routing to multiple subnets in one entry

routing to multiple subnets in one entry

Post by /dev/rob » Mon, 14 Jul 2003 08:04:59



Suppose you have a LAN on 192.168.$W.0/24, and from there you connect to
other subnets via VPN: 192.168.$X.0/24, 192.168.$Y.0/24, 192.168.$Z.0/24
... your Ethernet interface sets the route to the $W subnet when it's
brought up. Could you set a single route to 192.168.0.0/16 pointing to
the VPN gateway?

Oh yeah, the VPN gateway is another host on the $W subnet.

My theory here is that the $W route will take priority, and that the
catchall /16 route will grab all the $X, $Y and $Z traffic. Do I need to
use iproute2 to set routing priority, or will this work with good 'ol
/sbin/route?
--

  or put "not-spam" or "/dev/rob0" in Subject header to reply

 
 
 

routing to multiple subnets in one entry

Post by Les Mikesel » Mon, 14 Jul 2003 11:51:29



Quote:> Suppose you have a LAN on 192.168.$W.0/24, and from there you connect to
> other subnets via VPN: 192.168.$X.0/24, 192.168.$Y.0/24, 192.168.$Z.0/24
> ... your Ethernet interface sets the route to the $W subnet when it's
> brought up. Could you set a single route to 192.168.0.0/16 pointing to
> the VPN gateway?

> Oh yeah, the VPN gateway is another host on the $W subnet.

> My theory here is that the $W route will take priority, and that the
> catchall /16 route will grab all the $X, $Y and $Z traffic. Do I need to
> use iproute2 to set routing priority, or will this work with good 'ol
> /sbin/route?

Yes the most specific route should always take priority.  The only problem
you
might consider is what happens if you send a packet to one of the subnets
that the /16 covers that don't really exist.  I'd expect a traceroute to
show
a 30-hop loop between the default gateway and the vpn gateway.   This
might also happen to real addresses if the vpn link is down.   I think you
can
use a 'reject' route on the vpn gateway at a higher metric than the vpn
routes
to prevent sending these packets to the default gateway.

---
  Les Mikesell


 
 
 

1. firewall / routing multiple subnets

Hi,

We have a Linux firewall / router that handles the traffics for our
different subnets. For each new subnet we have to put a new networkcard in
our Linux box. Now it has five networkcards. Because there a two new
subnets planned and there are no more free slots in the Linux box we are
investigating what we can do. The simplest way is to add another Linux box
to the network that acts as second firewall /router. But maybe there are
other solutions. Our thoughs are going in the way of deviding the two
functions that we know have in one box. In simple text let the Linux box do
the firewalling and some other box do the routing. Has someone done such a
setup ? What kind of router did you use ? Any thoughts, tips ?

Thanks,

Diederick

2. ncpfs with Novell 4

3. Setting Static Routes to Multiple Subnets on the Same LAN

4. gcc for SunOs 4.1.2 sun4c ?

5. Jumpstart multiple subnets with one server and quad NIC card

6. asy0: silo overflow

7. Multiple NICs on one Subnet

8. Wireless LAN (Arlan 655)

9. ppp routing to multiple private subnets?

10. multiple network cards in one subnet - possible?

11. Multiple Subnets on one Ethernet

12. Multiple interfaces on one subnet

13. Multiple subnets on one cable