linux routing help

Hi all,
We are running redhat 7.3 linux based firewall+nat+iptable server with 2
nics, with 1 public ip + 1 internal network. However, due to our setup and
upgrade recently, we cater additional public ip (belong to same network as
previous public ip). Due to iptables do not work with ip aliases, we are now
adding additional nic card to serve the new ip. Now, total 3 nics.


|------- public ip 1 (same network as public ip 2) x.y.37.19
(eth0)
|
|
|------- public ip 2 (same network as public ip 1) x.y.37.22
(eth2)
|
|
|------- internal network 192.168.1.0 (eth1)

We just tested the system and some mapping and routing do not work its way,
many mapping do not work thru eth0 -> eth1, some work. The following is the
routing table, generated automatically by the network service.

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
x.y.37.16 (broadcast) * 255.255.255.248 U 0 0 0
eth2
x.y.37.16 * 255.255.255.248 U 0 0 0 eth2
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth2
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default x.y.37.17 (gateway) 0.0.0.0 UG 0 0 0
eth2

Is there anything wrong or incomplete table? eth0 seems missing. Should it
be there? I am a newbie in configuring routing, should anything be
configured manually? Any suggestion is very much appreciated.

Thanks in advance.
Jemy

On Fri, 20 Aug 2004 10:19:51 +0800, Jemy <cutejemy@REMOVEhotmail.com> wrote:
> Hi all,
> We are running redhat 7.3 linux based firewall+nat+iptable server with 2
> nics, with 1 public ip + 1 internal network. However, due to our setup and
> upgrade recently, we cater additional public ip (belong to same network as
> previous public ip). Due to iptables do not work with ip aliases, we are now
> adding additional nic card to serve the new ip. Now, total 3 nics.
>
>
> |------- public ip 1 (same network as public ip 2) x.y.37.19
> (eth0)
> |
> |
> |------- public ip 2 (same network as public ip 1) x.y.37.22
> (eth2)
> |
> |
> |------- internal network 192.168.1.0 (eth1)
>
> We just tested the system and some mapping and routing do not work its way,
> many mapping do not work thru eth0 -> eth1, some work. The following is the
> routing table, generated automatically by the network service.
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> x.y.37.16 (broadcast) * 255.255.255.248 U 0 0 0
> eth2
> x.y.37.16 * 255.255.255.248 U 0 0 0 eth2
> 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
> 169.254.0.0 * 255.255.0.0 U 0 0 0 eth2
> 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
> default x.y.37.17 (gateway) 0.0.0.0 UG 0 0 0
> eth2
>
> Is there anything wrong or incomplete table? eth0 seems missing. Should it
> be there? I am a newbie in configuring routing, should anything be
> configured manually? Any suggestion is very much appreciated.

Whichever one of eth0 or eth2 that is your public interface (to internet)
should likely have netmask 255.255.255.255, host route to x.y.37.17, and
that as gateway. Whichever one of those is your public DMZ (public IPs
behind your router) should have the 255.255.255.248 netmask. You can
actually use the same IP for eth0 and eth2, as long as netmasks and
routing are correct (different).

--
David Efflandt - All spam ignored http://www.de-srv.com/

David, Gary, thanks for pointing out and advice, my problem solve finally..
Thanks!


"David Efflandt" <efflandt@xnet.com> wrote in message
news:slrncibkjl.6fd.efflandt@typhoon.xnet.com...
> On Fri, 20 Aug 2004 10:19:51 +0800, Jemy <cutejemy@REMOVEhotmail.com>
wrote:
> > Hi all,
> > We are running redhat 7.3 linux based firewall+nat+iptable server with 2
> > nics, with 1 public ip + 1 internal network. However, due to our setup
and
> > upgrade recently, we cater additional public ip (belong to same network
as
> > previous public ip). Due to iptables do not work with ip aliases, we are
now
> > adding additional nic card to serve the new ip. Now, total 3 nics.
> >
> >
> > |------- public ip 1 (same network as public ip 2) x.y.37.19
> > (eth0)
> > |
> > |
> > |------- public ip 2 (same network as public ip 1) x.y.37.22
> > (eth2)
> > |
> > |
> > |------- internal network 192.168.1.0 (eth1)
> >
> > We just tested the system and some mapping and routing do not work its
way,
> > many mapping do not work thru eth0 -> eth1, some work. The following is
the
> > routing table, generated automatically by the network service.
> >
> > Kernel IP routing table
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface
> > x.y.37.16 (broadcast) * 255.255.255.248 U 0 0 0
> > eth2
> > x.y.37.16 * 255.255.255.248 U 0 0 0 eth2
> > 192.168.1.0 * 255.255.255.0 U 0 0 0
eth1
> > 169.254.0.0 * 255.255.0.0 U 0 0 0
eth2
> > 127.0.0.0 * 255.0.0.0 U 0 0 0
lo
> > default x.y.37.17 (gateway) 0.0.0.0 UG 0 0 0
> > eth2
> >
> > Is there anything wrong or incomplete table? eth0 seems missing. Should
it
> > be there? I am a newbie in configuring routing, should anything be
> > configured manually? Any suggestion is very much appreciated.
>
> Whichever one of eth0 or eth2 that is your public interface (to internet)
> should likely have netmask 255.255.255.255, host route to x.y.37.17, and
> that as gateway. Whichever one of those is your public DMZ (public IPs
> behind your router) should have the 255.255.255.248 netmask. You can
> actually use the same IP for eth0 and eth2, as long as netmasks and
> routing are correct (different).
>
> --
> David Efflandt - All spam ignored http://www.de-srv.com/