Solved

Bridge two subnets under Linux

Posted on 2001-06-19
6
2,116 Views
Last Modified: 2012-06-21
Hey there, i would like to know how do i bridge two subnets under Linux. Here is what i want to do:

192.168.0.x <--machine with 2 NICs--> 192.168.1.x

I want that 192.168.1.23 can ping 192.168.0.5 and vice-versa. Right now, i'm doing NAT from 192.168.1.x ---> 192.168.0.x. But with this setup, the 192.168.0 subnets can't access 192.168.1..

I tried to do echo 1 > /proc/sys/ipv4/ip_forward, but it seem to do nothing :-)

Here is my actual setup:

       Internet
          |
          |
      firewall (Doing NAT with iptables)
          |
          | subnet 192.168.0.x
          |
   Internet Server (Doing NAT with ipchains)
          |
          | subnet 192.168.1.x
          |
   XTerminal Server
          |
          | subnet 192.168.2.x
          |
      Xterminals (about 40 machines)

Ok, ok, i know, it's lame, but i'm out of switch!

Thanks for you help






0
Comment
Question by:bomek
  • 3
  • 3
6 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 200 total points
ID: 6206520
Yeah, that's a bit of  a mess. Take down ipchains on the "Internet server" and make sure that box has routing enabled and that its default route point to the firewall. On the firewall add routes to the interior networks pointing to the Internet server:

 route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.?
 route add 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.?
   (where "?" is the IP of the internet server)

Make sure that the the interior network nodes have their default gateway pointing to the next hop, i.e., on the .1 network the defualt gateway should point to the Internet server's 192.168.1.0 IP.
0
 

Author Comment

by:bomek
ID: 6206834
Ok, thx, i did that on the firewall (192.168.0.1):

/sbin/route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3
route: netmask 000000ff doesn't make sense with host route

The firewall have absolutly no clue about the 192.168.1 subnet.

Routing table of the firewall:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth1
132.215.56.214  0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
132.215.56.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         132.215.56.1    0.0.0.0         UG    0      0        0 eth0

Routing table of the internet server (192.168.0.3) (sorry for the french...)
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth1

On the Xterminal server, the default route is 192.168.1.1. (ssh seem to have crashed on the xterm server... grrr)

Forgot to say, every computer (firewall, server, xtermserver) have 2 NICs.

Thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6207317
Whoops, my bad... Use "route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3". Why linux can't figure out that we aretrying to route to a network when the netmask is 255.255.255.0 is beyond me... So you have to use the "-net" option.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:bomek
ID: 6207456
Ok, so, i did that:

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.3

I can't ping 192.168.1.2 (which is the xterm server) but i havent flush ipchains rules. I'll wait tomorrow when i'll be there.

So, usually, i should be able to ping 192.168.1.2 and 192.168.2.x?

thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6208315
If the routes are correct on each of the interior routers and each of those has routing enabled and the clients are using the correct default route and there are no firewall rules active on the interior routers, then yes you should be able to ping a node on the 192.168.2.0 network from a node on any of the other private networks (and vice versa).
0
 

Author Comment

by:bomek
ID: 6216179
It don't seem to work :-P

I even look in a book that say something like you tell me. Anyway, i'll buy an other switch, this gonna solve the problem :-)

Thanks
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
wipe a usb using python 5 64
centos linux 65 155
Backup Raspberri Pi over the netowrk to a Windows Share 5 52
winscp 000webhost.com 6 72
This document is written for Red Hat Enterprise Linux AS release 4 and ORACLE 10g.  Earlier releases can be installed using this document as well however there are some additional steps for packages to be installed see Metalink. Disclaimer: I hav…
If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question