LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-29-2006, 04:11 AM   #1
lhrt
Member
 
Registered: Mar 2006
Posts: 82

Rep: Reputation: 15
ipforward/route


hi,

Here is my senario...
Our head office is located in Uk on 10.1.1.0/255.255.255.0 network.
gateway and router ip is 10.1.1.1.
Our branch office located in India on 10.2.1.1/255.255.255.0 network.
gateway is 10.2.1.1.
These two offices are connected using hardware VPN so we can ping and connect both end.
Now we need to connect to a particular ip in Uk from India side through the Uk office. ie traffic to that particilar ip should pass through the 10.1.1.1 router.

Is there any way to do that on linux using route or some iptables rule?

Thanks in adv
Lhrt
 
Old 10-29-2006, 04:39 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
10.1.X.X.X and 10.2.X.X.X are subnets of 10.X.X.X so you simply need to add a route to the VPN gateway device (or host).

Something like this will do:
sudo /sbin/route add -net 10.2.0.0 gw <vpn ip> eth0
(Assuming eth0 is the device connected to the vpn/gateway.)
You may have a GUI configuration program in you distro for setting up routes. If there is another host in-between, then it's IP needs to be the gw address, and it needs IP forwarding enabled.
sudo /sbin/route add -net 10.2.0.0 gw <vpn ip> eth0

One thing I find handy is to give the network names in the /etc/networks file. For example, mine is:
#
# networks This file describes a number of netname-to-address
# mappings for the TCP/IP subsystem. It is mostly
# used at boot time, when no name servers are running.
#

loopback 127.0.0.0
link-local 169.254.0.0
wireless 192.168.1.0
jesnet 192.168.1.128

# End.
Then the output of my route command looks like this:
Code:
> /sbin/route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
wireless        *               255.255.255.128 U     0      0        0 wlan0
link-local      *               255.255.0.0     U     0      0        0 wlan0
loopback        *               255.0.0.0       U     0      0        0 lo
default         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0

Last edited by jschiwal; 10-29-2006 at 04:41 AM.
 
Old 10-29-2006, 11:28 PM   #3
lhrt
Member
 
Registered: Mar 2006
Posts: 82

Original Poster
Rep: Reputation: 15
thanks jschiwal

but that not i want really.
I want to access the machine w.x.y.z from my pc through vpn so that machine w.xyz knows its comming from 10.1.1.1.

please refer the picture in link below
http://seeker7.netfirms.com/dig.jpg

thanks

Last edited by lhrt; 10-29-2006 at 11:58 PM.
 
Old 10-30-2006, 07:12 PM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
At work we have a number of sites that connect to our media server. There are 3 remote sites in Minnesota and 1 in North Dakota.

The traffic travels through a VPN tunnel set up by Cisco routers.
I'll change the IP address a bit for the demonstration and linuxify this real world example.
172.28.100.0

Code:
# /etc/networks for this example
loopback   127.0.0.0 
fargo      172.28.100.0
ada        172.28.101.0
fergus     172.28.102.0
perham     172.28.103.0
jamestown  172.28.104.0
The IP addresses use a Class B private IP range, subnetted so the netmask is 255.255.255.0. You are using a Class A private IP range. If you don't have close to 255 sites then having your addresses like 10.1.x.x and 10.2.x.x with a 255.255.0.0 netmask would be more typical, but I digress.

The routers have local addresses of 172.28.100.1, 172.28.101.1, 172.28.102.1, 172.28.103.1 and 172.28.104.1 respectively. So in Fargo, the default gateway is set to 172.28.100.1 and in Ada the default gateway is set to 172.28.101.1.


If this network also had internet access and a separate router, then these specific routes would need to be setup.
example for fargo:
Code:
route add -net 172.28.101.0 gw 172.28.100.1
route add -net 172.28.102.0 gw 172.28.100.1
route add -net 172.28.103.0 gw 172.28.100.1
route add -net 172.28.104.0 gw 172.28.100.1
Because I used an /etc/networks file, this would work.
Code:
route add -net ada       gw 172.28.100.1
route add -net fergus    gw 172.28.100.1
route add -net perham    gw 172.28.100.1
route add -net jamestown gw 172.28.100.1
route add default gw <gateway-to-internet> dev <if-device>
Different distro's have different methods of setting up static routes. Also, the routes need to be configured for every host.

---

Maybe I misunderstood your problem. Do you want to from India, connect to a UK computer on the Internet (outside the UK LAN), and have the traffic go through the tunnel to the UK and use the UK's gateway to the internet?

In that case I think you need a something like:
route add -host w.x.y.z gw 10.2.1.1

This will send the traffic through the VPN instead of out your local gateway in India. The VPN device may need to be configured so that it doesn't drop the w.x.y.z destination. It may be setup to only allow 10.1.1.1 <-> 10.2.1.1 traffic and drop everything else. That is to say, that the VPN routers may need a similar routing rules.

---

If the w.x.y.z host is outside the UK LAN and on the internet, why not simply use the internet to make the connection?

Last edited by jschiwal; 10-31-2006 at 05:35 PM.
 
Old 10-30-2006, 10:43 PM   #5
lhrt
Member
 
Registered: Mar 2006
Posts: 82

Original Poster
Rep: Reputation: 15
hi jschiwal,

Quote:
Do you want to from India, connect to a UK computer on the Internet (outside the UK LAN), and have the traffic go through the tunnel to the UK and use the UK's gateway to the internet?
Yes thats all I want to do.


Quote:
In that case I think you need a something like:
route add -host w.x.y.z gw 10.1.1.1
If I put such static route I guess it will not work since this 10.1.1.1 machine is not in the local network right? and the router i used for vpn is a netgear router and I tried to put a route like what you said it shows like the gateway ip specified is not reachable.

