View Full Version : [ubuntu] multi-homed networking

September 12th, 2011, 12:28 PM
I'm trying to set up an application server with two NICS

I want ETH1 to only answer and respond to internal network requests eg

and ETH2 to service requests from the Internet, routed from my firewall

I can only get one or other to work, not both at the same time. It seems to hinge on the gateway settings, if I have a gateway on ETH1, the server does not respond to internet requests, if I have a gateway on ETH2, the server doesn't respond to internal requests.

Can you point me in the right direction?


September 12th, 2011, 02:23 PM
I don't get the topology the same firewall is processing public and private packets and then send them to your server ?

September 15th, 2011, 04:38 PM
I have a server with one nic connected to the internal network so it can authenticate internal users on our AD

I then have the other nic on the public IP so that it is available from the internet.

I need to ensure requests sent through the public IP are returned via that nic, and not that on the internal nic.

At the moment, my configuration is as follows, which works for the most, but I'm sure there's a better way of doing it as I cannot access the internet from this server (to install updates etc)

The eth1 address is on our DMZ and is mapped to a public IP by our firewall

iface eth2 inet static
post-up route add -net netmask gw
pre-down route del -net netmask gw

auto eth1
iface eth1 inet static

September 16th, 2011, 03:57 PM
That's the right configuration. With this configuration, if you're on the machine itself, can you ping addresses on the Internet?

Are you asking about routing packets on the network out to the Internet, or just about connecting from the dual-homed machine itself? If you want to route packets, you must edit /etc/sysctl.conf and turn on IPv4 forwarding. The file has instructions.

Oh, one more thing. You can only have one set of nameservers. (The information is used to populate /etc/resolv.conf.) Use the complete list you have for The resolver will try each one of the entries in order until it finds a server to connect to.

BTW, what happened to eth0? Usually the first interface encountered during boot is numbered zero, not one.

September 18th, 2011, 10:22 PM
With the current configuration I can't ping IPs (eg google DNS) or connect to the internet on the machine.

Everything else works fine, it's accessible internally and from the internet. The reason I need this to work is because it uses reCAPTCHA and cannot send the results back to their servers with the current set up

no idea what happened with eth0 - it was a preconfigured VM and what I added the adapters, they assigned themselves eth1 and 2

September 25th, 2011, 11:31 AM
any idea what route I need to add to enable access to the internet from the box?

If I have the gateway on eth1, I cannot access the internet from the box, but the box is contactable from the internet.

If I have the gateway on eth2, I can access the internet from the box, but the box is not contactable from the internet!