I have a Linux box with two NICs, each connected to a different LAN:
LAN A: 192.168.1.0 255.255.255.0
LAN B: 192.168.2.0 255.255.255.0
The routers are:
RouterA: 192.168.1.1
RouterB: 192.168.2.1
The wireless access points are:
WAP-B1: 192.168.2.3
WAP-B2: 192.168.2.4
Linux NICs are:
NIC A: 192.168.1.2 (eth0) default gateway 192.168.1.1, metric 100
NIC B: 192.168.2.2 (eth1) metric 101
Here's an ASCII diagram:
+-------+ +-------+
| ISP A | | ISP B |
+-------+ +-------+
| |
+---------+ +-------+ +-----------+ +-------+ +-----------+
| RouterA | <--> | LAN A | <--> | Linux Box | <--> | LAN B | <--> | RouterB-1 |
+---------+ +-------+ +-----------+ +-------+ +-----------+
| |
+--------+ +--------+
| WAP-B1 | | WAP-B2 |
+--------+ +--------+
I want all Internet traffic to go through LAN A and ISP A. I only connect this Linux box to LAN B so I can perform administration on devices on LAN-B, particularly RouterB and WAP-B1, WAP-B2. Therefore, I want only addresses 192.168.2.0/24 to be routed through NIC B (eth1). I want all other traffic routed through NIC A. I do not want hosts in either LAN to be able to connect to each other (or ping each other, etc.). I want LAN A and LAN B to remain isolated.
I connected the network cables, and things seem to work. I assume the routing metrics were established by the order in which I connected the cables. However, I'd like to know the right way to set up routing rules to ensure I maintain a working configuration.
UPDATE: In response to a comment, here is the output of route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
0.0.0.0 192.168.2.1 0.0.0.0 UG 101 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
This is the routing table I would have guessed would be correct. (It's just a guess.)
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
192.168.2.0 192.168.2.1 255.255.255.0 UG 101 0 0 eth1
192.168.1.0 192.168.1.1 255.255.255.0 U 100 0 0 eth0
In NetworkManager > IPv4 > Routes, I checked "ignore automatically obtained routes" and I added this static route: 192.168.2.0, netmask: 255.255.255.0, gateway: 192.168.2.1, metric: 101
Here is the routing table that results from those changes.
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
192.168.2.0 192.168.2.1 255.255.255.0 UG 101 0 0 eth1
192.168.2.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
192.168.1.0 192.168.1.1 255.255.255.0 U 100 0 0 eth0
That doesn't look right to me, but today is the first day I have ever looked at routing tables.
UPDATE: I'm running Arch Linux and NetworkManager. However, I would prefer an answer based on commands like ip address and ip route.
UPDATE 2: Thanks to @vaha's answer, here is the desired routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
I have not figured out how to create a persistent configuration that assures this routing table upon a reboot.
However, I can establish those routes manually using these steps:
In NetworkManager > IPv4 > Routes, check "ignore automatically obtained routes" for both interfaces.
$ sudo ip route add default via 192.168.1.1 metric 100 dev eth0$ sudo ip route delete default via 192.168.2.1 dev eth1
Other variants on this, such as not checking "ignore automatically obtained routes" for eth0 have not worked. For example, when I only ignored automatically obtained routes for eth1, upon boot, my system used 192.168.2.1 as the default gw. That is an unexpected and confusing result.
My last question is how to configure my system so that these are the default routes after a reboot?
Let's clear your concerns in two steps:
STEP 1
The default routing table (the table before you manually configured) provides the routing rules you are looking for.
Here is the detailed explanation:
says that the subnet 192.168.2.0/24 is a local network and there is no need for a gateway. Any packet targeting an address in that network will be delivered to destination directly without a hop.
says the same thing for the subnet 192.168.1.0/24.
says that the remaining traffic will be routed through eth0 and eth1 where the routing decision depends on metric values. Lower metric value has a higher priority. BUT if eth0 is down then all traffic will be routed through eth1 and vice versa. By the way, I'm not sure but my best guess for eth0 having a higher priority than eth1 is the alphabetical order of the interface names.
As conclusion, the following table is what you are looking for. I'm not familiar with NetworkManager but I think you can ignore automatically obtained routes for both interfaces and manually set your owns to achieve this routing table.
STEP 2
Simply connecting your linux box to two different networks has no effect on their isolation unless there is a NAT rule defined on the box's firewall or the box's interfaces are bridged.
You can check NAT rules via
iptablesornftableswhich are tools to manage firewall on Arch Linux. Also see Arch Linux wiki - Firewalls.Example command to list NAT rules:
iptables -t nat -L -v -nNo bridge is seen on your routing table but you can check bridges in details by using one of the ways described at Arch Linux wiki - Network bridge.