The problem
The problem with SUSE systems is that YAST can only have one default gateway. Having multiple NICs (Network Interface Controller / network adapter) in different networks means clients outside the local LANs can only be reached through one gateway.
This is a typical scenario:
Let’s assume Gateway-A is set as default. Client-A and Client-B can reach the system on both IPs via NIC-A and NIC-B without a problem since no gateway is needed. Client-C sends its packets for NIC-A through Gateway-A and receives the response the same way. Packets from Client-C for NIC-B reach the destination via Gateway-B (that is OK) but the response will be sent via the Gateway-A and originate from NIC-A since the IP of Client-C is not in Network-B so the default gateway is used. These responses will be discarded and logged as “martian sources” because they come from a different IP than the query packets were sent to. Another problem is Client-B contacting NIC-A. The packet is sent via Gateway-B -> WAN -> Gateway-A since the IP of NIC-A is not in Network-B. The response will be sent via NIC-B because Client-B can be reached through Network-B.
To resolve this issue we need to set up split access routing.
Overview
I have tested this on SLES 15.1. The solutions beeing quite generic could be more or less applicable to other SUSE distributions. But your mileage may vary!
Step 1: Setting up a separate routing table for each NIC. (YAST only uses the default routing table, hence only one gateway.)
Step 2: Adding the routes in each table. In each we can specify the route to the proper network and a default gateway .
Step 3: Adding a rule for each routing table.
Manual solution / Testing:
Step 1: By adding these two enties to /etc/iproute2/rt_tables
two new routing tables will be created:
252 neta
251 netb
neta
and netb
are just identifiers. You can use other names as well like int
or ext
Step 2 and 3: Both must be done for each NIC by entering the following commands:
ip route add 192.168.0.0/24 dev eth0 src 192.168.0.1 table neta
ip route add default via 192.168.0.254 dev eth0 src 192.168.0.100 table neta
ip rule add from 192.168.0.1 table neta
ip route add 192.168.1.0/24 dev eth1 src 192.168.1.1 table netb
ip route add default via 192.168.1.254 dev eth1 src 192.168.1.100 table netb
ip rule add from 192.168.1.1 table netb
Now you should test if the everything works as intended. CAUTION: These changes will be lost when the network is reset (rcnetwork restart
or after a reboot).
Permanent solution
First you use YAST to configure a standard network setup with two NICs and one gateway to create the normal config files. Then you modify these and create additional configs. Since YAST can’t handle different routing tables don’t use YAST to configure the network after implementing this solution. YAST will revert it to a configuration with only one default gateway.
Step 1: By adding these two entries to /etc/iproute2/rt_tables
two new routing tables will be created:
252 neta
251 netb
neta
and netb
are just identifiers. You can use other names as well likeint
or ext
Step 2: For each NIC (eth0, eth …) create/modify in /sysconfig/network/
a file called ifroute-eth0
, ifroute-eth1
, etc. with the appropriate content:
sysconfig/network/ifroute.eth0
:
192.168.0.0/24 - - eth0 src 192.168.0.1 table neta
default 192.168.0.254 - eth0 table neta
sysconfig/network/ifroute.eth1
:
192.168.1.0/24 - - eth1 src 192.168.1.1 table netb
default 192.168.1.254 - eth1 table netb
The syntax is
Network Gateway Netmask device options
Each column that has no value set is represented by a “-“. Since the netmask is given in with network it is not used.
Step 3: For each NIC (eth0, eth …) create/modify in /sysconfig/network/
a file called ifrule-eth0
, ifrule-eth1
, etc. with the appropriate content:
sysconfig/network/ifrule.eth0
:
table neta from 192.168.0.1
sysconfig/network/ifrule.eth1
:
table netb from 192.168.1.1
To apply these changes restart the network (rcnetwork restart
) or reboot the computer. Now you should test if everything works as intended.
The information herein is derived from these articles:
The SUSE description is the basis for the manual solution
Reply packets are sent over an unexpected interface https://www.suse.com/support/kb/doc/?id=7000318
These pointed me in the right direction for the permanent solution:
Thread: static route disappers after network restart https://forums.opensuse.org/showthread.php/526510-static-route-disappers-after-network-restart
Configuring Static Routes in ifcfg files https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-configuring_static_routes_in_ifcfg_files