Problem with mutliple NICs

Hello, I have two NICs. One is connected directly to the internet, the other one is connected to a router which is then connected to the internet.

rl0 is the one connected to the internet, with some 94.255.. ip, rl1 is connected to my router which has a public ip on 89.160.., and rl1 has the ip 192.168.0.100. The router has settings to forward port 80 (and some others) to my server.

My server runs (among some other services) apache.


The problem is that at any time, I can only connect to apache on one of the public ips. Apache listens on *. Both interfaces are up. The traffic get forwarded correctly by the router. If I boot the system with rl0 down, then bring it up later, I can connect to any service via my router, but trying to connect via rl0 just results in a timeout. If I do it the other way around and boot with rl1 down and bring it up, I get timeouts when connecting via my router. I can however access the services via lan.

My guess is that this is a routing issue. Using tcpdump -irl0 'tcp port 80' and tcpdump -irl1 'tcp port 80', I can see activity on both interfaces when trying to connect to the broken port.

So basicly, when I try to connect on rl0, my server responds on rl1, including for ACKs or whatever. Is there any way to fix this or work around it?
 
The problem seems to be solved now, thanks to everyone who helped me (mostly the kind people of #freebsd on undernet).

To anyone who may have this problem in the future (that is potentially anyone with multiple NICs connected to the internet) this can be fixed with pf (and possibly ipfw, but I haven't tried to figure out how).

The examples on this link should help you:
http://kerneltrap.org/mailarchive/openbsd-misc/2007/7/14/152333
 
Back
Top