[TriLUG] Routing...once again.

[Greg Brown]

The default route is per subnet.  If you have a machine with multiple
subnets where you are doing internal (to the server) routing between the
subnets you can have a single "last resort" default gateway for all ports in
the internally routed ranges.

If you are doing no internal routing in the server, i.e. eth0 and eth1 can't
even ping each other, then you need one default gateway per subnet as the
two ports and devices on the ranges cannot communicate with each other.

The tickier solution is where you have a server with multiple ranges that
don't talk to each other but you have set up the gateway to adversise
multiple external ranges via BGP or some other routing protocol, but I don't
think that is what is going on here.

You can get real complex with this stuff but I really do try to follow the
good, old KISS principal whenever possible.

Greg



>
> Are you sure about that? It seems like a default route would be
> per-machine. That's the role it serves - if I don't know where this
> packet goes, shove it here and this guy will know what to do with it. I
> can't speak from experience though as I've never had two networks with a
> route to the public Internet, and had to sit services on different
> ones.
>
> What I do know is that you will need to bind OpenVPN to one IP rather
> than listening on all interfaces. I don't know OpenVPN's specific way of
> doing this, but it'll be an option in the config file, or something
> along those lines.
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>