1 Public Facing NIC and 1 Private Facing NIC - Different Subnets and Different Default Gateways

0

I have tried many approaches to my problem. I had gotten his to work using static routes. But, I wanted a RAID 0 setup so I wiped and installed a clean minimal Centos 6.4 system.

Current:

  • Centos 6.4 Minimal Install - No updates, no modifications
  • RAID 0
  • 2 On-Board NIC's (disabled through BIOS)
  • 1 Intel i350 Dual Gbe NIC (PCIe on a DX79SR)

I understand the hardware specs aren't relevant outside of the on-board NIC.

Objective
Configure a Centos 6.4 install as a vanilla web server using Apache, PHP and MySQL. Connect web server to lan using eth0 and wan using eth 1. All web traffic (80, 21, 22, 110, 25, 53 etc) will use eth1. All local traffic and database traffic will use eth0. 

ifcfg-eth0 listens and responds on ifcfg-eth0 - 10.10.10.0/24  gw 10.10.10.1
ifcfg-eth1 listens and responds on ifcfg-eth1 - 23.30.X.X/28 gw 23.30.X.X

I do not need help with Apache, MySQL or PHP. Routing traffic by port is not a solution I can use. I need help setting up the static routes per interface so that any incoming traffic on eth0 is sent out on eth0 and any incoming traffic on eth1 is sent out on eth1. I do not need to bridge the two.

/etc/sysconfig/network default gateway is 10.10.10.1
/etc/resolv.conf  are 75.75.75.75, 75.75.76.76

eth0 and eth1 are assigned static Ip in their subnets

DEVICE=eth0
TYPE=ethernet
UUID=XXXX
NM_CONTROLLED=no
ONBOOT=yes
BOOTPROTO=static
IPADDR=X.X.X.X
PREFIX=24
GATEWAY=X.X.X.X

I know that without configuration Centos cannot have 2 default gateways. So, I have to configure per port gateways either using the /etc/sysconfig/network-scripts/route-ethx (on all on-default ethx) or I can create routes using iproute. I chose to use the iproute.

I created and am adding routes to table: pubnic

ip route add 23.30.X.X/28 dev eth1 src 23.30.X.XXX table pubnic ip route add default via 23.30.X.XXX dev eth1 table pubnic ip rule add from 23.30.X.XXX/32 table pubnic ip rule add t0 23.30.X.XXX/32 table pubnic

IP Rule Show

from all lookup local
from all to X.X.X.XXX lookup pubnic
from my.X.X.X.XXX lookup pubnic
from all lookup main
from all lookup default

ip route flush cache

This has worked in the past. I'm not sure why its not working now.

Eric Martin

Posted 2013-07-28T00:54:41.537

Reputation: 11

1Could you possibly format your post a little better? It's a little hard to follow – cutrightjm – 2013-07-28T01:59:38.723

1

Looking at the original text I tried to reformat it the best I could. Eric please edit your question and format your question the rest of the way.

– Scott Chamberlain – 2013-07-28T03:09:52.407

Yes, thank you. I reformatted as soon as I was able to. I am sorry for the format issue - Ill be sure to pay attention to formatting my questions in the future. Asking for help and not formatting is inappropriate. – Eric Martin – 2013-07-29T01:27:14.153

Answers

0

I don't think it's possible, as there's no way to differentiate the traffic, afaik. Traffic will always go out the default gateway or if there's more than one, the default gateway with the lowest metric.

In my experience with Sonicwall (but it would apply to any type of firewall) you can assign traffic to a different WAN on destination port or ip address, eg youtube.com or port 80 always goes out that port.

There may be an apache module that can track the source interface and work with the linux ip routing stack in such a low-level way to accomplish this, but I'm not an apache expert. Perhaps someone else would know?

I would like to find an answer to this, as I run into this issue a lot.

Justin Goldberg

Posted 2013-07-28T00:54:41.537

Reputation: 434

HI, thanks for responding. It is possible and done often. Pfsense and many other programs configure CentOS to route traffic. I know its been debated by dev teams.

For clarification: I just want all traffic that comes in on eth0 to use the gateway configured for eth0. All traffic comning in on eth1 to use the configured gateway for eth1. – Eric Martin – 2013-07-28T23:46:19.450

Asked: 2013-07-28T00:54:41.537

Viewed: 1 408 times

Active: 2013-07-28T23:41:58.290