Dual NIC configuration on Debian

plisken · 08-02-2022, 09:48 AM

I'm trying to get 2 NIC's configured and going around in circles and just wanted to sanity check a few things.

Firstly, each card is connecting to a different network, we'll call it 10. and 23. so the idea is that 23. is a local network of sorts and 10. routes to a remote network. The box should be accessible via either.

Currently, the /etc/network/interfaces file looks like;

Code:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth6 eth7
iface eth7 inet static
     address  23.128.28.20
     netmask  255.255.240.0
     network  23.128.16.0
     gateway  23.128.16.1

iface eth6 inet static
        address 10.28.10.20
        netmask 255.255.255.0
        network 10.28.10.0
 #       gateway 10.28.10.1

with ifconfig looking like;

Code:

eth6      Link encap:Ethernet  HWaddr 08:00:27:e4:ff:3d  
          inet addr:10.28.10.20  Bcast:10.28.10.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fee4:ff3d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:213 errors:0 dropped:0 overruns:0 frame:0
          TX packets:909 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:25433 (24.8 KiB)  TX bytes:96838 (94.5 KiB)

eth7      Link encap:Ethernet  HWaddr 08:00:27:d2:78:66  
          inet addr:23.128.28.20  Bcast:23.128.31.255  Mask:255.255.240.0
          inet6 addr: fe80::a00:27ff:fed2:7866/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:44242 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16471 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:15425062 (14.7 MiB)  TX bytes:2133603 (2.0 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:53 errors:0 dropped:0 overruns:0 frame:0
          TX packets:53 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5050 (4.9 KiB)  TX bytes:5050 (4.9 KiB)

and the routing;

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.28.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eth6
23.128.16.0     0.0.0.0         255.255.240.0   U     0      0        0 eth7
 0.0.0.0         23.128.16.1     0.0.0.0         UG    0      0        0 eth7

What I don't know is whether or not I should have two gateways listed in the routing table, I always thought there should only be one default gateway per machine and not one for each card, hence I've commented it out in the interfaces file.

I think this is the first thing I need a bit of clarity on.

wpeckham · 08-02-2022, 01:07 PM

The traditional way is only one default gateway. The second interface is only to access the second network, which will all be local so no routing is needed on that interface. The gateway should be defined on the interface you use to reach all non-local network (and the internet).

There are other options for specific more complicated situations, that you should totally ignore for your specific case.
Using the most simple case that fits means fewer points of failure!

elgrandeperro · 08-03-2022, 12:25 AM

Sure, you can have 2 default gateways. But I think they might round robin if you don't tell the system which is the best or active route.

One way to do this is to set a metric. The metric would simply be the path to take, lower metric the more favored. So when the preferred interface is down, the next highest metric interface would be used instead as the default gateway.

I can be set in a interface file, using ifmetric or the ip command.

plisken · 08-03-2022, 03:26 AM

Thanks for comments so far, greatly appreciated.

I've tried to draw roughly what the network looks like below.

I have no knowledge of how the various networks are connected but can explain what I know and what I am expecting this new box BOX X to do.

So, we have 2 internal networks, 192.168.. and 23.128..

The 192.168.. is generally for PC's and these have both internet access and can also see the services offered by the 23.128.. servers, internal web pages and so on.

The 23.128.. are servers can not access any other networks.

The machine I am now trying to configure was previously a single NIC on the 23.128.. network and functioned as it should, that is all PC's on the 192.168.. network could reach it and of course all the 23.128.. servers could reach it if required. So previously and currently on the original NIC, it is physically connected into a switch on 23.128..

What we want to do now is allow traffic from 10.28.. to connect to this server, hence the addition of a second NIC, this connects to a switch on the 10.28.. network that is completely isolated from the others. I've tried to show this is my diagram.

With my configuration in my initial post, I am able to continue to access BOX X from either 192.168.. or 23.128.. but unable to receive new traffic coming from 10.28.. is not getting to BOX X

In an attempt to solve this, I tried adding the 2nd gateway (currently commented out) in /etc/network/interfaces and while this appears to allow me to serve the new traffic coming from 10.28.. I find that I am no longer able to access BOX X from 192.168.. while still being able to access from 23.128..
Now I know I can add a static route, such that traffic from 192.168.. goes to the NIC on 23.128.. (eth7) but I'm not so sure this is the proper way to fix this.

Code:

                           +---------------+
                           |               |
        +-------+      +---+--+            |
    +---+SW1    +------+SW2   +----+       |
    |   +-------+      +------+    |       |
    |                              |       |
    |                              |       |
    |                              |       |               EXTERNAL ISOLATED NETWORK
+---+-------+                +-----+----+  |                    +--------+
| 192.168.. |                | 23.128.. |  |               +----+10.28.. |
|           |                |          |  |               |    +--------+
|           |                |          |  |               |
|           |                |          |  |               |
|           |                |          |  |               |
|DESKTOPS   |                |SERVERS   |  |               |
|           |                |          |  |               |
|           |                |          |  |               |
|           |                |          |  |               |
|           |                |          |  |               |
+-----------+                +----------+  |               |
                                           |               |
                                           |               |
                                           |               |
                                           |               |
                                           |               |
                                           |               |
                                    +------+---------------+-------+
                                    | 23.128.28.20    10.28.10.20  |
                                    |                              |
                                    |            BOX X             |
                                    |                              |
                                    +------------------------------+

wpeckham · 08-03-2022, 11:12 AM

1. I presume the traffic between X and the 10.28.10* network is all by IP address and not hostnames. "Hostnames will not resolve to the shared address network unless someone has done some interesting work in the hosts files or local nameserver.

2. Have you attempted to ping from 10.28.10.20 to one of the other live addresses in the 10.28.10.* subnet? Have you attempted the reverse, ping form a different 10.28.10 address to 10.28.10.20?

3. Did you ensure that you have no firewall or blocking on X or elsewhere that would drop that traffic?

smallpond · 08-03-2022, 11:37 AM

Edit: misunderstood what you are doing.

Looks like you just want to add a second IP on eth7 with a 192.168 address.

wpeckham · 08-03-2022, 08:29 PM

Quote:

Originally Posted by smallpond

Edit: misunderstood what you are doing.

Looks like you just want to add a second IP on eth7 with a 192.168 address.

Not exactly, he has a box on the 23.128.28.* subnet, and wants to add an interface with an IP address on the 10.28.10.* subnet (at 20) and have it talk to that network. Should be easy, but it is unclear if there is a problem or what it might be yet. We need more feedback form the OP.

elgrandeperro · 08-03-2022, 11:05 PM

Where is the 23.128.16.1 router? It would have to know about both 192 and 23 networks and should be routing it. I see switches but not where or how the router is setup. Are you mixing the switch traffic, are these smart switches?

Linux will not route between interfaces unless you turn it on. Box X might be getting packets from 192 but not route to the 10, even with a static route.

Its a sysctl flag (I think) ip_forwarding but I've seen other names. I don't think you need the twin default routes.

davesroboshack · 08-17-2022, 05:15 AM

Dear all,
I have a very similar problem, if not exactly the same.
I too want to connect to two networks at the same time. One is a local network with some robots through an ethernet connection to control the robot. At the same time, I want to connect to the internet through wifi so I can download packages, update my code, etc.
So what I want is to connect to ethernet with a static IP 192.168.44.49 to the robots who have a static IP as well and use wifi to connect to the internet with a DHCP managed router from the research institute (so I cannot have a static IP there).

When I first connect the wifi to the internet and then plug in the ethernet port to the local network, I have connection to both networks. This is the situation I want to have consistently.

Here is the output of `ip address`:

dave@laptop:~$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: wlp0s20f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 10:51:07:49:c0:d7 brd ff:ff:ff:ff:ff:ff
inet 10.164.32.188/20 brd 10.164.47.255 scope global dynamic noprefixroute wlp0s20f3
valid_lft 2091sec preferred_lft 2091sec
inet6 fe80::4e15:d8b3:fc20:a5fe/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:11:53:1f:57 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
4: enxa02919f0ca71: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether a0:29:19:f0:ca:71 brd ff:ff:ff:ff:ff:ff
inet 192.168.44.49/24 brd 192.168.44.255 scope global noprefixroute enxa02919f0ca71
valid_lft forever preferred_lft forever
inet6 fe80::a90e:64f6:d193:5143/64 scope link noprefixroute
valid_lft forever preferred_lft forever

And here is the output of `ip route`:

dave@laptop:~$ ip route
default via 10.164.32.1 dev wlp0s20f3 proto dhcp metric 600
default via 192.168.44.100 dev enxa02919f0ca71 proto static metric 20500
10.164.32.0/20 dev wlp0s20f3 proto kernel scope link src 10.164.32.188 metric 600
169.254.0.0/16 dev wlp0s20f3 scope link metric 1000
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.44.0/24 dev enxa02919f0ca71 proto kernel scope link src 192.168.44.49 metric 500

And the output of `ip link`:

dave@laptop:~$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: wlp0s20f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
link/ether 10:51:07:49:c0:d7 brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:11:53:1f:57 brd ff:ff:ff:ff:ff:ff
4: enxa02919f0ca71: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether a0:29:19:f0:ca:71 brd ff:ff:ff:ff:ff:ff

But when I first connect to the ethernet and then to wifi, it will not connect to both networks. I can only connect to the local network, but I have no access to the internet anymore.

