demeler
asked on
Linux as a router setup Q
I want to use my linux box as a gateway between a LAN and
the ethernet backbone:
IP0
=======10baseT Ethernet backbone=====University Gateway===>
| ____________
| | |
|____| eth0 (IP1) |
| |
|linux box 1 |
| |
_____| eth1 (IP2) |
| |____________|
|
| Thinnet coax ethernet LAN
|_________________________
| | |
____|____ ____|____ ____|____
| | | | | |
| IP3 | | IP4 | | IP5 |
|________| |________| |________|
Linux box 2 Linux box 3 Linux box 4
I have 2 IP addresses for linux box 1, one for each ethernet
card. I also have an IP address for each of the linux boxes
on the LAN and don't need to do masquerading. The University gateway IP is IP0.
Question 1: What deamons do I need to run on linux box 1,
and what parameters do I need to use on the commandline to invoke them? Do I need gated, routed, etc?
Question 2: what are the correct command line arguments for
route and ifconfig on each linux box to make the system work? I don't need a firewall, just want to use Linux box 1
as a router/gateway for the Linux boxen 2-4. I basically want to route all TCP/IP traffic for the box 2-4 through a
linux box.
Question 3: What features do I need to enable in the kernel to make this work?
I need someone to take me through this step by step. Thanks for any help!
the ethernet backbone:
IP0
=======10baseT Ethernet backbone=====University Gateway===>
| ____________
| | |
|____| eth0 (IP1) |
| |
|linux box 1 |
| |
_____| eth1 (IP2) |
| |____________|
|
| Thinnet coax ethernet LAN
|_________________________
| | |
____|____ ____|____ ____|____
| | | | | |
| IP3 | | IP4 | | IP5 |
|________| |________| |________|
Linux box 2 Linux box 3 Linux box 4
I have 2 IP addresses for linux box 1, one for each ethernet
card. I also have an IP address for each of the linux boxes
on the LAN and don't need to do masquerading. The University gateway IP is IP0.
Question 1: What deamons do I need to run on linux box 1,
and what parameters do I need to use on the commandline to invoke them? Do I need gated, routed, etc?
Question 2: what are the correct command line arguments for
route and ifconfig on each linux box to make the system work? I don't need a firewall, just want to use Linux box 1
as a router/gateway for the Linux boxen 2-4. I basically want to route all TCP/IP traffic for the box 2-4 through a
linux box.
Question 3: What features do I need to enable in the kernel to make this work?
I need someone to take me through this step by step. Thanks for any help!
mhomann, didn't demeler say that he *did not* need a firewall and masquerading?
ASKER
ahoffman is correct, why would I need to use ipfwadm if I don't need (more correctly: don't want) a firewall? Also, I have IP
addresses for each computer, so I don't have to do masquerading.
Also, what is the answer to question2 (command line arguments
for route and ifconfig).
Thanks.
addresses for each computer, so I don't have to do masquerading.
Also, what is the answer to question2 (command line arguments
for route and ifconfig).
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
linux box 1 also needs IP_FORWARDING in the kernel
ASKER
OK, this sounds good so far, I just have one more clarification question:
Is it necessary to have a complete subnet IP set for linux boxes 2-4? Can I use IP numbers from different subnet groups for each of the machines?
Example in my case:
on linux box 1 I have:
eth0: 129.111.5.44 netmask 255.255.0.0 gateway 129.111.1.13
eth1: 129.111.231.13
on linux box 2 I have:
etho: 129.111.1.233
linux box 3:
eth0: 129.111.17.74
linux box 4:
eth0: 129.111.231.12
Does that change the route and ifconfig commands?
Thanks!
Is it necessary to have a complete subnet IP set for linux boxes 2-4? Can I use IP numbers from different subnet groups for each of the machines?
Example in my case:
on linux box 1 I have:
eth0: 129.111.5.44 netmask 255.255.0.0 gateway 129.111.1.13
eth1: 129.111.231.13
on linux box 2 I have:
etho: 129.111.1.233
linux box 3:
eth0: 129.111.17.74
linux box 4:
eth0: 129.111.231.12
Does that change the route and ifconfig commands?
Thanks!
as long as the subnet IP1 (129.111.0.0) is different to IP0 it's ok.
ASKER
OK, I tried your recommendations, but so far this doesn't work.
