LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-29-2003, 08:14 AM   #1
Zepiroth
Member
 
Registered: May 2003
Location: Surabaya, Jawa Timur, Indonesia
Distribution: Ubuntu LTS Servers, Redhat Server Administrators and Solaris 10 Newbie
Posts: 56

Rep: Reputation: 15
Linux Routing Table


Dear Linux Experts,

I am building a Linux Router based on RedHat 9.
the router has 2 Ethernet Interface with different IP.

Network layout looks like this

---------------
- Windows XP -
--------------
202.0.0.2/255.255.255.0 ; Default Gateway 202.0.0.1
|
|
eth1 : 202.0.0.1/255.255.255.0
----------------
- Linux Router -
----------------
eth0 : 192.168.1.12/255.255.255.0
|
|
192.168.1.1 : Windows 2000 Server ( have Apache web server )
192.168.1.10 : Other Router for main gateway
-----------
Internal LAN

from Windows XP, I can ping 192.168.1.12 successfully,
but cannot ping to 192.168.1.1 or 192.168.1.10.
other test is using web. Since the Router also have Webmin installed,
I can access
http://202.0.0.1:10000
and
http://192.168.1.12:10000
from my Windows XP computer browser.
but connecting to apache WebServer on 192.168.1.1 ( Windows 2000 Server ) is not possible at all.

Conclusion :
From Windows XP (202.0.0.1) I can ONLY connect to 192.168.0.12 on network 192.168.1.xx .

Where did I do wrong on the routing table ?
Any suggestions would be appreciated.
Thank you in advance.

------------------------------------------
Notes
Routing table list look like this :

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
202.0.0.1 127.0.0.1 255.255.255.255 UGH 0 0 0 lo
192.168.1.255 192.168.1.12 255.255.255.255 UGH 0 0 0 eth0
192.168.1.12 127.0.0.1 255.255.255.255 UGH 0 0 0 lo
202.0.0.255 202.0.0.1 255.255.255.255 UGH 0 0 0 eth1
192.168.1.0 192.168.1.12 255.255.255.0 UG 0 0 0 eth0
202.0.0.0 202.0.0.1 255.255.255.0 UG 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.10 0.0.0.0 UG 0 0 0 eth0


IPtables firewall is disabled by using command line :
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
 
Old 12-29-2003, 09:30 AM   #2
shahriar
LQ Newbie
 
Registered: Dec 2002
Posts: 18

Rep: Reputation: 0
just wondering, do you have the kernel ip forwarding enabled? you can do a

$ cat /proc/sys/net/ipv4/ip_forward

and if it tells 1, it is ok, if it tells 0, then do a

# echo 1 > /proc/sys/net/ipv4/ip_forward

and then try.

hope this works.
 
Old 12-29-2003, 11:54 AM   #3
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
A key to routing is to consider where the far end machines will look to send replies...
They may have different default gateways set and be passing the replies into another router.

The answer is to set up a static route in each of 192.168.1.1 & 192.168.1.10 that points to network 202.0.0.0 netmask 255.255.255.0 via 192.168.1.12, or, to host 202.0.0.2 via 192.168.1.12
 
Old 01-09-2004, 02:20 AM   #4
Zepiroth
Member
 
Registered: May 2003
Location: Surabaya, Jawa Timur, Indonesia
Distribution: Ubuntu LTS Servers, Redhat Server Administrators and Solaris 10 Newbie
Posts: 56

Original Poster
Rep: Reputation: 15
Hi,

After adding instructions in the /etc/rc.d/rc.local


route add -net 202.0.0.1 gateway 127.0.0.1 netmask 255.255.255.255
route add -net 202.0.0.255 gateway 202.0.0.1 netmask 255.255.255.255
route add -net 202.0.0.0 gateway 202.0.0.1 netmask 255.255.255.0

route add -net 192.168.1.255 gateway 192.168.1.12 netmask 255.255.255.255
route add -net 192.168.1.12 gateway 127.0.0.1 netmask 255.255.255.255
route add -net 192.168.1.0 gateway 192.168.1.12 netmask 255.255.255.0


and setting the default gateway of eth0 to 192.168.1.10 via webmin.
Webmin->Network->Routing and Gateway
I set the default gateway of eth0 to 192.168.1.10

It works.

for shahriar :
I checked the /proc/sys/net/ipv4/ip_forward
it reports 1

for peter_robb
There are nothing to change for the other router gateway ( on 192.168.1.10 ).

