new to route command
Hi I'm trying to route a connection but it doesn't work. I don't really understand what goes wrong.
I've got a switch on 192.168.2.0. All my computers are on that network. However there is one server that has 192.168.2.7 on eth0 and 192.168.1.1 on eth1. Through eth1 it connects with a crossover to 192.168.1.2 (that computer isn't connected to 192.168.2.0) On one of my computers on 192.168.2.0 i entered the command: Code:
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.7 |
you need to configure the intermediary machine to forward packets.
test with: echo 1 > /proc/sys/net/ipv4/ip_forward and set permanently in /etc/sysctl.conf: net.ipv4.ip_forward = 1 |
No that doesn't work. I tried to ssh directly and mount a drive on the computer behind the intermediate computer but that doesn't work.
|
I've done some more google-ing. I'm suspecting I need to configure iptables for NAT. But I've got no experience whatsoever with iptables. So I found this:
Code:
# /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE |
Quote:
First, as acid_kewpie already indicated, IP-forwarding (routing) should be enabled. Second, forwarding should be permitted via netfilter rules using iptables. Code:
[root@192.168.2.7 ~]# iptables -I FORWARD -j ACCEPT |
Quote:
With routing the intermediary system simply passes the packets, but with NATing/MASQUERADEing the intermediary system will actually take the packet and change the ip from 192.168.2.x to 192.168.1.1. Then 192.168.1.2 will reply to 192.168.1.1, upon receiving it 192.168.1.1/192.168.2.7 will identify that the packet is actually destined for 192.168.2.x, change the ip to that of 192.168.2.7 and kick it out on the wire to the intended IP on 192.168.2.x network. |
I want to know all the hosts at 192.168.2.0 to know about the host(s) at 192.168.1.0 (I want to mount a CIFS)
I added the Code:
IPTABLES -I FORWARD -j ACCEPT Code:
root@intermediate:~# iptables -L |
right, but the missing link is if then 1 subnet knows about the machines on 2. Either those machines need to know how to get back to that other network by having a route on them, OR you use a nat or masquerade on the router device so that all traffic from the 2 subnet appears to come from that router instead, which the 1 machines already know about.
Try to avoid using a nat if you can, you can possibly get away with adding a route onto default gateway device of the 1 machines, although this could result in unsuccessful attempts at asymmetric routing. |
yes!! It's working now!! :) Thanks a lot acid_kewpie & rayfordj
|
Just to be complete:
I tried to mount the drive on 192.168.1.2 (remote computer) and I got an error connection refused (-111). So I added a line in /etc/hosts.allow: Code:
192.168.2.0/24 Thanks to you all! |
All times are GMT -5. The time now is 04:01 AM. |