0

I have a Ubuntu 16.04LTS VM with two NICs ( each has a public IP ) on Google Cloud. I need to configure it in a way where all traffic on port 2000 goes though interface1 and all traffic for port 2001 through interface2. I've already set up the firewall through gcloud and that work just fine.

I also have 2 ip rules and 2 ip routes to push traffic through the correct NICs.

echo 300 guest >> /etc/iproute2/rt_tables
ip route add 10.2.0.2/32 dev interface2 table guest
ip route add default via 10.2.0.1 dev interface2 table guest
ip rule add from 10.2.0.2/32 table guest
ip rule add to 10.2.0.2/32 table guest

What I'm struggling with is how to apply these changes on boot. I thought I could just add the above to /etc/network/interfaces or any files referenced through this file located in /etc/network/interfaces.d with source. But this doesn't seem to make any difference whatsoever.

Below is what I added to /etc/network/interfaces

auto interface2
iface interface2 inet dhcp
         post-up ip route add 10.2.0.2/32 dev interface2 table guest
         post-up ip route add default via 10.2.0.1 dev interface2 table guest
         post-up ip rule add from 10.2.0.2/32 table guest
         post-up ip rule add to 10.2.0.2/32 table guest

This only works if I do ifdown interface2 && ifup interface2.

I also followed the below

# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}

So with all the above when the VM starts it setts up the network with two NICs somehow and ignores the above. Can somebody please explain to me how this should be done.

Very much appreciated in advance

Bart C
  • 201
  • 1
  • 2
  • 7

1 Answers1

1

If you want to accomplish it with a script every time the VM instance starts, go with start up scripts.

Check their documentation at https://cloud.google.com/compute/docs/startupscript

fbraga
  • 213
  • 1
  • 8
  • Thanks, but I'm looking for a permanent solution, I already have a workaround. I just call `@reboot ifdown int2 && ifup int2` in `crontab` – Bart C Sep 20 '19 at 15:49
  • I had a look at startup scripts and I like it, it's better than my current solution, which BTW has issues. +1. But I would still like to understand how net config works on GCP VMs. – Bart C Sep 20 '19 at 16:46
  • So about firewall rules, you can one have them applied to a specific NIC? I know there's a [qwiklabs lab](https://www.qwiklabs.com/focuses/870?parent=catalog#) about setting up multiple network interfaces and it's all done at the GCP configuration level, none at guest OS configuration level. I would still need more time to understand if it's possible to do what you're trying. – fbraga Sep 20 '19 at 18:15
  • I've put the basic firewall rules at GCP level. Which is allow ssh and the 2 ports I'm interested in. I only add ip routes and ip rules at the VM level. Currently, its all working fine with a startup script. – Bart C Sep 23 '19 at 12:01
  • Just in case anybody might find this useful, here is my command to add the startup script `gcloud compute instances --project my-project add-metadata my-server --zone=europe-west2-c --metadata startup-script='!# /bin/bash; /sbin/ifdown ens5 && /sbin/ifup ens5'` I left the config in `/etc/network/interfaces` as this is the place where somebody might be looking for this. If it was just me, I would move the commands to add routes and rules to the startup script. – Bart C Sep 23 '19 at 12:07