Ask Your Question
1

Two NICs problem

asked 2017-08-03 17:39:10 -0500

toddandmargo gravatar image

Hi All,

I have an FC26 machine set up with two network cards. It is using iptables as a perimeter firewall:

eno1 is the internal network eno2 is the connection to the DSL modem. The DSL addresses is fixed

problem: I can only get to the Internet when I ifdown eno1

I am trying to achieve (netstat -rn):

Kernel IP routing table:
Destination      Gateway                Genmask            Flags   MSS Window  irtt Iface
50.aaa.bbb.ccc  0.0.0.0                255.255.255.252  U         0 0          0 eno2
192.168.xxx.0   0.0.0.0                255.255.255.0     U         0 0          0 eno1
169.254.0.0     0.0.0.0                 255.255.0.0        U         0 0          0 eno2
0.0.0.0         50.aaa.bbb.ccc+1   0.0.0.0              UG       0 0          0 eno2

50.aaa.bbb.ccc is the DSL modem's gateway address ccc+1 is the next higher number and the IP assigned

What I am getting is:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         50.aaa.bbb.ccc+1   0.0.0.0         UG        0 0          0 eno2
50.aaa.bbb.ccc   0.0.0.0         255.255.255.252 U         0 0          0 eno2
50.aaa.bbb.ccc+1   0.0.0.0         255.255.255.255 UH        0 0          0 eno1
192.168.xxx.0   0.0.0.0         255.255.255.0   U         0 0          0 eno1

This is my ifcfg-eno1:

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=no
IPV6_DEFROUTE=no
IPV6_FAILURE_FATAL=no
IPV6_PRIVACY=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno1
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
IPADDR=192.168.xxx.xy
PREFIX=24
NETMASK=255.255.255.0
NETWORK=192.168.xxx.0
# GATEWAY=192.168.xxx.xy
# GATEWAY=50.aaa.bbb.ccc
# GATEWAY=50.aaa.bbb.ccc+1
DNS1=192.168.xxx.xx
DNS2=192.168.xxx.xy

and my ifcfg-eno2:

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno2
UUID=d3c01e04-d0eb-3f23-831b-7b40ec852bca
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
DEVICE=eno2
IPADDR=50.aaa.bbb.ccc+1
# PREFIX=30
GATEWAY=50.aaa.bbb.ccc
NETMASK=255.255.255.252
NETWORK=50.aaa.bbb.ccc-1
BROADCAST=50.aaa.bbb.ccc+2
#DNS1=192.168.xxx.xy
PREFIX=30
DNS1=8.8.8.8
DNS2=8.8.4.4

My /etc/sysconfig/network:

FORWARD_IPV4=true
GATEWAY=50.aaa.bbb.ccc

What am I doing wrong?

Many thanks, -T

edit retag flag offensive close merge delete

Comments

When you say

problem: I can only get to the Internet when I ifdown eno1

can you look up the host name using the "host" command? For example

host google.com
villykruse gravatar imagevillykruse ( 2017-08-04 12:15:58 -0500 )edit

2 Answers

Sort by ยป oldest newest most voted
1

answered 2017-08-03 23:10:58 -0500

muep gravatar image

In the eno1 configuration, I think you should at least set DEFROUTE=yes or perhaps even omit that item entirely. In common kinds of setups DEFROUTE=yes would only be set to interfaces that can be used to reach public internet.

Then I am also not sure if it is a good idea to specify DNS servers on both connections. I would likely have those only for eno2. The router would likely not need to much DNS work except to possibly relay requests between your other hosts and the pubic internet.

Specifying both NETMASK and PREFIX seems redundant to me. I would put only one of those for each connection.

edit flag offensive delete link more

Comments

All but the first dnf server in /etc/resolv.conf are only a backups to be used if the first one is off-line.
Using dnsmasq you might be able to do tricks so you can consult more than one dns server.

villykruse gravatar imagevillykruse ( 2017-08-04 12:13:58 -0500 )edit

I am looking at https://developer.gnome.org/NetworkMa... I am also not at the machine till next week

I am confused about "defrouet=yes" on the internal network (eno1). The external network (eno2) is the one that is connected to the Internet and need to do the routing. eno1 needs to route to eno2

Me thinks that ifcfg-eno1:

DEFROUTE=no GATEWAYDEV=eno2

Am I missing something?

toddandmargo gravatar imagetoddandmargo ( 2017-08-04 20:13:09 -0500 )edit
0

answered 2017-08-19 18:19:47 -0500

toddandmargo gravatar image

updated 2017-08-19 18:22:31 -0500

Follow up: This fixed it. I do believe it was the "DEFROUTE=no" on the internal network (eno1).

ifcfg-eno1:

HWADDR=xx:xx:xx:xx:xx:xx
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=no
IPV6_DEFROUTE=no
IPV6_FAILURE_FATAL=no
IPV6_PRIVACY=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno1
UUID=xxxxxx-yyyyy-zzzzz-zzzzz-xxxxxx
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
IPADDR=192.168.xxx.12
PREFIX=24
NETWORK=192.168.xxx.0
DNS1=127.0.0.1
DEFROUTE=no

ifcfg-eno2:

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno2
UUID=xxxxxx-xxxx-xxxxxx-xxxxxxx
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
DEVICE=eno2
IPADDR=aaa.bbb.ccc.ddd
PREFIX=30
NETWORK=aaa.bbb.ccc.ddd-2
BROADCAST=aaa.bbb.ccc.ddd-1
DNS1=127.0.0.1

network: FORWARD_IPV4=true GATEWAY=aaa.bbb.ccc.ddd-1 GATEWAYDEV=eno2

resolv.conf

search xxxxx.local
nameserver 127.0.0.1
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-08-03 17:39:10 -0500

Seen: 333 times

Last updated: Aug 19 '17