83. Configuring route for multiple network interfaces on Debian Testing

In my previous post I got rid of network-manager.

On my main desktop, which serves as a gateway for two subnets and serves them with access to the internet and has three ifs (eth0 goes to outside world, eth1 serves 192.168.0-127 and provides inet passthrough, eth2 serves 192.168.128-255), I had issues getting the internet connection to work once network-manager was gone -- the issue was the routing table.

Here's what I did to diagnose and solve it:

When I got rid of network manager I set up my /etc/network/interfaces like this:
auto lo
iface lo inet loopback
auto eth0

iface eth0 inet dhcp
auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
gateway 192.168.1.1

auto eth2
iface eth2 inet static
address 192.168.1.129
netmask 255.255.255.128
gateway 192.168.1.129
But it gives
sudo route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.129   0.0.0.0         UG    0      0        0 eth2
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1
0.0.0.0         XXX.XXX.XXX.254 0.0.0.0         UG    0      0        0 eth0
XXX.XXX.XXX.0   0.0.0.0         255.255.248.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.1.128   0.0.0.0         255.255.255.128 U     0      0        0 eth2
The problem is that I DON'T want all traffic via eth2 and eth1. I want the default gateway to be my eth0. Inverting the order of the ifs in /etc/network/interfaces doesn't fix it either.

A quick fix is to do
 sudo route add default dev eth0
 which adds this as the first line:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 eth0
It looks like we might want to manually configure route.

Turns out you can just add the route options to your /etc/network/interfaces file

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
gateway 192.168.1.1

auto eth2
iface eth2 inet static
address 192.168.1.129
netmask 255.255.255.128
gateway 192.168.1.129

auto wlan0
iface wlan0 inet static
address 192.168.2.1
netmask 255.255.255.0
gateway 192.168.2.1

post-up ip route flush all
post-up route add default dev eth0
post-up route add -net 169.254.0.0 netmask 255.255.0.0 dev eth0 metric 1000
post-up route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 eth1
post-up route add -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.129 eth2
post-up route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1 wlan0

The script gives us a nice, compact routing table on doing
sudo service networking restart

sudo route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0
192.168.1.0     192.168.1.1     255.255.255.0   UG    0      0        0 eth1
192.168.1.128   192.168.1.129   255.255.255.128 UG    0      0        0 eth2


Edit::
An earlier version of this post used a separate script (see below). This works fine on boot. However, sudo service networking restart
does not invoke it -- so you may end up with a faulty route table. Thus, it is preferable to use the method above in which the route options are added to the end of /etc/network/interfaces

The following (below) is kept for posterity only:

We put the commands below into /etc/routing_table.sh:

#!/bin/sh

sudo ip route flush all

sudo route add default dev eth0

sudo route add -net 169.254.0.0 netmask 255.255.0.0 dev eth0 metric 1000

sudo route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 eth1

sudo route add -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.129 eth2

exit 0


We change the atttributes:


sudo chmod o-rwx /etc/routing_table.sh


sudo chmod g-rwx /etc/routing_table.sh


sudo chmod u+rwx /etc/routing_table.sh




Here user is root. This way only root can execute and edit the table. I guess the 'sudo' is a bit superfluous in our script.

To make it start on boot, add a line to your /etc/rc.local
My rc.local now looks like this:

#!/bin/sh -e
echo "1" > /proc/sys/net/ipv4/ip_forward
sh /etc/firewall-rules.sh
sh /etc/routing_table.sh
exit 0

The firewall-rules.sh script is described in another post on ip tables.
Previous
Next Post »