2 NIC's , 2 Networks, OS Bounding ?
Results 1 to 4 of 4

Thread: 2 NIC's , 2 Networks, OS Bounding ?

  1. #1
    Senior Member
    Join Date
    Jan 2004
    Posts
    199

    2 NIC's , 2 Networks, OS Bounding ?

    I've been wondering for a while, does anyone know what happens if you have two NIC's connecting to two different networks in the same machine when it comes to addressing. How does the OS decide which NIC to put the packet out on ? Is there some type of bounding control that allows you to say use NIC 1 or NIC 2 ?
    -

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    Let me rephrase your question (Hopefully this is correct):

    basic configuration

    Box S with 2 NIC's:
    NIC 1 (eth0, "interface 1") IP 192.168.0.1 and
    NIC 2 (eth1, "interface 2") IP 192.168.1.1
    both with subnet mask 255.255.255.0 (separated LAN's).


    You have a box A at
    IP 192.168.0.10
    Subnet Mask: 255.255.255.0
    Gateway: 192.168.0.1

    You have a box B at
    IP 192.168.1.10
    Subnet Mask: 255.255.255.0
    Gateway: 192.168.1.1


    You see that box A as well as B have Box S as "Gateway"
    (there might be a third NIC on box Swith connection to the
    internet, but let us ignore this detail).

    You want to ping from box A to box B:
    Box A sends a packet with the request to ping for Box B onto the cable,
    with "Gateway" S (Routers are often called "gateway" as well ) .

    Now, Box S needs to know, what to do with that. The term with which
    we have to deal with here is "routing". On box S:

    Code:
    > route add -net 192.168.1.0 netmask 255.255.255.0 dev eth1 
    > route add -net 192.168.0.0 netmask 255.255.255.0 dev eth0
    Note: In windows, dev has to be replaced with "IF 2", "IF 1" respectively
    (check with "route print")

    which tells box S if something is incoming for the LAN 192.168.1.0 255.255.255.0
    put it to eth1 (192.168.1.1) or something like this. I hope I didn't messed up the
    syntax (I usually would test it, but I cannot do it here). One problem is that
    (I ) used abbreviations in the past like route add -net 192.168.1.0 eth1, which
    is the same as the "correct" syntax, as far as I recall).


    /edit:
    "security games"

    After you managed that, you could disable routing and forwarding on box S and
    install instead a [proxy/stateful]firewall. If a packet is coming the one of the NIC's
    the computer does not knowwhat to do with it. It sends it up to the
    firewall, which then decides what to do with it.

    In the next step, you could add another "layer" to create a DMZ.

    In these setups, you can play untrusted network/trusted network scenarios
    at home. Have fun.


    Cheers.
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  3. #3
    Senior Member
    Join Date
    Jan 2004
    Posts
    199
    Fab answer dude, thanks alot !

    can i also just ask, do you know how to tell a application located on a machine (win xp) to use the network connected to NIC-1 to send out its http packets instead of using NIC-2. You see i have seti installed on my computer but it keeps trying to use my second network (local) to connect to its server instead of using my internet connected NIC.

    thanks in advance !
    -

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    You are very welcome. It's always fun to think about such settings

    General note: In your setup, the routing should be configured in such a way,
    that everything that is meant/allowed for the internet should be routed there.
    I assume, that seti is trying to connect to 128.32.xxx.yyy.

    What is your setup?
    case A) Box S, with two NICs, runs seti@home.

    case B) Box A runs seti@home, NIC to the internal network only.
    Box S has two NICs. One for the internal network, one for the internet.


    case A)
    What I am wondering is the following: Is seti@home the only program which
    tries to use the wrong NIC? Try an explicit
    Code:
    > route add 128.32.0.0 mask 255.255.0.0 192.168.1.1 IF 3
    where IF 3 is connected to the internet ("route print").

    NOTE: If you have 2 NIC's connected, it might be that
    Code:
    > route print
    tells you that both NIC's are routing the default destination 0.0.0.0.
    In this case, clean it up by
    Code:
    > route delete 0.0.0.0
    and add
    > route add 0.0.0.0 mask 0.0.0.0 192.168.1.1 IF 3
    case B)
    Box A needs to know where to route packets with destination internet. On box A,
    try to define a route
    Code:
    > route add 128.32.0.0 mask 255.255.0.0 gateway 192.168.0.1 IF 2
    where IF 2 is the NIC connected to the internal network on box A.

    /edit: I edited the numbering since IF 1 is the loopback interface.

    Good luck!

    Cheers
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •