Multiple gateways (IP addresses) to the internet and server setup

Reg_gie · June 21, 2012, 12:58pm

Hi All,

My router dishes out local IP addresses, the normal 192.168… stuff and my server has a fixed IP in this range. Now I want take advantage of the “multi-homing” (that’s what Netgear calls it) feature of my router so now it has two gateway IP addresses. The normal private one (192…) and a public one (24.12…).

On my OpenSuSE (version 11.4) under “Additional Addresses” I put a public IP in this new range (I have a few static IP’s to play with in the 24.12… range) and here’s where I am unsure.

My question is: Is this all I have to do? It seems to me that it would also be advantageous to enter the router’s 24.12… IP address into the network settings as well however I am not sure where to do that… obviously there can only be one default gateway under “Network Settings: Routing” but in a way the router’s 24.12… IP address would be the default gateway for a connection in that range and the 192… router IP address would be the default gateway address for connections in that range.

I know there are probably better ways to do things than give one networking card two IP addresses (especially since the server has two networking cards) in the long run but right now it’s the way I want to go as serves not only the purpose of a short term solution but also a learning exercise for me.

Thanks,
Reg

Reg_gie · June 21, 2012, 1:17pm

I walked away for a few minutes and I think I know what was missing in my mind now having some “away time” from the problem.

In the router, because it doesn’t do the normal DHCP or rip stuff on additional network ranges I’m probably going to have to put MAC to IP address mapping in it manually. This will connect the outside world to the server through the additional IP address. Outbound connections I"m not sure about, will I need to do something else to make that part work or will they just go through the normal default gateway?

Of course there will probably need to be some firewall stuff but not concerned about that right now.

cjcox · June 21, 2012, 8:27pm

On 06/21/2012 06:06 AM, Reg gie wrote:
>
> Hi All,
>
> My router dishes out local IP addresses, the normal 192.168… stuff
> and my server has a fixed IP in this range. Now I want take advantage of
> the “multi-homing” (that’s what Netgear calls it) feature of my router
> so now it has two gateway IP addresses. The normal private one (192…)
> and a public one (24.12…).
>
> On my OpenSuSE (version 11.4) under “Additional Addresses” I put a
> public IP in this new range (I have a few static IP’s to play with in
> the 24.12… range) and here’s where I am unsure.
>
> My question is: Is this all I have to do? It seems to me that it would
> also be advantageous to enter the router’s 24.12… IP address into the
> network settings as well however I am not sure where to do that…
> obviously there can only be one default gateway under “Network Settings:
> Routing” but in a way the router’s 24.12… IP address would be the
> default gateway for a connection in that range and the 192… router IP
> address would be the default gateway address for connections in that
> range.
>
> I know there are probably better ways to do things than give one
> networking card two IP addresses (especially since the server has two
> networking cards) in the long run but right now it’s the way I want to
> go as serves not only the purpose of a short term solution but also a
> learning exercise for me.

There is no YaST magic for this. Essentially, you are wanting to route based on
the interface traffic comes to. Basically, a two default route concept…
right? It is actually possible see my article at:

http://www.ntlug.org/Calendar/20120225?year=2012&month=2&day=25

glistwan · June 21, 2012, 8:50pm

Or you could try this for a more magical solution :
Shoreline Firewall

Basically this should do the same thing as Chris described but might be easier to configure.

Reg_gie · June 21, 2012, 9:26pm

Hm, I’m not sure if this exactly applies. Chris’ example is about using two interfaces. My situation is two IP addresses on the same Interface.

glistwan · June 22, 2012, 3:09am

Hmm you were also talking the server has got 2 NICs and that you consider using them both so that would be 2 NICs

How many interfaces does the router have ?

The MAC to IP address mapping you’re wandering about is not required. It’s done automatically using ARP. To be able to get to the servers public IP address from the Internet you need routing that points to it (most likely your ISP has done this already for the public IP range you’ve got). You can test this by using traceroute to one of the public IPs from any PC connected to the Internet.

Reg_gie · June 22, 2012, 11:20pm

Here’s what I found. I couldn’t ping the 2nd address and I thought from all the stuff I found on the Internet that it was a problem with the suse disto./Linux in general when adding an IP to the interface. That is unless you do more complicated stuff.

However, just as a thought I reversed the public and private IP’s on eth0 so the primary IP was now the public IP and got the same results. I.e.: the private IP worked perfectly and the public IP still didn’t. This suggested to me that it must be elsewhere so I started looking at my router.

The way to setup a pass through I thought would be using the “route” section but it kept giving me errors and wouldn’t let add the route.

So, in the firewall I thought I could simulate a pass through with a:
from external address: 12.34.45.67 (all ports) to internal address 12.34.45.67
(note both the same IP) across the firewall.

And it worked.

In other words it really is that simple on Linux, just add an IP, at least in openSuSE 11.4 and later. However, your own router has to have a complete pass through for the IP so that the server is working directly with the gateway/router/“whatever it is” on the the other side of your firewall that’s managing traffic for that IP.

Ultimately, this is incredibly simple once you know the answer – at least so far, I’ll post more if I run into issues while setting up the server for web & email.

And, with the private IP, 192.168… the server is still easily and efficiently accessible on my private network. E.g.: will still work locally even if the Internet connection goes down, no calls outside the network when not needed etc.

I did find however that for some network setting changes to suse to take effect I had to reboot. e.g., and IP address change sometimes, probably because I was remoting in and it didn’t want to drop the current IP while there as an active connection, but that’s just my guess.

Because there is no protection from the router firewall however one thing I will have to be very careful of is that I keep the new server’s firewall up and well setup at all times. On my other server I’m rather lax on that aspect because: a) I do a lot of experimenting on it so the firewall is always going up and down just to see if it’s interfering with one thing or another I’m working on; b) the router’s firewall has been carefully setup to protect that server.

deano_ferrari · June 23, 2012, 2:17am

I did find however that for some network setting changes to suse to take effect I had to reboot. e.g., and IP address change sometimes, probably because I was remoting in and it didn’t want to drop the current IP while there as an active connection, but that’s just my guess.

Restarting the network is all that is needed.

rcnetwork restart

Reg_gie · June 23, 2012, 1:45pm

RE:

thanks.

Update: If you want to put different default gateways next to each IP address then use NetworkManager, it’s dead easy.