Linux as a router setup Q

I want to use my linux box as a gateway between a LAN and
the ethernet backbone:
=======10baseT Ethernet backbone=====University Gateway===>
  |     ____________
  |    |            |
  |____| eth0 (IP1) |
       |            |
       |linux box 1 |
       |            |
  _____| eth1 (IP2) |
 |     |____________|
 | Thinnet coax ethernet LAN
           |                |                 |
       ____|____        ____|____         ____|____
       |        |       |        |        |        |
       |  IP3   |       |  IP4   |        |  IP5   |
       |________|       |________|        |________|
       Linux box 2      Linux box 3       Linux box 4

I have 2 IP addresses for linux box 1, one for each ethernet
card. I also have an IP address for each of the linux boxes
on the LAN and don't need to do masquerading. The University gateway IP is IP0.

Question 1: What deamons do I need to run on linux box 1,
and what parameters do I need to use on the commandline to invoke them? Do I need gated, routed, etc?

Question 2: what are the correct command line arguments for
route and ifconfig on each linux box to make the system work? I don't need a firewall, just want to use Linux box 1
as a router/gateway for the Linux boxen 2-4. I basically want to route all TCP/IP traffic for the box 2-4 through a
linux box.

Question 3: What features do I need to enable in the kernel to make this work?

I need someone to take me through this step by step. Thanks for any help!

Who is Participating?

Improve company productivity with a Business Account.Sign Up

marcelofrConnect With a Mentor Commented:
1) No daemons, just ip routing configured
2) say IP1 has netmask NM1, broadcast BC1 and it's network is N1:

on Linux box 1:

#ifconfig eth0 IP1 netmask NM1 broadcast BC1
#ifconfig eth1 IP2 netmask NM1 broadcast BC2
#echo 1 > /proc/sys/net/ipv4/ip_forward

at this point if you can't ping IP1 (depends on your kernel version), do:
#route add -net N1;route add -net N2

#route add -net default gw IP0

on Linux boxes 2...

#ifconfig eth0 IP3 netmask NM3 broadcast BC3

again if you can't ping IP3:
#route add -net N3

#route add -net default gw IP2

3) The only features you need are IP routing linked in the kernel AND the "echo" command above to enable routing...

I think you know how to get BC1 and N1 from IP1 and NM1... anyway, if you use a C class ip without subnetting, say, NM1 would be, N1 would be and BC1 would be

Good luck.

Answer 1: no daemons...
Answer 2: follow these steps:

- on LinuxBox1, have IP Gatewaying/Firewalling compiled in your kernel
- on Linux-boxes 2-x, have the address of eth1 @ LinuxBox 1 as default gateway
- on LinuxBox 1, have your Backbone Defailt gateway as default gateway
- on LinuxBox 1, add the following lines to your rc.local or whereelse you want it done
  (presumeably after the setup of eth0 & eth1 & routing)

--- cut here ---
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -F -f
ipfwadm -F -a -b -S IP2/Mask -D 0/0 -w eth0
--- cut here ---

with the following substitutions in the last line: IP2/Mask would be the network adress of eth1 with the netmask, 192.168.1/24 for example...

should be up and running in < 5 minutes...

have fun

mhomann, didn't demeler say that he *did not* need a firewall and masquerading?
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

demelerAuthor Commented:
ahoffman is correct, why would I need to use ipfwadm if I don't need (more correctly: don't want) a firewall? Also, I have IP
addresses for each computer, so I don't have to do masquerading.

Also, what is the answer to question2 (command line arguments
for route and ifconfig).

linux box 1 also needs IP_FORWARDING in the kernel
demelerAuthor Commented:
OK, this sounds good so far, I just have one more clarification question:

Is it necessary to have a complete subnet IP set for linux boxes 2-4? Can I use IP numbers from different subnet groups for each of the machines?

Example in my case:

on linux box 1 I have:
eth0: netmask gateway

on linux box 2 I have:

linux box 3:

linux box 4:

Does that change the route and ifconfig commands?

as long as the subnet IP1 ( is different to IP0 it's ok.
demelerAuthor Commented:
OK, I tried your recommendations, but so far this doesn't work.
I must be missing something - here is what I have right now:

ip0 (University Gateway) =
Broadcast =
ip1 =
ip2 =
ip3 =
ip4 =

Here is what ifconfig returns on Linux box 1:

lo        Link encap:Local Loopback  
          inet addr:  Bcast:  Mask:
          RX packets:439 errors:0 dropped:0 overruns:0 frame:0
          TX packets:439 errors:0 dropped:0 overruns:0 carrier:0 coll:0

eth0      Link encap:Ethernet  HWaddr 00:60:08:27:37:17
          inet addr:  Bcast:  Mask:
          RX packets:38273 errors:0 dropped:0 overruns:0 frame:0
          TX packets:851 errors:0 dropped:0 overruns:0 carrier:0 coll:0
          Interrupt:10 Base address:0xee80

eth1      Link encap:Ethernet  HWaddr 00:80:AD:B7:66:C0
          inet addr:  Bcast:  Mask:
          RX packets:28 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0
          Interrupt:5 Base address:0x300

and here is my current route setup for linux box 1:

localnet        *          U     0      0        7 eth0
loopback        *            U     0      0        2 lo
default         UG    0      0        1 eth0