Thank you for the replies.
---
 
Old 01-09-2004, 02:24 AM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Except you have one problem. You have redudent entries because you specified -net, you also have to specify a netmask, but in fact it's a /32 netmask (i.e. a single IP) so what you're really doing is adding host routes, not network routes. If you would have simply used -host, you wouldn't need the netmask.
 
Old 01-09-2004, 06:16 AM   #6
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
route add -net 202.0.0.1 gateway 127.0.0.1 netmask 255.255.255.255
route add -net 202.0.0.255 gateway 202.0.0.1 netmask 255.255.255.255
route add -net 202.0.0.0 gateway 202.0.0.1 netmask 255.255.255.0

route add -net 192.168.1.255 gateway 192.168.1.12 netmask 255.255.255.255
route add -net 192.168.1.12 gateway 127.0.0.1 netmask 255.255.255.255
route add -net 192.168.1.0 gateway 192.168.1.12 netmask 255.255.255.0


This isn't a very elegant way of doing it as chort mentioned...
and it is working by accident...

A static route is for a remote network, accessed via a local gateway/router, eg
route add -net 202.0.0.0 netmask 255.255.255.0 gw 192.168.1.12

The two machines in the 192.168.1.0 network need this to find 202.0.0.0 machines.

And if you have MASQUERADE or SNAT running on eth0 on the Linux router, it is doing all the hard work by translating all the 202.0.0.0 ip numbers into 192.168.1.12, which everyone can find.

& a couple of points to clarify route rules...
- using 127.0.0.1 as a gw would only work if you have bound another transport (eg ssh tunnel) to the lo interface..
- try not to set up overlapping -net definitions. The first one will win, when usually the tightest netmask (eg 255.255.255.255) wins..
- don't place broadcast numbers into a route definition
 
Old 01-13-2004, 10:14 PM   #7
Zepiroth
Member
 
Registered: May 2003
Location: Surabaya, Jawa Timur, Indonesia
Distribution: Ubuntu LTS Servers, Redhat Server Administrators and Solaris 10 Newbie
Posts: 56

Original Poster
Rep: Reputation: 15
Dear Peter_Robb and Chort,

After reading the replies several times I still could not understand the explanation ( sorry ). I am a newbie in Linux, especially in IP Networking.
I got the idea of those IP settings from my Microsoft ISA Server routing table.
I already surfed the Internet to look for this specific issue.
I already got and read some materials from :
1) http://linux-ip.net/html/ ( about Linux Advanced IP networking ).
2) http://www.tldp.org -> The Linux System Administrators' Guide and The Linux Network Administrator's Guide, Second Edition
3) www.google.com -> searching for the same specific material.

I felt my solution is strange even though it works.

If you know any site that provide the concept of routing and setting the IP tables especially for the same issue, I would be appreciated.

Thank you.
---
 
Old 01-14-2004, 12:34 AM   #8
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
I got the idea of those IP settings from my Microsoft ISA Server routing table.
That explains a lot...

Look, when you add the "-net" flag to route, that means "this is a network of IPs", i.e. more than one IP. When you specify a netmask of "255.255.255.255" that means "this IP address matches exactly with no wildcards at all", i.e. "this is a single IP address". So using -net combine with netmask 255.255.255.255 is contradictory. You're saying it's a network of one IP (which is not a network).
 
Old 01-16-2004, 03:00 AM   #9
Zepiroth
Member
 
Registered: May 2003
Location: Surabaya, Jawa Timur, Indonesia
Distribution: Ubuntu LTS Servers, Redhat Server Administrators and Solaris 10 Newbie
Posts: 56

Original Poster
Rep: Reputation: 15
Dear chort,

Is these routing table have some side effect on the network
or
is it simply ( accidentally ) works but not the right thing ?

