I have a gentoo box wich has 2 NIC's. One is used for the internal network and the other is used for the internet. The one for the internet is directly connected to a SDSL router and can be addressed directly from the web. My problem is that I can not reach the public available address, because the system is trying to route back over the default route and this default route is only used for the internal network and is connected to another linux box wich will route all packages not beloning to local, to a cable modem. The setup looks like this: iface: eth0 description: local area network address: 192.168.0.115 default gateway: 192.168.0.254 (routed to the internet over a cable modem) iface: eth1 description: public internet address address: 195.xxx.xxx.147 default gateway: 195.xxx.xxx.145 (SDSL modem connected to ISP) the output of route -n looks like this: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 195.xxx.xxx.144 0.0.0.0 255.255.255.248 U 0 0 0 eth1 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.0.254 0.0.0.0 UG 1 0 0 eth0 that way, every communication from that computer to the internet goes over 192. 168.0.254 (wich is okay). but as soon as I connect from external to the 195.xxx.xxx.147 address, I get a timeout. what would solve my problem would be 2 diffrend gateways for each interface! Something like this: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 195.xxx.xxx.144 0.0.0.0 255.255.255.248 U 0 0 0 eth1 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 195.xxx.xxx.145 0.0.0.0 UG 1 0 0 eth1 0.0.0.0 192.168.0.254 0.0.0.0 UG 1 0 0 eth0 The problem is, that the gentoo net.ethX scripts and the rc.conf file do not allow/handle that. What I did to overcome that problem was, that I edited the net.ethX script and changed the way the gateway entry is handled in net.ethX: ## take care of multi gateway entries separated by space ## syntax: gateway="iface1/gw-address1 iface2/gw-address2 iface3/gw-address3" for gateway_entry in ${gateway} do if [ -n "${gateway_entry}" ] && [ "${gateway_entry%/*}" = "${IFACE}" ] then ebegin " Setting default gateway" /sbin/route add default gw ${gateway_entry#*/} dev ${gateway_entry%/*} \ netmask 0.0.0.0 metric 1 >/dev/null || { local error=$? ifconfig ${IFACE} down &>/dev/null eend ${error} "Failed to bring ${IFACE} up" stop return ${error} } eend 0 fi done The change is not very big and does not disturb normal operation. And the only thing needed to be changed are the net.ethX scripts and the description in the rc.conf file to reflect the new syntax. With that technique, my eth0 device is still used to connect to the local network and to the internet (over the cable modem sitting at 192.168.0.254 and acting as a NAT router to the internet) but when a connection comes from the eth1 (195.xxx.xxx.147) interface all trafic goes over that interface back. I know, that the same effect can be done with iptables/ipchains, but I don't see a real reason for using iptables/ipchains, when it can be easy done by adding a additional gateway entry. What do you think about it? Is this something wich can be implemented into gentoo or do I have a to special setup and something like this could not help others? Reproducible: Always Steps to Reproduce: 1. 2. 3.
Created attachment 11061 [details] New net.ethX init script
I agree that this or something like it should really be added to Gentoo. I've just been trying to fix a problem with one of my NICs for several hours, when the problem is due to this "error" in the scripts. Background: I have a MB with 2 built in NICs (Asus A7N8X-Delux) which are BOTH connected to the same ISP and also to the same Gateway. However with the current implementation with not allowing more then 1 NIC to be linked to the GW doing something like this ping -I eth0 Gateway ping -I eth1 Gateway will make 1 of the NICs fail. Of cource with /sbin/route add -net default gw GW netmask 0.0.0.0 metric 1 eth0 /sbin/route add -net default gw GW netmask 0.0.0.0 metric 1 eth1 everything works as it should. It is really silly to leave this out of the default scripts and makes n00bs like me pull their hair out in frustration trying to work out "why my NIC isn't working". Sure, I've learnt alot during all the reading I did trying to figure out the problem, but I would have been much more happy with a "it just works" from start. ;)
Yep. Like I told Steve in a private mail, we need to revamp the network stuff badly, so this will get in after the initial rewrite is done. I am not sure on an eta currently.
I'll try to work on gentoo-net. Looks like this is for a "I have a static network" component, and it should be flexible enough to handle multiple gateways.
Wout Mertens: what do you mean? is you comment a positive one or are you making a joke out of my request/post? (sorry if i don't get it right. english is not my native language). if your post is a positive one and you need help or anything i can do to make the network stuff in gentoo better, let me know. i would be happy to help you, wherever i can. cheers SteveB
I am sorry, I was mostly talking to Martin and myself, it was positive :) What I meant was: - We are currently considering changes to the initscripts that make them better at networks. - A proposal of mine was to make a few changes that I think are good, and put them in a separate package, gentoo-net. That way, it could be used if you want to try it - gentoo-net does not exist yet, we're still thinking about what has to go in there - your bug is an example of what has to go in there. Actually, I think that your patch would be useful in the current code, since it doesn't change anything for people that don't have it, and it seems to be useful for other people as well. Martin, what do you think?
How far are you with the gentoo-net stuff? I ask this, because I have again another problem with the networking stuff in gentoo wich I can not solve with the normal net.ethX startup script. The problem is, that I want to have static routes, depending on the interface. To solve my problem, I have once again modified the /etc/conf.d/net and /etc/init.d/net.ethX files: in /etc/conf.d/net add static routes, depending on the interface, comma separated (if you have more then 1 static route) in the following way: # This is basically the route argument without the route .... dev $iface static_routes_eth0="net 192.168.0.253 netmask 255.255.255.255 gw 192.168.0.252" in /etc/init.d/net.ethX add to the start part of the script the following: # Add interface-specific static-routes if [ -n "$(eval echo \$\{static_routes_${IFACE}\})" ] then ebegin " Setting static routes for ${IFACE}" echo "$(eval echo \$\{static_routes_${IFACE}\} | tr ',' '\n' | sed 's/^ //')" | while read args ; do ebegin " ${args}" /sbin/route add -${args} dev ${IFACE} >/dev/null 2>&1 && eend 0 || { local error=$? eend ${error} "Failed to set static route" } done eend 0 fi in /etc/init.d/net.ethX add to the stop part of the script the following: # Remove interface-specific static-routes if [ -n "$(eval echo \$\{static_routes_${IFACE}\})" ] then ebegin " Removing static routes for ${IFACE}" echo "$(eval echo \$\{static_routes_${IFACE}\} | tr ',' '\n' | sed 's/^ //')" | while read args ; do ebegin " ${args}" /sbin/route del -${args} dev ${IFACE} >/dev/null 2>&1 && eend 0 || { local error=$? eend ${error} "Failed to remove static route" } done eend 0 fi This script/approach does not take care of dynamic assigned addresses. If for example you need to have a static route, to go over a dhcp assigned address, then you are not able to set it the way I did it. Maybe I will take the time to make that as well possible. But for now I will not invest time in that, since you are anyway doing something better. cheers SteveB
This appears to have been in base-layout for a long time now, so I'm closing it as an old bug.