I must be missing something - here is what I have right now:
ip0 (University Gateway) = 129.111.1.13
Broadcast = 255.255.0.0
ip1 = 129.111.5.44
ip2 = 129.111.231.13
ip3 = 129.111.231.12
ip4 = 129.111.17.74
Here is what ifconfig returns on Linux box 1:
ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:439 errors:0 dropped:0 overruns:0 frame:0
TX packets:439 errors:0 dropped:0 overruns:0 carrier:0 coll:0
eth0 Link encap:Ethernet HWaddr 00:60:08:27:37:17
inet addr:129.111.5.44 Bcast:129.111.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:38273 errors:0 dropped:0 overruns:0 frame:0
TX packets:851 errors:0 dropped:0 overruns:0 carrier:0 coll:0
Interrupt:10 Base address:0xee80
eth1 Link encap:Ethernet HWaddr 00:80:AD:B7:66:C0
inet addr:129.111.231.13 Bcast:129.111.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0
Interrupt:5 Base address:0x300
and here is my current route setup for linux box 1:
localnet * 255.255.0.0 U 0 0 7 eth0
loopback * 255.0.0.0 U 0 0 2 lo
default 129.111.1.13 0.0.0.0 UG 0 0 1 eth0
For linux box 2 I have:
Destination Gateway Genmask Flags MSS Window Use Iface
localnet * 255.255.0.0 U 1500 0 3 eth0
loopback * 255.0.0.0 U 3584 0 1 lo
default crdcci.uthscsa. * UG 1500 0 0 eth0
and:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:45 errors:0 dropped:0 overruns:0
TX packets:45 errors:0 dropped:0 overruns:0
eth0 Link encap:10Mbps Ethernet HWaddr 00:80:AD:B7:6B:8B
inet addr:129.111.231.12 Bcast:129.111.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:248327 errors:0 dropped:0 overruns:0
TX packets:12415 errors:0 dropped:0 overruns:0
Interrupt:10 Base address:0x300
From linux box 1 I can't ping either ip2 nor ip3 or ip4.
When I set everything up as a bridge, it works ok, but I want
linux box 1 to be router.
I increase the points to 600 if you can answer me how to set it
up with the route and ifconfig commands for each box that will get this to work.
Thanks, -b.d-
I must be missing something - here is what I have right now:
ip0 (University Gateway) = 129.111.1.13
Broadcast = 255.255.0.0
ip1 = 129.111.5.44
ip2 = 129.111.231.13
ip3 = 129.111.231.12
ip4 = 129.111.17.74
Here is what ifconfig returns on Linux box 1:
ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:439 errors:0 dropped:0 overruns:0 frame:0
TX packets:439 errors:0 dropped:0 overruns:0 carrier:0 coll:0
eth0 Link encap:Ethernet HWaddr 00:60:08:27:37:17
inet addr:129.111.5.44 Bcast:129.111.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:38273 errors:0 dropped:0 overruns:0 frame:0
TX packets:851 errors:0 dropped:0 overruns:0 carrier:0 coll:0
Interrupt:10 Base address:0xee80
eth1 Link encap:Ethernet HWaddr 00:80:AD:B7:66:C0
inet addr:129.111.231.13 Bcast:129.111.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0
Interrupt:5 Base address:0x300
and here is my current route setup for linux box 1:
localnet * 255.255.0.0 U 0 0 7 eth0
loopback * 255.0.0.0 U 0 0 2 lo
default 129.111.1.13 0.0.0.0 UG 0 0 1 eth0
For linux box 2 I have:
Destination Gateway Genmask Flags MSS Window Use Iface
localnet * 255.255.0.0 U 1500 0 3 eth0
loopback * 255.0.0.0 U 3584 0 1 lo
default crdcci.uthscsa. * UG 1500 0 0 eth0
and:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:45 errors:0 dropped:0 overruns:0
TX packets:45 errors:0 dropped:0 overruns:0
eth0 Link encap:10Mbps Ethernet HWaddr 00:80:AD:B7:6B:8B
inet addr:129.111.231.12 Bcast:129.111.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:248327 errors:0 dropped:0 overruns:0
TX packets:12415 errors:0 dropped:0 overruns:0
Interrupt:10 Base address:0x300
From linux box 1 I can't ping either ip2 nor ip3 or ip4.
When I set everything up as a bridge, it works ok, but I want
linux box 1 to be router.
I increase the points to 600 if you can answer me how to set it
up with the route and ifconfig commands for each box that will get this to work.
