subnet to subnet routing question

subnet to subnet routing question

Post by S Jam » Sat, 06 Sep 2003 00:37:21



Dear all,

I'm getting close to figuring out IP routing in its simplest sense
now.

(In the following, .20.1 means 192.168.20.1)

4 machines:

               |                        |
circle[.10.1]<-|->[.10.5]xerxes[.20.1]<-|->[.20.4]cambyses
               |                        |
darius[10.4]<--|
               |

Circle's routing tables tell it that .20.x destinations are to be
accessed through xerxes (.10.5), amoung other things:


192.168.20.0/24 via 192.168.10.5 dev eth1
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.3
192.168.10.0/24 dev eth1  scope link
127.0.0.0/8 dev lo  scope link
default via 192.168.0.1 dev eth0

The only route that I have explicitly added above (ie, with ip route
add), is this one:

192.168.20.0/24 via 192.168.10.5 dev eth1

the others were all set up with the setup of the network cards.

Xerxes' routing tables don't need to be anything other than dead
simple because xerxes has netcards on both the .10.x and .20.x nets,
so nothing to change here:


192.168.20.0/24 dev eth1  scope link
192.168.10.0/24 dev eth0  proto kernel  scope link  src 192.168.10.5
127.0.0.0/8 dev lo  scope link
default via 192.168.10.1 dev eth0

Clients on the .20.x subnet need to know that the .10.x subnet is
reached through xerxes-if2 (.20.1). However, the default route
for clients on the .20.x subnet is through .20.1, so nothing to
change here:


192.168.20.0/24 dev eth0  proto kernel  scope link  src 192.168.20.4
169.254.0.0/16 dev lo  scope link
127.0.0.0/8 dev lo  scope link
default via 192.168.20.1 dev eth0

For clients on the .20.x subnet to be able to send and receive to the
.10.x subnet, the clients on the .10.x subnet must have a route
through to the .20.x subnet. This is where I get to my problem.

So, on, for example, darius (.10.4):

192.168.10.0/24 dev eth0  proto kernel  scope link  src 192.168.10.4
169.254.0.0/16 dev eth0  scope link
127.0.0.0/8 dev lo  scope link
default via 192.168.10.1 dev eth0

This is the client "as it boots", without an explicit route to .20.x,
but with a default route to .10.1. Access to .20.x subnet doesn't
work (even though access from circle to .20.x works and circle is the
default route):


(I press ctrl-c now, as this isn't working)

Add the route to .20.x explicitly, and all is ok:



The authenticity of host '192.168.20.4 (192.168.20.4)' can't be established.
RSA key fingerprint is e5:b3:81:0f:6e:78:28:5d:26:f9:1c:29:64:61:06:fa.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.20.4' (RSA) to the list of known hosts.


Success!

What I don't understand is this:

If circle is set up to route packets for .20.x through xerxes (.10.5),
how come a .10.x client, using circle (.10.1) as its default route,
can't send packets to a .20.x client? Isn't this the point of routing
and having gateways?

I don't want to have to set up the individual clients with a route to
my .20.x network, I obviously would prefer to have gateways, such as
circle and xerxes, which do all the routing for the other machines.

Can someone advise me on where I am going wrong? I think I'm close
now. Please ignore the last rather long message I posted, as well.

thanks very much for reading,

Seb James.

 
 
 

1. 2 ip adresses, different subnet, ping reply from ip in other subnet ?

Hi,

I have a linux server with 2 nic's both in a separate subnet (172.21.3.x
and 192.168.10.x).

the 192.168.10.x is connected to another server via a crossed utp cable.
the 172.21.3 is our local lan.

if i ping the 192.168.10.x interface on the server from my local
workstation (which is in the 172.21.3.x range), i get an immediate reply.

How does this happen ? does the linux server hear the request for
192.168.10.x on his 172.21.3.x interface and thinks, "hey, that's my other
interface, i'll reply" ?

in the routing table, there is no reference to the 192.168.10.x subnet,
and our default gateway also doesn't know about this subnet.

if my assumptions are correct, is it possible to stop the linux server
from responding to icmp queries not directed to its correct (same subnet)
interface ?

I don't use iptables (yet). i noticed the same behaviour with the
/proc/sys/net/ipv4/ip_forward parameter either set to 0 or 1.

Thanks,

Tom.

2. Realtek RTL8019 ethernet driver

3. subnet to subnet isakmpd freeswan

4. SSI Mishaps

5. Can I subnet a subnet?

6. 5 Common mistakes

7. Subnet a subnet?

8. Ethernet Card

9. Reserved addresses in subnet & Number of subnets

10. Help: machines on subnet can't ping the machines outside subnet

11. firewall/router - subnet/router - subnet

12. Linking two subnets within the same Class C subnet

13. how to connect a sun/solaris 2.x subnet with an HP-UX subnet?