Thursday, September 17, 2009

Control routing with multiple DHCP-enabled interfaces

I have 2 network interfaces on my Ubuntu Linux development machine: one on the "secure corporate" network (eth0) and one on the "test development" network (eth1). Our network admins are trusting that I won't route between them (and I don't). I use DHCP on both interfaces, which usually leaves me with 2 default gateways set.

The default routing behavior is to use the last default gateway. This ends up being the gateway on the development network. That's bad because access on this network is a bit more locked down. If I try to access corporate resources on a remote subnet, chances are the router will deny me. Also, dynamic DNS registration ends up resolving my hostname to the development network IP address, so accessing my machine by name remotely isn't usually possible.

There are lots of tutorials about load-balancing using ip route, and about making sure that routing is symmetrical. In my case, I don't care about any of that. Here are my goals:
1. continue using DHCP
2. register my machine's DNS name using the corporate IP address
3. use the default gateway assigned by the corporate network

The solution is actually quite simple: configure the DHCP client to ignore or override the undesired DHCP options for eth1. I use dhclient, which is very flexible and has great documentation. The manpage (dhclient.conf(5)) was sufficient...no googling necessary! From the manpage:

interface "name" { declarations ... }

A client with more than one network interface may require different behaviour depending on which interface is being configured. All timing parameters and declarations other than lease and alias declarations can be enclosed in an interface declaration, and those parameters will then be used only for the interface that matches the specified name. Interfaces for which there is no interface declaration will use the parameters declared outside of any interface declaration, or the default settings.


With that nifty bit, I used the examples in the dhclient config file (/etc/dhcp3/dhclient.conf) to build this simple addition:

interface "eth1" {
    send host-name "";
    supersede routers 0.0.0.0;
}

interface "eth0" {
    send host-name "";
}


I simply tell it to send a blank hostname for dynamic DNS registration, and then give it a bogus default gateway. Restart networking or reboot and voila! DNS resolves to the IP address on the corporate network and my default gateway is the corporate side router. Mission accomplished.

@@ron