Thanks, -b.d-
You're using Netmask 255.255.0.0 so all you boxes are in the same subnet: 129.111.0.0
This is the reason why it won't work with routing but with bridgeing.
Do you want to have them in the same subnet?
This is the reason why it won't work with routing but with bridgeing.
Do you want to have them in the same subnet?
ASKER
The problem is that I can only use pre-assigned IP addresses,
and they may or may not be in one particular subnet. How do I tell? Do they have to be on the same subnet? excuse my ignorance on this and the terminology, but that is the half the reason I am asking this question here. Are you telling me that I cannot go the routing option? What do I need in order for the routing to work, please give me an example of what constitutes a valid subnet, and how I tell what a subnet is, if that's whats required to get routing to work, then I may be able to get the appropriate IP addresses allocated. It would help me if I knew what to ask for. Thanks for your effort trying to help me out...
and they may or may not be in one particular subnet. How do I tell? Do they have to be on the same subnet? excuse my ignorance on this and the terminology, but that is the half the reason I am asking this question here. Are you telling me that I cannot go the routing option? What do I need in order for the routing to work, please give me an example of what constitutes a valid subnet, and how I tell what a subnet is, if that's whats required to get routing to work, then I may be able to get the appropriate IP addresses allocated. It would help me if I knew what to ask for. Thanks for your effort trying to help me out...
If it is a subnet or not depends on the netmask:
for example netmask 255.255.0.0 defines that the net is 129.111.0.0, and therefor your IPs all belong to the same subnet.
You just need bridging for this.
If you change the netmask to 255.255.255.0, the IPs 129.111.5.44 and 129.111.231.12 belong to different subnets. These must be routed.
So in your situation, I recommend using a bridge instead of a router. I one of you comments you said you still have tested a bridge.
for example netmask 255.255.0.0 defines that the net is 129.111.0.0, and therefor your IPs all belong to the same subnet.
You just need bridging for this.
If you change the netmask to 255.255.255.0, the IPs 129.111.5.44 and 129.111.231.12 belong to different subnets. These must be routed.
So in your situation, I recommend using a bridge instead of a router. I one of you comments you said you still have tested a bridge.
ASKER
I did set it up as a bridge before, and that works just fine,
even with IP addresses assigned to eth0 and eth1 on Linux box 1.
Trouble is, I couldn't communicate between linux box 1 and box 2,
unless I go over a third computer outside the bridged network.
In that case I might as well use a network switch. So I am still confused: If I use a netmask of 255.255.255.0 (on box 1?) instead of 255.255.0.0 I would have to route the IP's ...5.44 and 231.12
because they belong to different subnets. So how do I route them properly, or is that not possible? What IP numbers do I need for that to work, some IP addresses that have the same number in the first through third position of the IP address? Forget for a moment that I could use a switch or use my linux box as a bridge.
What do I need here to make it work as a "router"?
Given the IP addresses I shoewd above, what commands do I need to enter to make these boxes talk to eachother, or do I need different IP numbers? If so, what would work given that my netmask is 255.255.0.0 and my primary address (eth0) on linux box 1 is 129.111.5.44, and the gateway for box 1 is 129.111.1.13. Those numbers cannot be changed. The IP's for eth1 on box 1
as well as the IP's for box 2-4 can be probably be changed, if they have to be.
If nothing else, I would like to understand how this router business works...
Thanks!
even with IP addresses assigned to eth0 and eth1 on Linux box 1.
Trouble is, I couldn't communicate between linux box 1 and box 2,
unless I go over a third computer outside the bridged network.
In that case I might as well use a network switch. So I am still confused: If I use a netmask of 255.255.255.0 (on box 1?) instead of 255.255.0.0 I would have to route the IP's ...5.44 and 231.12
because they belong to different subnets. So how do I route them properly, or is that not possible? What IP numbers do I need for that to work, some IP addresses that have the same number in the first through third position of the IP address? Forget for a moment that I could use a switch or use my linux box as a bridge.
What do I need here to make it work as a "router"?
Given the IP addresses I shoewd above, what commands do I need to enter to make these boxes talk to eachother, or do I need different IP numbers? If so, what would work given that my netmask is 255.255.0.0 and my primary address (eth0) on linux box 1 is 129.111.5.44, and the gateway for box 1 is 129.111.1.13. Those numbers cannot be changed. The IP's for eth1 on box 1
as well as the IP's for box 2-4 can be probably be changed, if they have to be.
