set-up webserver with two nics

Question

I have a web/email server with to nics, eth0 and eth1. I want to set it up, in order all WAN traffic is going through eth0 and all LAN traffic is going through eth1.

I found a number of descriptions and tutorials about policy based ip routing, but I'm still not sure how to configure the server. Any help about what routes, rules and iptables entries I need would be helpfull.

This is the network I'd like to set-up:

  ----------------------------            
  ! Gateway to internal LAN  !
  ! 192.168.26.1             !
  ----------------------------
         !
         !
         !
  -------------------------            
  ! eth1: 192.168.26.154  !
  ! Email / Webserver     !
  ! eth0: 192.168.26.153  !
  -------------------------            
         !
         !
         !
  ----------------            
  ! WAN Gateway  !
  ! 192.168.26.7 !
  ----------------
         !
         !
         !
  ----------------            
  ! WAN          !
  ! any address  !
  ----------------

Is there another network inside of "Gateway to internal LAN"? — Jed Daniels, Jun 13 '12 at 15:22
It's a VPN endpoint. I have to add a route to our internal LAN at 191.168.10.0/24. I think I know how to do that once I get the other part working. — BetaRide, Jun 13 '12 at 17:12

score 1 · Answer 1 · answered Jun 13 '12 at 15:12

1

It does not work that way.

Plug your WAN gateway, LAN gateway and "email/webserver" into a switch. Forget eth1 on your "email/webserver".

Assuming the WAN gateway does NAT and forwards appropriate ports to the "email/webserver", and your internal LAN is either in the 192.168.26.0/24 subnet or is NATed by LAN gateway, you just set the default router for the "email/webserver" to be 192.168.26.7 and do fine with that. The WAN users will go via the default gateway, the local users will be handled by the implicit link-local route.

answered Jun 13 '12 at 15:12

NekojiruSou

344
1
2
9

If there is another network inside of 192.168.26.1, he'll need a route to that. Otherwise, +1, cause this is the correct answer. – Jed Daniels Jun 13 '12 at 15:24
Yeah, he'll need a static route to the "inside" network if the LAN gateway routes internal traffic to this DMZ-like network without doing NAT. – NekojiruSou Jun 13 '12 at 15:30
Thanks for the answer. Unfortunately I don't know how to put this into the configuration files of my CentOs 6.2 box? Could someone give me hand for this? – BetaRide Jun 13 '12 at 17:09
Of course the answer is to Read The Fine Manual, but here is a link with instructions on setting up static routes in Centos 6 (which is based on RedHat 6). http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-static-routes.html – Jed Daniels Jun 15 '12 at 14:01

set-up webserver with two nics

1 Answers1