• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2160
  • Last Modified:

Bridge two subnets under Linux

Hey there, i would like to know how do i bridge two subnets under Linux. Here is what i want to do:

192.168.0.x <--machine with 2 NICs--> 192.168.1.x

I want that 192.168.1.23 can ping 192.168.0.5 and vice-versa. Right now, i'm doing NAT from 192.168.1.x ---> 192.168.0.x. But with this setup, the 192.168.0 subnets can't access 192.168.1..

I tried to do echo 1 > /proc/sys/ipv4/ip_forward, but it seem to do nothing :-)

Here is my actual setup:

       Internet
          |
          |
      firewall (Doing NAT with iptables)
          |
          | subnet 192.168.0.x
          |
   Internet Server (Doing NAT with ipchains)
          |
          | subnet 192.168.1.x
          |
   XTerminal Server
          |
          | subnet 192.168.2.x
          |
      Xterminals (about 40 machines)

Ok, ok, i know, it's lame, but i'm out of switch!

Thanks for you help






0
bomek
Asked:
bomek
  • 3
  • 3
1 Solution
 
jlevieCommented:
Yeah, that's a bit of  a mess. Take down ipchains on the "Internet server" and make sure that box has routing enabled and that its default route point to the firewall. On the firewall add routes to the interior networks pointing to the Internet server:

 route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.?
 route add 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.?
   (where "?" is the IP of the internet server)

Make sure that the the interior network nodes have their default gateway pointing to the next hop, i.e., on the .1 network the defualt gateway should point to the Internet server's 192.168.1.0 IP.
0
 
bomekAuthor Commented:
Ok, thx, i did that on the firewall (192.168.0.1):

/sbin/route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3
route: netmask 000000ff doesn't make sense with host route

The firewall have absolutly no clue about the 192.168.1 subnet.

Routing table of the firewall:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth1
132.215.56.214  0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
132.215.56.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         132.215.56.1    0.0.0.0         UG    0      0        0 eth0

Routing table of the internet server (192.168.0.3) (sorry for the french...)
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth1

On the Xterminal server, the default route is 192.168.1.1. (ssh seem to have crashed on the xterm server... grrr)

Forgot to say, every computer (firewall, server, xtermserver) have 2 NICs.

Thanks
0
 
jlevieCommented:
Whoops, my bad... Use "route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3". Why linux can't figure out that we aretrying to route to a network when the netmask is 255.255.255.0 is beyond me... So you have to use the "-net" option.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
bomekAuthor Commented:
Ok, so, i did that:

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.3

I can't ping 192.168.1.2 (which is the xterm server) but i havent flush ipchains rules. I'll wait tomorrow when i'll be there.

So, usually, i should be able to ping 192.168.1.2 and 192.168.2.x?

thanks
0
 
jlevieCommented:
If the routes are correct on each of the interior routers and each of those has routing enabled and the clients are using the correct default route and there are no firewall rules active on the interior routers, then yes you should be able to ping a node on the 192.168.2.0 network from a node on any of the other private networks (and vice versa).
0
 
bomekAuthor Commented:
It don't seem to work :-P

I even look in a book that say something like you tell me. Anyway, i'll buy an other switch, this gonna solve the problem :-)

Thanks
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now