TIP_Dual-Homed_Gentoo_Server

This article is part of the Tips & Tricks series.

Terminals / Shells • Network • X Window System • Portage • System • Filesystems • Kernel • Other

1 Situation
2 Kernel Support
3 Software Support
4 Configuration
5 Notes
6 Credit and Links

Situation

For one reason or another, you have internet connections from 2 different providers, or 2 connections from a single provider but with different gateways, coming in to a single machine. An example would be when you have a primary IP which is part of a trusted network range for NFS, etc. without an internal LAN, but would like to run a secondary DNS server on a separate IP range.

Kernel Support

You need to have a couple of kernel options enabled:

CONFIG_IP_ADVANCED_ROUTER (Networking/IP: Advanced Router) and
CONFIG_IP_MULTIPLE_TABLES (Networking/IP: policy routing)

These enable filtering based on the source address, as opposed to being restricted to only the destination address (default).

Verify they are enabled in your kernel:

$ grep -e CONFIG_IP_ADVANCED_ROUTER -e CONFIG_IP_MULTIPLE_TABLES /usr/src/linux/.config 
  CONFIG_IP_ADVANCED_ROUTER=y
  CONFIG_IP_MULTIPLE_TABLES=y

To enable the above 2 items in the kernel, run make menuconfig in the /usr/src/linux directory. Navigate to Networking --> Networking options and change "IP: Advanced router" and "IP: policy routing" to [*]. Save your changes and run make && make modules_install. Double check the items are enabled by running the grep command above again.

Software Support

You will need to emerge iproute2. ifconfig cannot handle multiple routing tables, nor can it handle a number of other things that iproute2 can, so using iproute2 instead is a good idea anyway.

Configuration

edit /etc/iproute2/rt_tables and add the following line. You may call the table anything you liked, I chose dns for this example as that was the purpose of the secondary IP:

100     dns

edit /etc/conf.d/local.start and add the following line. This is necessary because Gentoo's net init scripts do not yet support ip rules (AFAIK) (you can use "postup" function (see /etc/conf.d/net.example):

ip rule add from <secondary ip> table dns

edit /etc/conf.d/net so it looks like this:

modules=( "iproute2" )
config_eth0=(
        "<primary ip>/<nm> brd <primary broadcast>"
)
config_eth1=(
        "<secondary ip>/<nm> brd <secondary broadcast>"
)
routes_eth0=(
        "default via <primary gateway>"
)
routes_eth1=(
        "127.0.0.0/8 dev lo table dns"
        "default via <secondary gateway> table dns"
)

For example "<primary ip>/<nm> brd <primary broadcast>" should look like :

123.124.125.3/24 brd 123.124.125.255

Notes

You can do this all on one interface, like so:

modules=( "iproute2" )
config_eth0=(
        "<primary ip>/<nm> broadcast <primary broadcast>"
        "<secondary ip>/<nm> broadcast <secondary broadcast>"
)
routes_eth0=(
        "default via <primary gateway>"
        "127.0.0.0/8 dev lo table dns"
        "default via <secondary gateway> table dns"
)

You will also want to add any other routes for internal LANs, etc. to the dns table, i.e like so:

routes_eth3=(
        "10.0.0.0/8 table mx"
)

Credit and Links

This article was originally written by Casey Allen Shobe for SeattleServer.com, based on information from the Linux Advanced Routing and Traffic Control HOWTO, simplified and tailored to Gentoo.