can ping and ssh into the router.
Unfortunately the buck stops there. It seems the internal nic is not handing off external traffic.
In the Router Network Services when it asks for Gateway, just to be certain, I put the address of the modem (192.168.1.254) or the address of the opensuse box (10.0.7.1)?
I do have IP forwarding checked as well as Masquerade. Does it matter which eth card has IP forwarding checked on it?
This is the default gateway for the router? This should be the DSL modem. The default gateway is the gateway used to reach the majority of addresses. Since most addresses are in the outside world, it will be the router.
But for the client, the default gateway (specified in the DHCP lease) will be the router, since it is one hop closer to the Internet.
IP forwarding is generally global, usually you do not specify it per interface.
Because the modem won’t know where packets for 10.0.7.x are to go (unless there are some routing settings in the modem), you would have to get the router to masquerade the client so that it seems as if the client traffic is originating from the router. This means you have to set up SUSEfirewall2 to do both forwarding and masquerading.
Alternatively if you just want to access web and ftp sites with the client and nothing else, you can setup an application level proxy like squid on the router.