questions about my routing table
Hi,
first of all what do the following entries mean? For network 192.168.2.0 and 192.168.1.0 follow the default gateway; 192.168.1.1 ? Code:
vakhos:~# route -n Code:
Destination Gateway Genmask Flags Metric Ref Use Iface Code:
vakhos:~# ping 192.168.2.1 Code:
vakhos:~# route del -net 192.168.2.0 netmask 255.255.255.0 dev eth0 What is wrong? |
the first entry means that you are on 192.168.2/0/24 the second means you are also on 192.168.1.0/24. the third means everythign else is accessible via 192.168.1.1. as such what you want to change it to does not makes sense. you don't have a gateway out of a certain network, you have a gateway to get to other networks. this seems identical on simple networks but not so in your case. the route add command is saying that to get to a network you are already on, send data to a router which is on the network your trying to get to... doesn't make sense right... like locking your keys in your car, you can't get to the keys without erm... your keys. like you can't get to 192.168.2.0/24 (the car) without using a host inside that network (your keys). sorry to use a dumb analogy but i try to kid myself that everything can be analogous to cars.
|
Quote:
Another solution -which seemed more complicated, at least in the beginning- would be to change all server IPs to subnet 192.168.1.0/24, keep a single default gw to the router and then use the router to NAT the DMZ IPs to the WAN and the Internet and additionally create a firewall between them and the other IPs of my LAN. Any suggestions for this mess? Any comment appreciated... Newbie diving in deep water :) |
ok, well going by the description there, your topology would look like...
Code:
|
Quote:
Unfortunately i cannot work with the route command inside vserver-guests, unless i enable some kernel capabilities... ok, if the solution lies in enabling them i will do it... The routing table of "web": Code:
web:/# route -n Code:
vakhos:~# route -n |
well i've not run vservers before, but they will surely work fine with standard routing logic. i'm still not clear on what your topology realyl is though... was that right in my diagram (expect for the ip ranges being the wrong way round.
|
Sorry for not clearing out the diagram...
Given, that box must be connected to the router via only one interface, here it is: Code:
vhost3-----vhost4 vhost1-----vhost2 |
ok, so 1) what is the networking role of the box in the middle? just to allow layer 3 connectivity to the virtual boxes? in which case you're saying that bout your subnets use the one router as their default gateway, but don't want the two to be able to talk to each other? if so then is your router even able to sit on two networks at the same time? it's not a particuarly normal thing for somethign like an adsl router to be able to do...
|
Quote:
|
ok well in that case presumably the box in the middle has to do nothign at all? now if this were real virtual machines like xen or vmware, then i'd be saying that you'd need to enable bridging between both networks on the external and virtual interfaces, but with the vserver stuff i take it the networking is actaully a lot more subtle than that?
|
VServer networking is fairly straight-forward and based on iptables. In a very few words an IP of a guest can be:
-alias to a host interface -the same IP with the IP of a host interface -just an IP, that will be treated localy, but is no alias to anything (using the --nodev option) Afterwards, one is supposed to play with the iptables of the (host) system. The guests have no network "intelligence" -at least by default, since one can change a lot by enabling "linux capabilties". |
ok so the ip on eth0:1 would be vhost1, and eth0:3 could be vhost3? well in that situation there's presumably even less for the box to do. it's not great to do so but you can run multiple subnets on the same nic without vlan tagging. as suchif the pfsense box can do the same, they should be able to communicate i assume. it's then down to firewall rules there as to whether the two different subnets can talk to each other via that default gateway address
|
All times are GMT -5. The time now is 07:54 PM. |