Routing through a gateway

Tom Douglas · 10-18-2008, 12:08 PM

I'm trying to route traffic from subnet 192.168.2.x to subnet 192.168.3.x with limited success. Sometimes it works, sometimes not.

My Ethernet ports are configured as follows on box-3 (Fedora 5)....

Code:

[root@box-3 toms]# ifconfig
eth1      Link encap:Ethernet
          inet addr:192.168.2.42  Bcast:192.168.2.255  Mask:255.255.255.0

eth2      Link encap:Ethernet
          inet addr:192.168.3.43  Bcast:192.168.3.255  Mask:255.255.255.0

The route table is set up, and shows....

Code:

[root@box-3 toms]# route del default
[root@box-3 toms]# route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.2.42
[root@box-3 toms]# service network restart
[root@box-3 toms]# route -ee
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface    MSS   Window irtt
192.168.36.0    box-3           255.255.255.0   UG    0      0        0 eth1     0     0      0
192.168.3.0     *               255.255.255.0   U     0      0        0 eth2     0     0      0
192.168.2.0     *               255.255.255.0   U     0      0        0 eth1     0     0      0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth2     0     0      0
default         box-3           0.0.0.0         UG    0      0        0 eth1     0     0      0

The network restart reinserts the default gateway.

Why do I keep getting the default gateway? Do I need it?

With only eth2 enabled on box-3, I can ping box-4 (Fedora 3) at 192.168.3.63. With eth1 and eth2 enabled, pinging box-4 is iffy.

All iptables are off.

What should I be checking, or restarting?

The ultimate objective is to pass traffic through four boxes.

Thanks!

Tom D.

zmanea · 10-18-2008, 06:50 PM

Why do you need to add a route for 192.168.3.0/24 to 192.168.2.42 if you already have an interface in that subnet?

Mr. C. · 10-19-2008, 01:32 AM

As zmanea mentions, no additional route is necessary for directly connected interfaces, since their routes are added with the interface is brought up.

Have you enabled ip_forwarding ?

cat /proc/sys/net/ipv4/ip_forward

Ff 0, then:

echo 1 > /proc/sys/net/ipv4/ip_forward

Tom Douglas · 10-23-2008, 06:00 AM

Quote:

Originally Posted by zmanea

Why do you need to add a route for 192.168.3.0/24 to 192.168.2.42 if you already have an interface in that subnet?

This is so other boxes on the 192.168.2.x subnet that have no direct access to 192.168.3.x to get that access through the gateway.

Tom D.

Tom Douglas · 10-23-2008, 06:12 AM

Quote:

Originally Posted by Mr. C.

Have you enabled ip_forwarding ?

cat /proc/sys/net/ipv4/ip_forward

Ff 0, then:

echo 1 > /proc/sys/net/ipv4/ip_forward

Ahh...Nice catch! I met to write that the forwarding is enabled (or so I thought), on /etc/sysctl.conf, net.ipv4.ip_forward = 1.

/proc/sys/net/ipv4/ip_forward is blank, just tried echoing a "1" to it and fails (using su). I may be looking at permission issues so I'll need to log in as root and try again.

jschiwal · 10-23-2008, 06:26 AM

When I used my laptop to forward traffic from my desktop to the wireless router, I found that I needed to enable the "nf_conntrack" module before forwarding would work. The kernel module may have a different name, depending on which kernel you use. If I remember correctly, it was something like tcp_conntrack.

With both interfaces up, you don't need to add a route. There should already be a 192.168.2.0/24 route and a 192.168.3.0/24 route. The hosts on the 192.168.2.0/24 network will need to use 192.168.2.42 as the default gateway (or the gateway to the 192.168.3.0/24 network).

Is box-3 connected to the internet? If so, then you need a default route to your router or firewall.

Tom Douglas · 10-25-2008, 10:26 AM

Quote:

Originally Posted by jschiwal

When I used my laptop to forward traffic from my desktop to the wireless router, I found that I needed to enable the "nf_conntrack" module before forwarding would work.....tcp_conntrack.

I didn't see tcp_conntrack on RPM search but will take another look.

Quote:

Originally Posted by jschiwal

With both interfaces up, you don't need to add a route.....

OK, I cleared out the route table on box-3 (connected to both subnets). Sub 192.168.2.x gateway is defined. From this box I can sometimes ping box-4 on subnet 3 (there's still something squirelly about that).

Then from box-2 I can ping box-3 via subnet 192.168.2.x -- no problem. Can ping box-3 subnet 192.168.3.x's port too, but that's as far as I get. I'm unable to ping box-4 from box-2 (box three being the gateway from subnet 2.x to 3.x). What would be my next step?

Quote:

Originally Posted by jschiwal

Is box-3 connected to the internet? If so, then you need a default route to your router or firewall.

There no Internet from this set of boxes.

Tom D.

Tom Douglas · 10-25-2008, 10:30 AM

Quote:

Originally Posted by Mr. C.

Have you enabled ip_forwarding ?

cat /proc/sys/net/ipv4/ip_forward

It turned out that box-3 ip_forwarding may have been enabled -- at least that was the case for another box. So cat /proc/sys/net/ipv4/ip_forward echos back a "1".

Tom D.