Defining the interfaces to be used for routing
in [Linux Networking]
|
Prev: Need help in understanding the mapping of user-space send, sendto, sendmsg to kernel-space sendmsg
Next: Maximum bandwidth usage
From: unruh on 15 Jun 2010 12:48 On 2010-06-15, Barak Hermesh <barhash(a)gmail.com> wrote: > All, > > I am involved in the development of a home router which has three > network interfaces (net-devices): > lan0 - Ethernet facing the LAN side > wan0 - WAN data connection > wan1 - WAN management connection: this is used only for accessing the > device itself (web pages etc..) > > wan0 and wan1 should be looked at as two different physical > interfaces. > Both get their IP addresses from DHCP clients and both get different > default gateways. > NAT is established between lan0 and wan0. > The problem is that the Linux router sometimes routes traffic from > lan0 using the wan1 default gateway's rule. There is only one default. wan1 should NOT get a default route. Since it is being used for very specific tasks, it should get specific routes. > > Is there a way to restrict the router to perform forwarding only for a > subset of the interfaces and use others only for device access? Sure. Just give it the route route add -net 111.222.333.0 netmask 255.255.255.0 gw 222.333.444.256 wlan1 You want default on wlan0 I assume since that is where you want most traffic to go. > > Thanks, > Barak.
From: unruh on 15 Jun 2010 12:58 On 2010-06-15, Barak Hermesh <barhash(a)gmail.com> wrote: > On Jun 15, 4:28?pm, Pascal Hambourg <boite-a-s...(a)plouf.fr.eu.org> > wrote: >> Hello, >> >> Barak Hermesh a ?crit : >> >> >> >> > I am involved in the development of a home router which has three >> > network interfaces (net-devices): >> > lan0 - Ethernet facing the LAN side >> > wan0 - WAN data connection >> > wan1 - WAN management connection: this is used only for accessing the >> > device itself (web pages etc..) >> >> > wan0 and wan1 should be looked at as two different physical >> > interfaces. >> >> Why "should be looked at as" ? Aren't they ? > They are logical links sharing the same physical medium but for all > practical purposes they can be looked at as two different interfaces. > >> >> > Both get their IP addresses from DHCP clients and both get different >> > default gateways. >> >> This is asking for trouble. A node should have only one default route at >> most. > We have no option. This is per product specification. You have no option. This product specification is contrary to the rules of routing. It is a non-complient specification and thus cannot be fulfilled. You do not mean that you are planning to have the contolling interface be accessible by the whole world wide web? That certainly sounds like lunacy. That router will find itself broken into from day one and subverted. (You mumbled something about passwords-- 50% of the customers will leave it as the default password and 25% of the other will use "password" as the password.-- yes those figures are made up, but you get the idea)) > >> >> > NAT is established between lan0 and wan0. >> > The problem is that the Linux router sometimes routes traffic from >> > lan0 using the wan1 default gateway's rule. >> >> As stated above, expect trouble (i.e. unpredictable behaviour) when >> there are multiple routes to the same destination. > This is why I am asking for help. We cannot help you. > There are no multiple routes for the same destination in the sense > that I can define a logic of which route to use based on the source > network device. Unfortunately I do not know ho to do this with Linux. > If Linux would have supported multiple logical routing tables, each > serving a subset of the interfaces, the problem would be solved. ??? A default route is a route over which traffic is sent IF there are no other specific routes available. Now, if you look at man ip, there is source specific routing available. > >> >> > Is there a way to restrict the router to perform forwarding only for a >> > subset of the interfaces and use others only for device access? >> >> It's not a forwarding issue, it's a routing issue with conflicting >> routes and which one takes over. >
From: Maxwell Lol on 16 Jun 2010 10:53
>> > I am involved in the development of a home router which has three >> > network interfaces (net-devices): >> > lan0 - Ethernet facing the LAN side >> > wan0 - WAN data connection >> > wan1 - WAN management connection: this is used only for accessing the >> > device itself (web pages etc..) >> >> > wan0 and wan1 should be looked at as two different physical >> > interfaces. >> >> Why "should be looked at as" ? Aren't they ? > They are logical links sharing the same physical medium but for all > practical purposes they can be looked at as two different interfaces. It's common to isolate control networks from data networks. I would be concerned that this APPEARS to be isolated, but in reality is not. Therefore a user may assume a configuration is safe from eavesdropping and authentication failure, but in reality protection is not as it seems. |