Home / server / Questions / 61160
Accepted
BinaryMisfit
Asked: 2009-09-02 06:22:34 +0800 CST

Route traffic between 2 network cards

  • 772

Running Fedora 10 I have the following scenario.

NIC A - Running on 10.11.0.1. DHCP Assigned.  
NIC B - No IP Specified Yet.

The machines connected to NIC B needs to transport traffic between NIC B and NIC A, ie. see everything NIC A can. The traffic can flow freely between these networks since there is already an Firewall in place on a different machine.

I realize this is a routing issue but have no idea where to start.

  • Do I assign an static IP to NIC B?
  • Do I use iptables to create a rule to do this?
  • Do I create a static route and how?

How would I set this up correctly?

linux

3 Answers

  1. First, you need to enable IP forwarding in the Fedora box, edit /etc/sysctl.conf:

    net.ipv4.ip_forward = 1

    Next you need to tell the machines connected to NIC B that if they want to connect to network 10.11.0.x they need to pass through your server. This can be achieved by setting your server (IP from NIC B) as default gateway from the other machines. Or you can add an static routes in the machines :

    route ADD 10.11.0.0 MASK 255.255.255.0 A.B.C.D (in windows)

    Where A.B.C.D is the IP address of your server (NIC B). I'm assuming that 255.255.255.0 is the netmask of the other network.

    • 5
  2. Best Answer

    You could also do bridging instead of routing. This would transform your computer in a switch, more or less intelligent. To do this you will need the bridge-utils package and to unconfigure the IP address of NIC A by disabling DHCP (and rebooting) or by running ip addr del 10.11.0.1 dev eth0.

    To configure the bridge, you'll need to do:

    brctl add br0
brctl addif br0 eth0 # NIC A
brctl addif br0 eth1 # NIC B

    Your bridge is up and running now. To filter packets you can use iptables or ebtables.

    LE: Since joe mentioned IP addresses, I've remembered that I've forgot something. If you want the server to have an IP address you could assign it to the br0 interface and the server will act like any other computer connected to either NIC A or B.

    LE2: The bridge configuration can be saved under /etc/sysconfig. To see how read /usr/share/doc/initscripts-*/sysconfig.txt. For example my config files look like this:

    # /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
STP=off
DELAY=1
ONBOOT=yes
BOOTPROTO=dhcp

# /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0

    I have only one network card and I use the bridge for my virtual machines.

    • 4

  3. Bridges normally don't have addresses but there is no constraint that they can not be addressed. If bridged and addressed the NICs serve dual purpose, bridging normal traffic and allowing access from remote clients from either NIC connection. (Since they're bridged you only need one NIC to have an address for both sides to connect to the bridge server if needed. But this increases internal traffic. Not recommended.)

    • 1