Simple (?) routing question

Hi Community, I setup a Debian Gnu/Linux box as a firewall with a public IP address on the eth0 and a private IP address on the eth1 just for local access/administration: 10.0.0.1/8. I tried to access the box remotely on the eth0 (public IP) with a not 'natted' private address 10.174.190.0/24 from our NOC network (and keep staying inside of our AS). IPTables rules were ok, but since the box had an interface (eth1) directely connected with ip address

10.0.0.1/8, it tried to respond with the eth1 to traffic coming in on the eth0 as 10.174.190.0. I believed that the default 'public' route was a more important information, but that's not the case. Is this a general/elementary routing issue, or is the Gnu/Linux box that behaves this way?

Thanks a lot in advance for you comments

Dario

Reply to
Dario
Loading thread data ...

That's correct. Routing prefers the longest match. If 10/8 is routed to eth1 then that is where it goes - not via the 0/0 (aka default) rule to eth0. That's kinda fundamental to IP...

If you _want_ 10.174.90.0 on the public side (cable/ADSL/WiFi router?) you either need to add a more specific route to eth0 (e.g. "iproute add 10.174/16 dev eth0") or use a subnet on eth1 that doesn't include the 10.174.90.0 space you need (e.g. 10.0/16)

Mike

Reply to
Mike Jagdis

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.