Quote:
If the w.x.y.z host is outside the UK LAN and on the internet, why not simply use the internet to make the connection?
Its because those guys in UK dont want to know the client that we are working from India.

please share your ideas about this.
And im thinking its posbile to redirect all packets to that w.x.y.z to 10.1.1.1 and then it will push packets to outside.

thanks
 
Old 10-31-2006, 05:38 PM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
I had a typo and corrected it.

This is for the India hosts:
In that case I think you need a something like:
route add -host w.x.y.z gw 10.2.1.1

If the India LAN doesn't have an Internet gateway, and the router/vpn device is used as the default gateway:
route add default gw 10.2.1.1
then you don't need to add a route for w.x.y.z .
The VPN devices may need to be set up to forward the traffic inside the tunnel.

Last edited by jschiwal; 10-31-2006 at 05:40 PM.
 
Old 10-31-2006, 11:35 PM   #7
lhrt
Member
 
Registered: Mar 2006
Posts: 82

Original Poster
Rep: Reputation: 15
hi,
my default gateway is 10.2.1.1
the vpn gateway and default gateway are the same. and if sending a packet to 10.1.1.0/24 network it will pass through vpn and all other internet ips go directly out side. I must find a eay yo tunnel the particular traffic to passtheouf\gh the vpn.
thanks
 
Old 11-02-2006, 07:02 PM   #8
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
Did you try to establish the route after the VPN connection is up?
 
Old 11-03-2006, 08:12 AM   #9
lhrt
Member
 
Registered: Mar 2006
Posts: 82

Original Poster
Rep: Reputation: 15
@osvaldomarques

yes ofcource.
Now the last resort is try some DNAT and redirect all traffic to the network and redirect to the client.

thanks
 
Old 11-03-2006, 10:08 AM   #10
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
The 10.2.1.1 gateway is your server or it's the address of the VPN hardware? Do you use linux/unix on your site or it's a windows system?

Would you give us a result of the "route" command?
 
Old 11-03-2006, 10:47 PM   #11
lhrt
Member
 
Registered: Mar 2006
Posts: 82

Original Poster
Rep: Reputation: 15
hi osvaldomarques,

10.2.1.1 is my netgear vpn router.

Iam on windows xp box that connect to a Linux firewall/router gateway that is connected to VPN device.

Code:
10.2.1.3           10.2.1.2                  10.2.1.1            
(winxp)-------->(linux router)--------->(netgear vpn router)--->(vpn netwotk and or internet)<-----------(netgearvpnrouter(10.1.1.1))---10.1.1.0/24 network

here is the command on the linux machine

Quote:
#route add -host 38.114.169.189 gw 10.1.1.1
SIOCADDRT: Network is unreachable
 
Old 11-04-2006, 04:44 AM   #12
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
Hi lhrt,

I didn't express myself correctly. Please, enter "route -n" command on the linux box to show us the route table.

I think your problem is you doesn't have a declared route to 10.1.1.1, reaching it by defaulting to the vpn box.

In this case, you could add first a route to 10.1.1.1 and then declare it as the gateway for you UK customer:

route add -host 10.1.1.1 gw 10.2.1.1
route add -host 38.114.169.189 gw 10.1.1.1

Osvaldo.
 
Old 11-05-2006, 10:28 PM   #13
lhrt
Member
 
Registered: Mar 2006
Posts: 82

Original Poster
Rep: Reputation: 15
I put the routes as you said but it gives same error.
Network is unreachable.
here is my routing table

Code:
#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.1.1.1      10.2.1.1        255.255.255.255 UGH   0      0        0 eth0
10.2.1.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.1.1.0        10.2.1.1        255.255.255.0   UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         10.2.1.1        0.0.0.0         UG    0      0        0 eth0

#route add -host 38.114.169.189 gw 10.1.1.1
SIOCADDRT: Network is unreachable
 
Old 11-06-2006, 07:32 AM   #14
osvaldomarques
Member
 
Registered: Jul 2004
Location: Rio de Janeiro - Brazil
Distribution: Conectiva 10 - Conectiva 8 - Slackware 9 - starting with LFS
Posts: 519

Rep: Reputation: 34
Hi lhrt,

I did some google research and I found that this message means:
"The routeraddr isn't on a directly-connected network so this machine would be unable forward packets to it."

I did some testing and confirmed that I can't establish a route using a gateway which is not directly connected to my net.

However, if you have ssh access to the UK linux, you could create a new subnet using ppp over ssh from your linux machine to there and then you could use that machine on this subnet as your gateway. It sounds complex but it is really a Coulomb's egg.

There is a basic script to do this on the zipslack image, created by Adi Masputra, named "/usr/doc/ppp-2.4.1/scripts/ppp-on-ssh" which can be tailored to your need.

I use it with with all my customers who has access to internet to service them.
 
Old 11-08-2006, 04:34 AM   #15
lhrt
Member
 
Registered: Mar 2006
Posts: 82

Original Poster
Rep: Reputation: 15
hi osvaldomarques,

sorry to ask you mean i need to install a pptpd server on uk Linux machine and connect to to it from India side ? and I need to add all pptp functions to it? I mean compiling and adding those modules to it?

thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Default route took 20s to display with 'route' command Akhran Linux - Newbie 3 11-04-2006 04:59 AM
ipforward Moondran Linux - Newbie 1 10-14-2005 09:40 PM
I am not able to add a new route to my route table using route command prashanth s j Linux - Networking 2 09-03-2005 04:34 AM
ipforward vs. routing Breezer Linux - Networking 4 12-19-2001 11:23 AM
ipforward vs. Routing Breezer Linux - Networking 0 12-19-2001 11:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration