I have two public IPs. One's connected to eth0 and one to eth1, from 2 separate routers as complete DMZ towards the LAN IP.
I added this following:
ip rule add from 10.0.0.108/32 table 1 # outbound
ip rule add to 10.0.0.108/32 table 1 # inbound
ip route add default via 10.0.0.1 dev eth0 table 1
ip rule add from 10.0.0.100/32 table 2 # outbound
ip rule add to 10.0.0.100/32 table 2 # inbound
ip route add default via 10.0.0.1 dev eth1 table 2
Since adding this above, I've been having problems sending traffic correctly for inbound and outbound.
For example:
$ ping -I eth0 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 10.0.0.108 eth0: 56(84) bytes of data.
From 10.0.0.108 icmp_seq=2 Destination Host Unreachable
From 10.0.0.108 icmp_seq=3 Destination Host Unreachable
From 10.0.0.108 icmp_seq=4 Destination Host Unreachable
$ ping -I eth1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 10.0.0.28 eth1: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=48 time=14.6 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=48 time=14.6 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1233ms
rtt min/avg/max/mdev = 14.611/14.639/14.667/0.028 ms
How do I use ip rule add from/to method to fix the eth0 (from/to), but without breaking the eth1 (eth1 is working perfect).
Best Answer
it seems you're routing all traffic through eth1 (
default via 10.0.0.1 dev eth1 table 2is prefered overdefault via 10.0.0.1 dev eth0 table 1) but using-I eth0just replacessrc IPoficmppackets (correct me if I'm not right). Also, does10.0.0.1gateway exist in both networks?I believe this LARTC article should definitely help you. Btw, it would be nice if you provide us with more network configuration detail.