Need help with network routing please

CaffeineMe

Recently built a Ubuntu Server (12.04). Server has two NIC's:

Onboard 10/100 NIC, that I want to use to communicate to the internet only (eth1)
Intel gigabit NIC, that I want to use for internal LAN communication only (eth0)

Trouble is, I can't seem to get the /etc/network/interfaces file configured just right to make it happen. When I try to use the config. below, I can still communicate over the LAN, but can't get out to internet. Any ideas on what I need to change to make it happen?

-----------

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface is the onboard NIC, used for internet connection
auto eth1
iface eth1 inet static
address 192.168.1.121
gateway 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.0.255


# The primary network interface is the Intel, PCI NIC used for LAN traffic only
auto eth0
iface eth0 inet static
address 192.168.1.111
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
-----------------

When I change "static" back to "dhcp" and reboot, all is well. Any ideas????? Thanks!

Straight_Man

Internet connects will provide an IP in WAN range of IP addresses. A fixed IP on a LAN reserved group of IP addresses will not be accepted by your ISP.

When you set to DHCP, you're letting your ISP set the IP of eth1. Try setting only the eth1 set of setup lines to dhcp and see what happens.

Tushon

I think you are wanting to do something more like this:

Switch for internal network ---> Intel interface and onboard NIC ---> external IP device (cable modem, DSL device)

Does that sound right? Or are you trying to plug in both to a switch but only have the intel do internal traffic?

Straight_Man

Right, Tushon, and eth1 is the onboard NIC the way he is working it. If only DHCP works at all, and both need to be setup for DHCP to get things working, then he might be running both to something that is set to feed DHCP, or each to different things that are both set for DHCP feeding.

I am somewhat confused by his setup as to particulars of network coding. Looks like he might have a gateway router...

CaffeinMe, can you tell us what the cables for eth1 and eth0 are hooked to physically???

John.

Tushon

I'm guessing that right now, both of them are connected to LAN ports, rather than either being connected to an external internet device, hence the 192.x.x.x addresses.

PirateNinja

Are both nics hooked up to the same router?

CaffeineMe

ETH0 is plugged into a 16 port switch, which is itself plugged into my router, which is then of course plugged into my DSL modem. ETH1 is plugged into the router, which then connects to the DSL modem.

ETH0 -- switch --router--DSL

ETH1 --router --DSL

Goal is to send ETH0 traffic thru the switch alone, never touching the router unless necessary, and not communicating with internet. ETH1 would never send traffic thru the switch, and would not communicate with the LAN (unless it routes thru ETH0).

Hope this makes sense. Thanks!

Tushon

What switch? Here is a very fancy paint drawing to make sure I'm visualizing this correctly.



Possibly relevant links for perusal:
http://ubuntuforums.org/showthread.php?t=1802563
http://www.techienote.com/2012/04/how-to-configure-network-ubuntu-12-04.html

PirateNinja

You need to create two subnets, ie 255.255.255.128 so that you split your routers network in to two sets that don't see each other. If you want the switch to be on a completely different subnet you are going to be limited by the switch or the router or both. You will need a level 3 switch (I think) to be able to configure it or if not you will need to be able to configure ports on your router individually which likely requires some custom firmware like Tomato .. depends on the make and model of your router and your switch.

CaffeineMe

Tushon: Your drawing is close (and a lot more work than I'd have put into this LOL!) BUT ETH1 goes to the unmanaged switch and then the switch connects to the router.

I think it's a switch...it's a no-name device that I bought out of the scrap heap 8+ years ago for $15 and has never caused me a bit of trouble. Could be a hub for all I know. I'd have to Google the make/model to figure out precisely what it is. I'll check your links as well.

PirateNinja: I'll look at my router settings. It's a Cisco (model number not avail. at the moment), but I do know it's running DD-WRT.

Here's a question: IF I wire ETH1 directly into the router, is routing smart enough on it's own to send external traffic through ETH1, and use ETH0 for all LAN traffic? In other words, can I wire this, ignore changing the interfaces file (and over-complicating the issue!) and have it "just happen"?

PirateNinja

You can't physically wire this in a way that it just works from how you wire it. You are going to need to subnet to achieve what you describe.

The question to me is, do you want everything connected to the switch to be LAN only? Or do you only want select devices, including the server's eth1, to be LAN only?

PirateNinja

Actually here is a way to do it with vlans:
http://www.dd-wrt.com/wiki/index.php/VLAN_Detached_Networks_(Separate_Networks_With_Internet)

Essentially that makes it so you can assign different "gateways" to each port on the router.
So port 0 could be 192.168.1.1
port 1 could be 192.168.2.1
etc

However, that doesn't block out the Internet it just creates separate networks. So there is probably another step to using vlans where you could disable the WAN route to 192.168.2.1 but keep it enabled on 192.168.1.1.

PirateNinja

OR
we make it really simple. You setup access restrictions on the router and deny access to a certain IP address, ie that of the 10/100 nic on the server.

Then keep both nics on the same subnet and vlan, so they have say 192.168.1.2 and 192.168.1.3 but only .3 can access the Internet.

I'm not sure what your end goal is here, so you have some flexibility.

CaffeineMe

End goal is to keep eth0 available for JUST LAN traffic...file transfers, media streaming, etc, while eth1 is for communication to the internet (downloads). Maybe I'm trying to solve a problem that doesn't exist, and I should plug into one NIC only and call it good.

kryyst

I think we all know what you are trying to do - but what problem are you trying to overcome. What benefit are you hoping to gain in doing this as opposed to just having 1 nic and all traffic going over it.

I believe you have this idea that you'll make lan traffic faster if you aren't sharing it with internet traffic. Technically maybe - but if all that traffic is going through your router unless your router has a huge backplane you aren't achieving anything.

CaffeineMe

Thanks kryyst. No problem per se to overcome, just trying to design for efficiency. The more I read though, the more I think I'm merely creating a problem that isn't there, and trying to come up with a solution for it.

Straight_Man

I would use the higher capacity NIC (the gigabit one) only and call that enough for now. Lessee, a server is basically for file storage and then feeding files that have been stored to other devices (including computers). Using it to download makes it partly not a pure server, it is a client computer while downloading from another server.

If you want to later mirror, your routing makes more sense, but a mirror is not a pure server only. A mirror downloads to sync, then plays server to feed what it has synced.