routing through multiple subinterfaces in debian

Posted by Kstro21 on Server Fault See other posts from Server Fault or by Kstro21
Published on 2012-11-30T21:53:23Z Indexed on 2012/11/30 23:07 UTC
Read the original article Hit count: 264

Filed under:
|
|
|
|

my question is as simple as the title, i have a debian 6 , 2 NICs, 3 different subnets in a single interface, just like this:

auto eth0
iface eth0 inet static
    address 192.168.106.254
    netmask 255.255.255.0

auto eth0:0
iface eth0:0 inet static
    address 172.19.221.81
    netmask 255.255.255.248

auto eth0:1
iface eth0:1 inet static
    address 192.168.254.1
    netmask 255.255.255.248

auto eth1
iface eth1 inet static
    address 172.19.216.3
    netmask 255.255.255.0
    gateway 172.19.216.13

eth0 is conected to a swith with 3 differents vlans, eth1 is conected to a router. No iptables DROP, so, all traffic is allowed. Now, passing the traffic through eth0 is OK, passing the traffic through eth0:0 is OK, but, passing the traffic through eth0:1 is not working, i can ping the ip address of that sub interface from a pc where this ip is the default gateway, but can't get to servers in the subnet of the eth1 interface, the traffic is not passing, even when i set the iptables to log all the traffic in the FORWARD chain and i can see the traffic there, but, the traffic is not really passing. And the funny is i can do any the other way around, i mean, passing from eth1 to eth0:1, RDP, telnet, ping, etc,

doing some work with the iptable, i manage to pass some traffic from eth0:1 to eth1, the iptables look like this:

iptables -t nat PREROUTING -d 192.168.254.1/32 -p tcp -m multiport --dports 25,110,5269 -j DNAT --to-destination 172.19.216.1
iptables -t nat PREROUTING -d 192.168.254.1/32 -p udp -m udp --dport 53 -j DNAT --to-destination 172.19.216.9
iptables -t nat PREROUTING -d 192.168.254.1/32 -p tcp -m tcp --dport 21 -j DNAT --to-destination 172.19.216.11

iptables -t nat POSTROUTING -s 172.19.216.0/24 -d 172.19.221.80/29 -j SNAT --to-source 172.19.221.81
iptables -t nat POSTROUTING -s 172.19.216.0/24 -d 192.168.254.0/29 -j SNAT --to-source 192.168.254.1
iptables -t nat POSTROUTING -s 172.19.216.0/24 -o eth0 -j SNAT --to-source 192.168.106.254

dong this is working, but,it is really a headache have to map each port with the server, imagine if i move the service from server, so, now i have doubts:
can debian route through multiple subinterfaces?? exist a limit for this?? if not, what i'm doing wrong when i have the same setup with other subnets and it is working ok?? without the iptables rules in the nat, it doesn't work

thanks and i hope good comments/answers

© Server Fault or respective owner

Related posts about linux

Related posts about networking