Configuring Multiple NICs

Most computers have just one network interface, but some have multiple interfaces—that is, they're multihomed. For instance, routers have multiple interfaces, one for each network. Occasionally a nonrouter will have multiple interfaces. One common example is a computer that has a local area network (LAN) connection for purely local networking and that uses the Point-to-Point Protocol (PPP) for Internet connectivity. You might also want to configure a server on a network with multiple subnets to use multiple interfaces, one for each subnet. This configuration can reduce the load on the router that resides between the subnets, it can reduce the traffic on at least one of the subnets, and it may make it easier to implement certain types of access controls—for instance, you can run some servers on one interface but not on the other.

If both of your NICs use static IP addresses and are Ethernet devices, configuring them is fairly straightforward, although your GUI tools might or might not be much help. Basically, most distributions place separate configuration files in /etc/network, /etc/sysconfig/network, /etc/sysconfig/networking, or a similar location, one file per interface. Table 19.1 summarizes the locations of these configuration files. Examine these files, and if necessary copy one file to create a second interface's configuration, making the necessary changes for each network.

One detail that can be tricky when configuring a system with multiple interfaces is the default route, aka the gateway address. This is the IP address of the computer that should handle traffic destined for the Internet at large, as opposed to computers on either network to which the computer is directly connected. The default route is usually set in one of the configuration files outlined in Table 19.1, but sometimes another file handles the job. In SuSE, for instance, it's set in the /etc/sysconfig/network/routes file. (SuSE also uses files named /etc/sysconfig/network/ifroute-/f, where if is the interface name, for interface-specific routes.) Even a multihomed computer has just one default route. If by chance both your interfaces obtain IP addresses via DHCP, both DHCP servers may try to assign default routes to your computer. If this happens, you may want to use a local startup script to remove one of the two default routes, using a line like this:

route del -net default gw 192.168.1.1

This line removes the 192.168.1.1 gateway from the routing table. Of course, if you use a line like this to override a DHCP configuration, it must execute after the DHCP client runs. If your normal startup script sequence launches local scripts before the network is configured, you should create a new custom SysV startup script to execute a command like this one after the DHCP client runs, or modify your distribution's network startup script to do the job.

Another potential problem is the addition of routes. For instance, suppose one NIC links to the Internet and another links to a local network. If the local network has no ties to other networks, the configuration is fairly straightforward—ifconfig will create the appropriate local routes when the network configuration scripts launch it. If the local network has a small router that links to a second local network, though, you must add a route for that local network. Once again, a local startup script is the best solution. You can add a line like the following:

route add -net 192.168.7.0/24 gw 192.168.1.7

This line tells the system to add a routing table entry to pass all traffic destined for the 192.168.7.0/24 network to 192.168.1.7. This computer must be configured as a router between its two networks (192.168.7.0/24 and, presumably, 192.168.1.0/24).

If you want to configure a Linux computer as a small router, such as the one just described, you must first set the system up with two network interfaces. You can then enable routing by entering the following command in a local startup script that executes after both network interfaces become active:

cat "1" > /proc/sys/net/ipv4/ip_forward

Thereafter, the computer functions as a router, assuming appropriate kernel options are available, as they are by default on most Linux distributions. You should be aware of the potential problems that come with this configuration, though—if your computer should not function as a router (say, because the two networks already have a router with extensive firewall features built in), you should check that this configuration is not enabled. Type the following command after the system has booted to be sure the system isn't a router:

$ cat /proc/sys/net/ipv4/ip_forward

The output value of 0 indicates that the system is not a router. If Linux responds with 1, the computer is a router. Check your network startup files for any call that accesses /proc/sys/net/ipv4/ip_forward and make any necessary changes.

Tip An old computer (even a 486) can make a good Linux-based router for a small network. Load a small Linux distribution, such as a minimal Debian installation or ZipSlack (described in Chapter 17, "Protecting Your System wth Backups"), onto the computer. Remove all unnecessary servers, configure the computer with two NICs, and set up routing functions. For added security, consult Chapter 20, "Controlling Network Access," for information on setting up iptables firewall rules. Advanced router functions are available, but they are well beyond the scope of this book.

Team LIB

1 previous

Team LIB

^ previous

0 0

Post a comment