If nothing else, I would like to understand how this router business works...
Thanks!
Ok. I'll use your IPs: First of all you need to provide a route to packets outgoing BUT also to packet returning. So all machines involved have to know how to deliver packets. Second, when a machine has a packet for one of the subnets it knows of, it sends the packet directly, but if the packet is for and address that doesn't match any known interface, it will ask the routing table for a router, first looking for a route to host, then a route to the subnet/network and, if all fails, it sends the packet to the default router. This are the basics of routing.
Now, for the details. [If you read carefully the above paragraph, you are guessing you CAN'T do what you want with a router and without masquerading]
Suppose box 2 tries to connect to 200.209.212.113. Its IP is 129.111.231.12 which lets it access network 129.111.x.x, so it needs a router. It finds no route to host, neither to network, so the packet is delivered to the default router.
box 1 receives the packet and makes the same analisis, and delivers it to the default router: University Gateway.
The packet gets to the Net, and the answer comes back to the University Gateway. Then the Gateway, looks at the destination address and finds that it belongs to the local network, and says: "Ok, the packet is for 129.111.231.12, and I have an interface 129.111.1.13 with netmask 255.255.0.0, so any address begginig with 129.111 MUST be on its cable, so let's send the packet DIRECTLY, no need for a router"
If box 1 were a bridge, when it sees a packet on one cable to a machine that sits on the other cable, it "COPIES" the packet AS IS to the other interface (in any direction) and solves the problem.
If box 1 were a masquerading router (replacing ORIGINATING host address, whith its own) the packet from box 2 would reach the Gateway as it were coming from box 1, Gateway would return the answer packet to box 1 which would replace DESTINATION address with box 2 addrress. Gateway doesn't have any notice about the existence of box 2, and box 2 thinks that it's conecting directly to the Net.
Finally, if I made myself clear, if you subnet, you need to subnet your Univerisity Gateway also (I think you can't), and if you don't, there's no way to use a non-masquerading router.
Good Luck,
-- Marcelo
Now, for the details. [If you read carefully the above paragraph, you are guessing you CAN'T do what you want with a router and without masquerading]
Suppose box 2 tries to connect to 200.209.212.113. Its IP is 129.111.231.12 which lets it access network 129.111.x.x, so it needs a router. It finds no route to host, neither to network, so the packet is delivered to the default router.
box 1 receives the packet and makes the same analisis, and delivers it to the default router: University Gateway.
The packet gets to the Net, and the answer comes back to the University Gateway. Then the Gateway, looks at the destination address and finds that it belongs to the local network, and says: "Ok, the packet is for 129.111.231.12, and I have an interface 129.111.1.13 with netmask 255.255.0.0, so any address begginig with 129.111 MUST be on its cable, so let's send the packet DIRECTLY, no need for a router"
If box 1 were a bridge, when it sees a packet on one cable to a machine that sits on the other cable, it "COPIES" the packet AS IS to the other interface (in any direction) and solves the problem.
If box 1 were a masquerading router (replacing ORIGINATING host address, whith its own) the packet from box 2 would reach the Gateway as it were coming from box 1, Gateway would return the answer packet to box 1 which would replace DESTINATION address with box 2 addrress. Gateway doesn't have any notice about the existence of box 2, and box 2 thinks that it's conecting directly to the Net.
Finally, if I made myself clear, if you subnet, you need to subnet your Univerisity Gateway also (I think you can't), and if you don't, there's no way to use a non-masquerading router.
Good Luck,
-- Marcelo
ASKER
Thanks - I see how this works now. I also got me a book (TCP/IP
admin by O'Reilley) that helpd explain these concepts.
admin by O'Reilley) that helpd explain these concepts.
Answer 2: follow these steps:
- on LinuxBox1, have IP Gatewaying/Firewalling compiled in your kernel
- on Linux-boxes 2-x, have the address of eth1 @ LinuxBox 1 as default gateway
- on LinuxBox 1, have your Backbone Defailt gateway as default gateway
- on LinuxBox 1, add the following lines to your rc.local or whereelse you want it done
(presumeably after the setup of eth0 & eth1 & routing)
--- cut here ---
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -F -f
ipfwadm -F -a -b -S IP2/Mask -D 0/0 -w eth0
--- cut here ---
with the following substitutions in the last line: IP2/Mask would be the network adress of eth1 with the netmask, 192.168.1/24 for example...
should be up and running in < 5 minutes...
have fun
Mathias