The output of `ip address` is:

dave@laptop:~$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: wlp0s20f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 10:51:07:49:c0:d7 brd ff:ff:ff:ff:ff:ff
inet 10.164.32.188/20 brd 10.164.47.255 scope global dynamic noprefixroute wlp0s20f3
valid_lft 3569sec preferred_lft 3569sec
inet6 fe80::4e15:d8b3:fc20:a5fe/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:11:53:1f:57 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
5: enxa02919f0ca71: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether a0:29:19:f0:ca:71 brd ff:ff:ff:ff:ff:ff
inet 192.168.44.49/24 brd 192.168.44.255 scope global noprefixroute enxa02919f0ca71
valid_lft forever preferred_lft forever
inet6 fe80::a90e:64f6:d193:5143/64 scope link noprefixroute
valid_lft forever preferred_lft forever

The output of `ip route` is:

dave@laptop:~$ ip route
default via 192.168.44.100 dev enxa02919f0ca71 proto static metric 20500
default via 10.164.32.1 dev wlp0s20f3 proto dhcp metric 20600
10.164.32.0/20 dev wlp0s20f3 proto kernel scope link src 10.164.32.188 metric 600
169.254.0.0/16 dev enxa02919f0ca71 scope link metric 1000
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.44.0/24 dev enxa02919f0ca71 proto kernel scope link src 192.168.44.49 metric 500

The output of `ip link` is:

dave@laptop:~$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: wlp0s20f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
link/ether 10:51:07:49:c0:d7 brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:11:53:1f:57 brd ff:ff:ff:ff:ff:ff
5: enxa02919f0ca71: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether a0:29:19:f0:ca:71 brd ff:ff:ff:ff:ff:ff

elgrandeperro · 08-17-2022, 07:51 AM

Your ethernet has a lower metric, therefore it is preferred as a default gateway.

default via 192.168.44.100 dev enxa02919f0ca71 proto static metric 20500
default via 10.164.32.1 dev wlp0s20f3 proto dhcp metric 20600

20500 < 20600

You can set the metric values in Network Manager, using the utility ifmetric or the interface file (netplan).

But to put the networks together, you don't need 2 default gateways, just having the ethernet side up on the ethernet side will suffice. So disable the default gateway for the ethernet interface.

davesroboshack · 08-18-2022, 07:50 AM

Quote:

Originally Posted by elgrandeperro

Your ethernet has a lower metric, therefore it is preferred as a default gateway.

default via 192.168.44.100 dev enxa02919f0ca71 proto static metric 20500
default via 10.164.32.1 dev wlp0s20f3 proto dhcp metric 20600

20500 < 20600

You can set the metric values in Network Manager, using the utility ifmetric or the interface file (netplan).

But to put the networks together, you don't need 2 default gateways, just having the ethernet side up on the ethernet side will suffice. So disable the default gateway for the ethernet interface.

This seems to be working on my laptop. Thanks a lot. I will try on my robot as well. This might be different as the robot communicates wirelessly to a second robot on the same subnet (192.168.44.xxx). This second robot connects to a third network (subnet 192.168.88.xxx) through a router that connects both networks. We figured out that, on the robot, we need to have the gateway set to the subnet of the third network (set to 192.168.88.100).

In which cases to I need to set a default gateway?
I'd like to better understand this network setup.

elgrandeperro · 08-18-2022, 09:32 PM

So I take it you want to get to the second network. Obviously it doesn't match the interface network, so you want to put a static route next hop.

I assume you have a router that is routing across 192.168.44.0 and 192.168.88.0.

It should be like:

route add -net netaddress netmask mask gw gw_address

route add -net 192.168.88.0 netmask 255.255.255.0 gw 192.168.44.X

So this says for packets for that network, route packets to the router's 192.168.44.X address.

If the 2nd robot default things to the router, then I don't think you need a static route on that end because the router has interfaces on both networks.