Post by S Jam » Sat, 06 Sep 2003 00:37:21

Dear all,

I'm getting close to figuring out IP routing in its simplest sense

(In the following, .20.1 means

4 machines:

               |                        |
               |                        |

Circle's routing tables tell it that .20.x destinations are to be
accessed through xerxes (.10.5), amoung other things: via dev eth1 dev eth0  proto kernel  scope link  src dev eth1  scope link dev lo  scope link
default via dev eth0

The only route that I have explicitly added above (ie, with ip route
add), is this one: via dev eth1

the others were all set up with the setup of the network cards.

Xerxes' routing tables don't need to be anything other than dead
simple because xerxes has netcards on both the .10.x and .20.x nets,
so nothing to change here: dev eth1  scope link dev eth0  proto kernel  scope link  src dev lo  scope link
default via dev eth0

Clients on the .20.x subnet need to know that the .10.x subnet is
reached through xerxes-if2 (.20.1). However, the default route
for clients on the .20.x subnet is through .20.1, so nothing to
change here: dev eth0  proto kernel  scope link  src dev lo  scope link dev lo  scope link
default via dev eth0

For clients on the .20.x subnet to be able to send and receive to the
.10.x subnet, the clients on the .10.x subnet must have a route
through to the .20.x subnet. This is where I get to my problem.

So, on, for example, darius (.10.4): dev eth0  proto kernel  scope link  src dev eth0  scope link dev lo  scope link
default via dev eth0

This is the client "as it boots", without an explicit route to .20.x,
but with a default route to .10.1. Access to .20.x subnet doesn't
work (even though access from circle to .20.x works and circle is the
default route):

(I press ctrl-c now, as this isn't working)

Add the route to .20.x explicitly, and all is ok:

The authenticity of host ' (' can't be established.
RSA key fingerprint is e5:b3:81:0f:6e:78:28:5d:26:f9:1c:29:64:61:06:fa.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (RSA) to the list of known hosts.


What I don't understand is this:

If circle is set up to route packets for .20.x through xerxes (.10.5),
how come a .10.x client, using circle (.10.1) as its default route,
can't send packets to a .20.x client? Isn't this the point of routing
and having gateways?

I don't want to have to set up the individual clients with a route to
my .20.x network, I obviously would prefer to have gateways, such as
circle and xerxes, which do all the routing for the other machines.

Can someone advise me on where I am going wrong? I think I'm close
now. Please ignore the last rather long message I posted, as well.

thanks very much for reading,

Seb James.


