[NTLUG:Discuss] Dual NIC Firewall - Problems with the external NIC

[Chris Cox]

Chris J Albertson wrote:
...
>  
>  So here is the ultimate question. Can I even have a default gw when I have two
>  NICs? Is that causing too much confusion? I'm adding the default route like
>  this: (Forget about the IP address not being legal for now....)
>  route add default gw 10.10.0.1
>  I would think that if I add the default gw with that IP address, it would
>  realize that it needs to go thru the external nic (eth1) to reach it and all
>  will be fine.
>  
>  Any help you guys can provide would be most excellent!
>  Thanks!

Just to make things clear, you should specify the device when doing your
routes (so things don't default to the wrong NIC).

There is nothing wrong with one or both interfaces having a default
gateway.  In order to forward across the interfaces you'll want to make
sure you have ip_forwarding enabled.

sysctl -w net.ipv4.ip_forward=1
or
echo "1" >/proc/sys/net/ipv4/ip_forward

Since it is likely you are going to some sort of NAT... you'll
need a nat/masquerading rule setup.

# route add default gw 10.10.0.1 dev eth0
# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

(assumes that eth1 (10.10.0.1) is the way out to the internet
and that eth0 is the interior gateway)

This is overly generous since it allows everything, but a starting
point nonetheless.

This off the top of my head... I'm sure someone will correct
my mistakes if there are any.

If you want more help, you need to describe your desired network
in much greater detail (include addresses, masks, etc.).