connecting two different (sub)networks
Hi there...
Probably something like this was asked/answered somewhere else in the forum, but I wasn't able to find it, so here I go. I have the following situation: Where I work we are about to surpass 255 computers/devices in the network, and we are about to be "out" of IPs in the very simple network that's in place. I'd like to open a new network so new computer/devices are set up in a new range of addresses. I would also like not having to change existing configuration in the clients already set-up. Set up is like this: Ubuntu 6.04 server, serving as transparent proxy + firewall + intranet server for the organization, with two network adapters. * eth0 (10.10.10.1, connected directly to the Internet) * eth1 (172.16.1.200, connected to the local network, with an alias as 172.16.1.250, and another as 172.16.0.250) The local network is set up as 172.16.1.0/24 I would like to set up new machines in 172.16.0.0/24, with them using 172.16.0.250 as gateway, and for these machines to be able to connect transparently to other machines/servers in the 172.16.1.x range, and viceversa. (New machines would be in the same physical network as the old) I am thinking that adding a couple of iptables rules would solve my situation, but I am not very sure if that's would be the case at all, or how should I construct these rules if they really are the answer. Hopefully the question is not hopelessly stupid, and someone can lend a hand. Thanks in advance for any clues or advice. Regards, I.- |
I think the best thing would be to change your network size from 24 bits to 23 bits (or 16 bits) so that 172.16.0.250 and 172.16.1.250 are on the same network.
Of course that requires updating all 200+ computers. Alternately, you could add a second IP to some computers like this, using the ip command from the iproute2 package: Code:
ip address add local ${IP}/24 broadcast + \ |
Thanks!
Can you tell me a little bit more about solution number 3 (the worst, albeit the one that requires less changes in the setup? Regards! I.- |
If you haven't already, add the second local network to eth1 like this (eth1:second is just a label I picked--you can pick a more meaningful one). I have actually done this a couple times for a couple different reasons.
Code:
ip address add 172.16.0.0/24 dev eth1 broadcast + scope global label eth1:second Code:
route add -net 172.16.0.0/24 dev eth1:second |
Ok, I'll post a bunch of configuration info, hopefully it is not considered in bad taste to flood the comments with all this data...
ifconfig reports... Code:
eth0 Link encap:Ethernet HWaddr 00:14:6C:86:37:5A Code:
Kernel IP routeing table Firewall is disabled for most tests, and enabled again when I verify that it is still not working as desired. Then, WXP machine has: 172.16.1.66/24 gw 172.16.1.250 And, W2k machine has: 172.16.0.195/24 gw 172.16.0.250 As it stands, I am unable to see machine WXP from W2k and viceversa. Still lost. Any other ideas? Sorry if I am being particularly dense, just learning as I go here. Thanks again, regards, I.- |
Obviously, UbuServer is able to see both computers/networks.
Regards, I.- |
Sorry!
The problems seems to be the firewall now. I thought it was disabled, but it was actually enabled. Disabling it, it seems that every machine can see each other. I'll post my conclusions when I'm done. Thanks again! Feeling very happy over here. Regards, I.- |
Everything works as it should.
Thanks a lot for your help! A bonus question, rather silly but that could help a little: Windows networking works through Ubuntu routing, but I can't specify a computer by name (e.g. '\\winserver1'), I have to use the IP (e.g. '\\172.16.0.100'). Is there any way of hardcoding a few names to addresses in the router machine, so the clients know that winserver1 points to 172.16.0.100 (without changing configuration in the clients, as DNS servers). Maybe I should open a new thread for this question, being slightly unrelated... Anyway, thanks for your help! Regards, I.- |
I suspect the name problem has to do with broadcasts. Windows has more than one mechanism for name resolution, but the oldest and default (I think) is for every host to broadcast it's name and address every few minutes. But there are two problems with that.
Your server's routing table has two entries for 172.16.0.0, with mask 255.255.255.0 and 255.255.0.0. You should delete one entry. All nodes on the network should use the same network mask if broadcasts are to work properly. I still recommend that you pick one 16-bit network and setup every machine to use it. It looks like you are most of the way there already. If you just change the network masks to 255.255.0.0 on each machine it should work. You don't even have to change any IP addresses. The nice part is, you don't have to change them all at once, because it's already working except for broadcasts. You can also set all the gateways to the same address and delete the aliases. |
Thanks for all your help.
Eventually I'll try your suggestion. Right now is impossible (there are some sort of weird problem in the W2k machine if the netmask is setup at 16, intermittent connection and so on). Since my "real" job here is programming, right now I am happy to have this fixed for the time being. And I learnt a little bit about networking (which was more useful than it transpired about in this thread), and a little bit more about Linux in the process. Our network is bigger than just the little setup here (there is an interlan connecting more than 50 points in spain through ADSL connections to our network and its servers), and like it or not I'll have to spend a bit more time learning the ugly bits of networking. Thanks again! Regards, I.- |
no problem...
Quote:
I think 192.168.0.250 is considered as virtual interface, and i also have the same problem and i cant add iptables rules for virtual interface.So i think you can better u add a new network card and assign this IP . |
All times are GMT -5. The time now is 04:30 PM. |