LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-18-2004, 12:23 PM   #1
NetAX
Member
 
Registered: Mar 2004
Location: Boston, MA
Distribution: SuSE Linux Open/Enterprise, Red Hat, Ubuntu
Posts: 147

Rep: Reputation: 17
Making two subnets talk to each other.


I'm trying to make two subnets that i have created talk to each other.

Server contains 2 subnets:
172.20.31.X and 172.16.4.X

each subnet has its on gateway , ex: 172.20.31.1 and 172.16.4.1.
Apparently when i try to ping a machine on 172.20.31.X i dont get a reply. This is also true when I ping from the 172.16.4.X subnet, I cannot access 172.20.31.X.

As I said earlier both of the subnets are connected to a Linux server operating as a router. The server is functioning as a DHCP server as well. I have a firewall setup through YaST. Internet access to both subnets runs very smooth. I just cant get them to talk to each other.

I would like to keep the subnets i have rather than combining them together if it is possible.

Thanks for any help.
 
Old 09-18-2004, 02:05 PM   #2
CroMagnon
Member
 
Registered: Sep 2004
Location: New Zealand
Distribution: Debian
Posts: 900

Rep: Reputation: 33
Do you have any firewall rules to allow your subnets to talk to each other?

I haven't used YaST, does it create a script you can check? If not, what does iptables -L say?
 
Old 09-18-2004, 03:18 PM   #3
mritch
Member
 
Registered: Nov 2003
Location: austria
Distribution: debian
Posts: 667

Rep: Reputation: 30
have you enabled forwarding?
echo 1 > /proc/sys/net/ipv4/ip_forward

sl mritch.
 
Old 09-18-2004, 03:33 PM   #4
NetAX
Member
 
Registered: Mar 2004
Location: Boston, MA
Distribution: SuSE Linux Open/Enterprise, Red Hat, Ubuntu
Posts: 147

Original Poster
Rep: Reputation: 17
I was able to get the server to ping machines on both subnets. I just need "link" the two. I tried enabling the echo command but either It didnt work or I dont know how it would work.
 
Old 09-18-2004, 03:34 PM   #5
NetAX
Member
 
Registered: Mar 2004
Location: Boston, MA
Distribution: SuSE Linux Open/Enterprise, Red Hat, Ubuntu
Posts: 147

Original Poster
Rep: Reputation: 17
This is my table


Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
172.20.31.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth2
 
Old 09-18-2004, 04:27 PM   #6
CroMagnon
Member
 
Registered: Sep 2004
Location: New Zealand
Distribution: Debian
Posts: 900

Rep: Reputation: 33
Umm, if your machine is acting as a firewall, and both subnets can access the internet, it's a pretty safe bet that IP forwarding is already enabled. However, normal firewall policy is to deny by default on the forwarding chain, and only forward what you let it (which would be "let subnet 1 access internet" and "let subnet 2 access internet". Without a firewall rule for "let subnet 1 access subnet 2" and vice versa, no go. So, again, what does iptables -L give you?
 
Old 09-18-2004, 06:24 PM   #7
NetAX
Member
 
Registered: Mar 2004
Location: Boston, MA
Distribution: SuSE Linux Open/Enterprise, Red Hat, Ubuntu
Posts: 147

Original Poster
Rep: Reputation: 17
what part should i post? I typed iptables -L and it gave me a really really long output.
 
Old 09-18-2004, 08:36 PM   #8
CroMagnon
Member
 
Registered: Sep 2004
Location: New Zealand
Distribution: Debian
Posts: 900

Rep: Reputation: 33
OK, if it's really long, then we'll skip the posting (although we may need to fall back on it if this doesn't help)

Load up your firewall configuration tool and see if there's a way to add forwarding between eth0 and eth1. You want to say something like "allow source 172.20.31.0/24 on interface eth1 with destination 172.16.4.0/24 on eth0", and the inverse. Until you have traffic allowed in both directions, you won't see anything from a ping.

If you can't see a way to do that in the tool, try these two commands directly:

iptables -A FORWARD -s 172.20.31.0/24 -i eth1 -d 172.16.4.0/24 -o eth0 -j ACCEPT
iptables -A FORWARD -s 172.16.4.0/24 -i eth0 -d 172.20.31.0/24 -o eth1 -j ACCEPT

and see if you can ping after that. If you can, you'll need to get those two lines added to your firewall script.
 
Old 09-19-2004, 06:12 PM   #9
NetAX
Member
 
Registered: Mar 2004
Location: Boston, MA
Distribution: SuSE Linux Open/Enterprise, Red Hat, Ubuntu
Posts: 147

Original Poster
Rep: Reputation: 17
Thanks for the input CroMagnon. I tried your iptables configuration but it didn't work. I went back to my firewall tool and added the subnets to the external interfaces category. It worked after I did that. i was able to ping the other subnet.

I don't know and it probably is a security issue that my internal interfaces are also in my external interfaces category. My external interface is the connection to the internet. Im probably gonna increase the firewall security on my DSL modem/router for the time being. I've been looking around on the internet about the iptables command hopefully i'll find a better solution after I immerse my self in the research.
 
Old 09-19-2004, 06:30 PM   #10
CroMagnon
Member
 
Registered: Sep 2004
Location: New Zealand
Distribution: Debian
Posts: 900

Rep: Reputation: 33
There is a good firewall HOWTO that explains what iptables is up to, so you can try that. The iptables man page also has a lot of good info.

Since just the forwarding rules didn't work, it's possible your firewall tool locked things down more in the INPUT or OUTPUT chains - you might need to add similar accept rules for one or both of those. Good luck!
 
Old 09-19-2004, 09:13 PM   #11
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
Maybe I missed it, but are you sure that IP forwarding is enabled? No where do I see that being checked. You have to have IP forwarding turned on, otherwise you get the situation you described--i.e. the server can contact both subnets (since they're directly attached), but it won't forward packets from one to another.
 
Old 09-20-2004, 02:22 AM   #12
CroMagnon
Member
 
Registered: Sep 2004
Location: New Zealand
Distribution: Debian
Posts: 900

Rep: Reputation: 33
I think you're barking up the wrong tree with ip_forwarding. As he said at the start:

Quote:
As I said earlier both of the subnets are connected to a Linux server operating as a router. The server is functioning as a DHCP server as well. I have a firewall setup through YaST. Internet access to both subnets runs very smooth. I just cant get them to talk to each other.
It's pretty unlikely he has internet access through his firewall without forwarding.
 
Old 09-20-2004, 02:41 AM   #13
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
Should that be "Internet access from both subnets..."?.

It looks like the firewall may be restricting the OUTPUT on each internal network interface to only ESTABLISHED connections. In that case, I agree with CroMagnon (who has better eyes than I do, apparently). It looks like an RTFM situation (pardon the acronym).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
talk talk daemon configuration ananthkrk Red Hat 1 10-16-2004 11:45 AM
I've been thinking about this talk about making Linux more popular and user friendly NssOne Linux - General 24 03-16-2004 06:48 PM
making 2 wireless pci cards "talk" yocompia Slackware 1 08-01-2003 05:29 PM
Making a program "talk" to another ChimpFace9000 Programming 2 05-19-2002 03:15 PM
why cannot "talk" to others,since mesg is yes and disable = no(in /etc/xinetd.c/talk) whepin Linux - Newbie 0 12-31-2001 02:04 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration