Ajout d'une seconde carte réseau

stefan1 · April 9, 2024, 12:15pm

Bonjour ,

Je cherche à ajouter une seconde carte réseau qui me permettra de sauvegarder mes backups sur un disque distant ainsi que de faire un rscync de /var/mail

Donc j’ai modifié mon fichier /etc/network/interfaces

Mais, au reboot mon site web n’était plus accessible
J’ai remis mon ancien fichier /etc/network/interfaces et il est à nouveau accessible

contenu de /etc/network/interfaces

This file describes the network interfaces available on your system

and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

The loopback network interface

auto lo
iface lo inet loopback

The primary network interface

allow-hotplug eno8303
iface eno8303 inet dhcp

This is an autoconfigured IPv6 interface

iface eno8303 inet6 auto

modification apporter que j’ai dû supprimer afin de retrouver l’accès à mon site web

allow-hotplug eno8403
iface eno 8403 inet dhcp

Y a t’il une commande qui puisse refaire la configuration réseau en tenant compte des 2 cartes réseaux ?

wbk · April 9, 2024, 10:05pm

Hi stefan1,

My French is good enough, with the bits of English in between, to read your problem, buut… Not good enough to answer in French

Before looking at configuring the second card, could you elaborate on the reason to add another network card just for backup? (I can think of some reasons, but most people who have the reasons I think of, have enough experience configuring network cards ). In general, without planning your network, adding network cards means adding headaches.

Would you mind editing your post, and enclose the contents of /etc/network/interfaces between ‘backticks’ (`)? Start with three of them on an empty line, then your text, and after that three of ``` on an empty line again.

stefan1 · April 10, 2024, 6:02am

Hello ,

I have a local network which has its internet connection, its VPN, and its internet connection.

I have my server which is not in this network and which has its own internet connection dedicated to it.

I want to save my backups, on the NAS of my local network

with his rules

iptables -A OUTPUT -o eno8403 -j DROP
iptables -A OUTPUT -o eno8403 -d my nas ip -j ACCEPT

iptables -A INPUT -o eno8403 -j DROP
iptables -A INTPUT -o eno8403 -d my nas ip -j ACCEPT

so that only traffic coming to and from my nas is authorized

I will try to configure in static mode

Best regards

stefan1 · April 10, 2024, 6:31am

in static mode , my ping working
but my webserver is not accesible

wbk · April 10, 2024, 9:29pm

Ok, “something like”:

                            xx                                                         
                           xxx                                                         
                     xx   xxxxxxxxx     xxx                                            
                  xxxx xxxx       x xxxxxxxxxxxxx    xxxxxxx                           
                  x               xx            xxxxx      xx                          
                  x             xxx             x           x                          
                  xx            x    INTERNET               x                          
                  x             xx                          x  xxx                     
                xxx                                         xxx  xx                    
                  xxxxxx│xxxxxxxxxxxxxxxxxx x xxxxxxxx  xxxxx│xxxx                     
                        │                                    │                         
                        │                                    │                         
                        │                                    │                         
    ┌───────────────────┼─────────────┬──────────────────────┼──────────────┬───────┐  
    │                   │ Internet 2  │                      │ Internet 1   │       │  
    │                   │ Router      │      ┌───────────────┤ Router       │       │  
    │                   ├─────────────┘      │               ├──────────────┘       │  
    │                   │               │    │               │                      │  
    │                   │               │    │               │                      │  
    │                   │                    │               │                      │  
    │                   │                    │               │                      │  
    │                   │               │    │               │                      │  
    │                   │               │    │               │                      │  
    │                   │                    │               │                      │  
    │                   │               │    │               │                      │  
    │                   │               │    │               │                      │  
    │                   │               │    │               │                      │  
    │                   │                    │               │                      │  
    │                   │ NIC1          │    │               │                      │  
    │            ┌──────┴──────────┐    │    │     ┌─────────┴────────┐             │  
    │            │                 │         │     │                  │             │  
    │            │                 │NIC2│    │     │                  │             │  
    │            │                 │    │    │     │                  │             │  
    │            │ YUNOHOST        │         │     │  NAS / home net  │             │  
    │            │                 ├────┬────┘     │                  │             │  
    │            │                 │    │          │                  │             │  
    │            │                 │               │                  │             │  
    │            │                 │    │          │                  │             │  
    │            └─────────────────┘    │          └──────────────────┘             │  
    │                                   │                                           │  
    │                                                                               │  
    │                                   │                                           │  
    │                                   │                                           │  
    │                                                                               │  
    │                                                                               │  
    └───────────────────────────────────────────────────────────────────────────────┘

I spent too much time drawing to write more, sorry.

Is the drawing about right?

stefan1 · April 11, 2024, 7:13am

Yes , exactly

If i boot my server with only eno8303 , it 's working

and if i boot with my 2 lan card , ping ok , but web server inaccessible .

best regards

Benance · April 11, 2024, 8:31am

2 NIC on a machine is almost never au good practice (except for link aggregation). But anyway, if you really want to use 2 NIC (or if you don’t have any other solution), you have to deal with IP routes on your yunohost machine.
I think your problem is that the default route use your second NIC instead of the first one.
Could you post the answer of ip -d route command?

stefan1 · April 11, 2024, 10:28am

It’s probably that

With only eno8303 active : ( webserver accesible )

default via 192.168.1.10 dev eno8303
192.168.1.0/24 dev eno8303 proto kernel scope link src 192.168.1.33

with eno8303 and 8403 active

unicast defaut via ( ipgateway lan ) dev eno8403 proto boot scoop global onlink
uncast ( ip gatewaylan / 24 ) dev eno8403 proto kernel scoop link source ( ip eno8403 )

Benance · April 11, 2024, 11:37am

ok, what are your 2 IP plans/ranges? they have to be different for your 2 NIC
could you post the answer to the command: ip a

wbk · April 11, 2024, 8:49pm

I think you have to give the second NIC a (much) higher metric. That makes sure traffic almost never hits that card, only when it is destined especially for the connection to your ‘home’ network. That, in combination with giving the Internet NIC a default gateway and the other one not, should work.

You can set the metric by adding it to the stanza for the interfaces like

stefan1:

# The primary network interface
allow-hotplug eno8303
iface eno8303 inet dhcp
   metric 100  #add low metric for 'internet NIC'

# This is an autoconfigured IPv6 interface
iface eno8303 inet6 auto
allow-hotplug eno8403
iface eno 8403 inet dhcp
   metric 500 # set high metric for 'internal NIC'

Baeldung has an article on setting metrics

stefan1 · April 12, 2024, 6:06am

It’s working .

Thank you very much

Have a good week-end

wbk · April 12, 2024, 9:15pm

Great! Thanks for posting back

Was setting the metric the only addition you had to make? Would you mind, for other users, to post the routes you configured (if so) and whether firewall rules were needed?

stefan1 · April 15, 2024, 6:44am

I just added the metric, didn’t have to configure the routes.
And, the rule for the firewall will be that this card can communicate

Have a good week