For linux box 2 I have:

Destination     Gateway         Genmask         Flags MSS    Window Use Iface
localnet        *          U     1500   0        3 eth0
loopback        *            U     3584   0        1 lo
default         crdcci.uthscsa. *               UG    1500   0        0 eth0

lo        Link encap:Local Loopback  
          inet addr:  Bcast:  Mask:
          RX packets:45 errors:0 dropped:0 overruns:0
          TX packets:45 errors:0 dropped:0 overruns:0

eth0      Link encap:10Mbps Ethernet  HWaddr 00:80:AD:B7:6B:8B
          inet addr:  Bcast:  Mask:
          RX packets:248327 errors:0 dropped:0 overruns:0
          TX packets:12415 errors:0 dropped:0 overruns:0
          Interrupt:10 Base address:0x300

From linux box 1 I can't ping either ip2 nor ip3 or ip4.
When I set everything up as a bridge, it works ok, but I want
linux box 1 to be router.
I increase the points to 600 if you can answer me how to set it
up with the route and ifconfig commands for each box that will get this to work.
Thanks, -b.d-

You're using Netmask  so all you boxes are in the same subnet:
This is the reason why it won't work with routing but with bridgeing.
Do you want to have them in the same subnet?
demelerAuthor Commented:
The problem is that I can only use pre-assigned IP addresses,
and they may or may not be in one particular subnet. How do I tell? Do they have to be on the same subnet? excuse my ignorance on this and the terminology, but that is the half the reason I am asking this question here. Are you telling me that I cannot go the routing option? What do I need in order for the routing to work, please give me an example of what constitutes a valid subnet, and how I tell what a subnet is, if that's whats required to get routing to work, then I may be able to get the appropriate IP addresses allocated. It would help me if I knew what to ask for. Thanks for your effort trying to help me out...
If it is a subnet or not depends on the netmask:

for example netmask defines that the net is, and therefor your IPs all belong to the same subnet.
You just need bridging for this.

If you change the netmask to, the IPs and belong to different subnets. These must be routed.

So in your situation, I recommend using a bridge instead of a router. I one of you comments you said you still have tested a bridge.
demelerAuthor Commented:
I did set it up as a bridge before, and that works just fine,
even with IP addresses assigned to eth0 and eth1 on Linux box 1.
Trouble is, I couldn't communicate between linux box 1 and box 2,
unless I go over a third computer outside the bridged network.
In that case I might as well use a network switch. So I am still confused: If I use a netmask of (on box 1?) instead of I would have to route the IP's ...5.44 and 231.12
because they belong to different subnets. So how do I route them properly, or is that not possible? What IP numbers do I need for that to work, some IP addresses that have the same number in the first through third position of the IP address? Forget for a moment that I could use a switch or use my linux box as a bridge.
What do I need here to make it work as a "router"?
Given the IP addresses I shoewd above, what commands do I need to enter to make these boxes talk to eachother, or do I need different IP numbers? If so, what would work given that my netmask is and my primary address (eth0) on linux box 1 is, and the gateway for box 1 is Those numbers cannot be changed. The IP's for eth1 on box 1
as well as the IP's for box 2-4 can be probably be changed, if they have to be.

If nothing else, I would like to understand how this router business works...

Ok. I'll use your IPs: First of all you need to provide a route to packets outgoing BUT also to packet returning. So all machines involved have to know how to deliver packets. Second, when a machine has a packet for one of the subnets it knows of, it sends the packet directly, but if the packet is for and address that doesn't match any known interface, it will ask the routing table for a router, first looking for a route to host, then a route to the subnet/network and, if all fails, it sends the packet to the default router.  This are the basics of routing.

Now, for the details. [If you read carefully the above paragraph, you are guessing you CAN'T do what you want with a router and without masquerading]

Suppose box 2 tries to connect to Its IP is which lets it access network 129.111.x.x, so it needs a router. It finds no route to host, neither to network, so the packet is delivered to the default router.

box 1 receives the packet and makes the same analisis, and delivers it to the default router: University Gateway.

The packet gets to the Net, and the answer comes back to the University Gateway. Then the Gateway, looks at the destination address and finds that it belongs to the local network, and says: "Ok, the packet is for, and I have an interface with netmask, so any address begginig with 129.111 MUST be on its cable, so let's send the packet DIRECTLY, no need for a router"

If box 1 were a bridge, when it sees a packet on one cable to a machine that sits on the other cable, it "COPIES" the packet AS IS to the other interface (in any direction) and solves the problem.

If box 1 were a masquerading router (replacing ORIGINATING host address, whith its own) the packet from box 2 would reach the Gateway as it were coming from box 1, Gateway would return the answer packet to box 1 which would replace DESTINATION address with box 2 addrress. Gateway doesn't have any notice about the existence of box 2, and box 2 thinks that it's conecting directly to the Net.

Finally, if I made myself clear, if you subnet, you need to subnet your Univerisity Gateway also (I think you can't), and if you don't, there's no way to use a non-masquerading router.

Good Luck,

-- Marcelo
demelerAuthor Commented:
Thanks - I see how this works now. I also got me a book (TCP/IP
admin by O'Reilley) that helpd explain these concepts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.