LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   new to route command (https://www.linuxquestions.org/questions/linux-networking-3/new-to-route-command-919369/)

bucovaina78 12-18-2011 03:36 PM
new to route command
 
Hi I'm trying to route a connection but it doesn't work. I don't really understand what goes wrong.

I've got a switch on 192.168.2.0. All my computers are on that network.

However there is one server that has 192.168.2.7 on eth0 and 192.168.1.1 on eth1. Through eth1 it connects with a crossover to 192.168.1.2 (that computer isn't connected to 192.168.2.0)

On one of my computers on 192.168.2.0 i entered the command:

Code:
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.7
I thought that would do the trick to connect straight away to my crossed over computer but it doesn't work yet. I think I need to put something in the routing table of 192.168.2.7 as well but what?

acid_kewpie 12-18-2011 03:39 PM
you need to configure the intermediary machine to forward packets.

test with:


echo 1 > /proc/sys/net/ipv4/ip_forward


and set permanently in /etc/sysctl.conf:


net.ipv4.ip_forward = 1

bucovaina78 12-18-2011 03:51 PM
No that doesn't work. I tried to ssh directly and mount a drive on the computer behind the intermediate computer but that doesn't work.

bucovaina78 12-18-2011 04:40 PM
I've done some more google-ing. I'm suspecting I need to configure iptables for NAT. But I've got no experience whatsoever with iptables. So I found this:

Code:
# /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state
  --state RELATED,ESTABLISHED -j ACCEPT
# /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
eth0 is my 192.168.2.0 network where all my computers are attached, eth1 is the cross over connection. is this right then?

rayfordj 12-18-2011 04:44 PM
Quote:
Originally Posted by bucovaina78 (Post 4553179)
No that doesn't work. I tried to ssh directly and mount a drive on the computer behind the intermediate computer but that doesn't work.
Two very critical core components need to be satisfied on the intermediary (gateway/router) system (192.168.2.7/eth0 192.168.1.1/eth1).

First, as acid_kewpie already indicated, IP-forwarding (routing) should be enabled.
Second, forwarding should be permitted via netfilter rules using iptables.
Code:
[root@192.168.2.7 ~]# iptables -I FORWARD -j ACCEPT
Without knowing what the routing system is we may guess and provide examples similar to our experiences, but they may not work exactly as demonstrated. Additionally, does the 192.168.1.2 system have a default route gateway of 192.168.1.1?

rayfordj 12-18-2011 04:50 PM
Quote:
Originally Posted by bucovaina78 (Post 4553210)
I've done some more google-ing. I'm suspecting I need to configure iptables for NAT. But I've got no experience whatsoever with iptables. So I found this:

eth0 is my 192.168.2.0 network where all my computers are attached, eth1 is the cross over connection. is this right then?
It depends. Do you want to actually route (each network knows about the other) or have 192.168.2.7 handle the address translation (192.168.1.2 does not know or care about 192.168.2.x -- similar to what most home router/firewall/access-points/modems do to connect systems to the Internet)?

With routing the intermediary system simply passes the packets, but with NATing/MASQUERADEing the intermediary system will actually take the packet and change the ip from 192.168.2.x to 192.168.1.1. Then 192.168.1.2 will reply to 192.168.1.1, upon receiving it 192.168.1.1/192.168.2.7 will identify that the packet is actually destined for 192.168.2.x, change the ip to that of 192.168.2.7 and kick it out on the wire to the intended IP on 192.168.2.x network.

bucovaina78 12-19-2011 01:27 AM
I want to know all the hosts at 192.168.2.0 to know about the host(s) at 192.168.1.0 (I want to mount a CIFS)

I added the
Code:
IPTABLES -I FORWARD -j ACCEPT
and it doesn't work so far. I checked again the ip_forward variable in /proc/sys/net/ipv4 and it's still on 1. My routing table mentions 192.168.1.0 and 192.168.2.0 with the right devices.

Code:
root@intermediate:~# iptables -L
Chain INPUT (policy ACCEPT)
target    prot opt source              destination       

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere                     

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination       
root@intermediate:~# route -n
Kernel IP routing table
Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
192.168.2.0    0.0.0.0        255.255.255.0  U    1      0        0 eth0
192.168.1.0    0.0.0.0        255.255.255.0  U    0      0        0 eth1
0.0.0.0        192.168.2.7    0.0.0.0        UG    0      0        0 eth0
0.0.0.0        192.168.2.1    0.0.0.0        UG    0      0        0 eth0
root@intermediate:~# cat /proc/sys/net/ipv4/ip_forward
1
root@intermediate:~#

acid_kewpie 12-19-2011 02:31 AM
right, but the missing link is if then 1 subnet knows about the machines on 2. Either those machines need to know how to get back to that other network by having a route on them, OR you use a nat or masquerade on the router device so that all traffic from the 2 subnet appears to come from that router instead, which the 1 machines already know about.

Try to avoid using a nat if you can, you can possibly get away with adding a route onto default gateway device of the 1 machines, although this could result in unsuccessful attempts at asymmetric routing.

bucovaina78 12-19-2011 04:15 AM
yes!! It's working now!! :) Thanks a lot acid_kewpie & rayfordj

bucovaina78 12-19-2011 04:48 AM
Just to be complete:

I tried to mount the drive on 192.168.1.2 (remote computer) and I got an error connection refused (-111). So I added a line in /etc/hosts.allow:

Code:
192.168.2.0/24
Now the problem is solved.

Thanks to you all!


All times are GMT -5. The time now is 04:01 AM.