I just wonder what is the right routing table entries based on my network condition.

Thank you.
 
Old 01-16-2004, 07:18 AM   #10
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
A couple of routes need to be added to the machines in the 192.168.1.x network,
and a suggestion about using 202.x.x.x on the M$ XP machine...

Apart from the normal interface entries, all the machines in the 192.168.1.x network need to be able to find the M$ XP machine..
Unfortunately, coz it's using an "Internet" number, you should only reference it by it's number, rather than it's network, to avoid blocking valid Internet numbers in 202.0.0.x that don't exist in your net.

So, add.. route add -host 202.0.0.2 gw 192.168.1.12 to all machines in the 192.168.1.x network (except the Linux router 192.168.1.12)

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
202.0.0.2 192.168.1.12 255.255.255.255 UGH 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.10 0.0.0.0 UG 0 0 0 eth0

If it's possible, change the M$ XP network back to a Class A,B or C network
Using Internet routable numbers inside a local net leads to trouble, eg if a real www site just happens to have the same number, etc..
 
Old 01-26-2004, 03:18 AM   #11
Zepiroth
Member
 
Registered: May 2003
Location: Surabaya, Jawa Timur, Indonesia
Distribution: Ubuntu LTS Servers, Redhat Server Administrators and Solaris 10 Newbie
Posts: 56

Original Poster
Rep: Reputation: 15
Dear Peter_Robb,

I am sorry that this reply tooks several days from your last posting.
I have some task assignment and it has just been done.
I hope you still follow this thread.

By the time of writing this reply I am beginning to investigate the routing table. Further reply (from me) would be posted shortly.

Thank you.
 
Old 01-28-2004, 02:29 AM   #12
Zepiroth
Member
 
Registered: May 2003
Location: Surabaya, Jawa Timur, Indonesia
Distribution: Ubuntu LTS Servers, Redhat Server Administrators and Solaris 10 Newbie
Posts: 56

Original Poster
Rep: Reputation: 15
Hi, I'm back.

Hi,

I did clean install the Linux router and I tried to re-do the same thing on the routing table. It DID NOT WORK.

Do I have to use NAT-IP Masquerading on to build the router ?
Is there anyone who can explain to me what is NAT, SNAT, DNAT & IP Masquerading ?
Brief explanation would be appreciated.
Any URLs to some guide/tutorial/howto on that topic will also help ( I am a patient learner ).


For Peter_Robb :

Quote:
So, add.. <b>route add -host 202.0.0.2 gw 192.168.1.12</b> to <b>all</b> machines in the 192.168.1.x network (except the Linux router 192.168.1.12)<br />
the Linux machine that I tried to build is intended to replace my Internet Gateway ( using M$ ISA Server and Exchange Server 2000 ).
The current machine has functions as
1. E-Mail Server ( I successfully build MailScanner, PostFix, ClamAV, SpamAssassin and SASL on Linux as replacement of Exchange Server ).
2. Internet Firewall ( I use NetFilter to replace ISA firewall ).
3. Internet Sharing ( I use the routing table -> This thread is used to solve this function. Correct me if I am wrong ).

The Linux box configuration above is intended to simulate that purpose. Once I finished building, integrating and testing all the functions, the Windows box will be decomissioned.

Network 202.0.0.x will represent the local intranet network.
Network 192.168.1.x will represent the Internet.

Since 192.168.1.x would be the Internet Networks, it is impossible to add such route from each node in the Internet.

Thank you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
routing table arvind kumar Linux - Networking 2 06-09-2005 12:59 AM
Help with a Routing Table maginotjr Linux - Networking 4 06-06-2005 10:49 AM
Need help creating routing table on linux itrap2003 Linux - Networking 5 06-25-2004 10:18 PM
routing table upr8830 Linux - Networking 6 06-18-2003 04:04 AM
Possible to have 2 gateways at once in routing table? magnakuz Linux - Networking 1 03-04-2002 10:54 AM


All times are GMT -5. The time now is 01:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration