|
Posted by Mike Jagdis on November 23, 2004, 1:51 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Dario wrote:
> Hi Community,
> I setup a Debian Gnu/Linux box as a firewall with a public IP address
> on the eth0 and a private IP address on the eth1 just for local
> access/administration: 10.0.0.1/8.
> I tried to access the box remotely on the eth0 (public IP) with a not
> 'natted' private address 10.174.190.0/24 from our NOC network (and
> keep staying inside of our AS). IPTables rules were ok, but since the
> box had an interface (eth1) directely connected with ip address
> 10.0.0.1/8, it tried to respond with the eth1 to traffic coming in on
> the eth0 as 10.174.190.0.
> I believed that the default 'public' route was a more important
> information, but that's not the case.
> Is this a general/elementary routing issue, or is the Gnu/Linux box
> that behaves this way?
>
> Thanks a lot in advance for you comments
>
>
> Dario
That's correct. Routing prefers the longest match. If 10/8 is
routed to eth1 then that is where it goes - not via the 0/0
(aka default) rule to eth0. That's kinda fundamental to IP...
If you _want_ 10.174.90.0 on the public side (cable/ADSL/WiFi
router?) you either need to add a more specific route to eth0
(e.g. "iproute add 10.174/16 dev eth0") or use a subnet on
eth1 that doesn't include the 10.174.90.0 space you need
(e.g. 10.0/16)
Mike
--
Mike Jagdis Web: http://www.eris-associates.co.uk
Eris Associates Limited Tel: +44 7780 608 368
Reading, England Fax: +44 118 926 6974
| 
XML site map