Solved

Bridge two subnets under Linux

Posted on 2001-06-19
6
2,125 Views
Last Modified: 2012-06-21
Hey there, i would like to know how do i bridge two subnets under Linux. Here is what i want to do:

192.168.0.x <--machine with 2 NICs--> 192.168.1.x

I want that 192.168.1.23 can ping 192.168.0.5 and vice-versa. Right now, i'm doing NAT from 192.168.1.x ---> 192.168.0.x. But with this setup, the 192.168.0 subnets can't access 192.168.1..

I tried to do echo 1 > /proc/sys/ipv4/ip_forward, but it seem to do nothing :-)

Here is my actual setup:

       Internet
          |
          |
      firewall (Doing NAT with iptables)
          |
          | subnet 192.168.0.x
          |
   Internet Server (Doing NAT with ipchains)
          |
          | subnet 192.168.1.x
          |
   XTerminal Server
          |
          | subnet 192.168.2.x
          |
      Xterminals (about 40 machines)

Ok, ok, i know, it's lame, but i'm out of switch!

Thanks for you help






0
Comment
Question by:bomek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 200 total points
ID: 6206520
Yeah, that's a bit of  a mess. Take down ipchains on the "Internet server" and make sure that box has routing enabled and that its default route point to the firewall. On the firewall add routes to the interior networks pointing to the Internet server:

 route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.?
 route add 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.?
   (where "?" is the IP of the internet server)

Make sure that the the interior network nodes have their default gateway pointing to the next hop, i.e., on the .1 network the defualt gateway should point to the Internet server's 192.168.1.0 IP.
0
 

Author Comment

by:bomek
ID: 6206834
Ok, thx, i did that on the firewall (192.168.0.1):

/sbin/route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3
route: netmask 000000ff doesn't make sense with host route

The firewall have absolutly no clue about the 192.168.1 subnet.

Routing table of the firewall:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth1
132.215.56.214  0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
132.215.56.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         132.215.56.1    0.0.0.0         UG    0      0        0 eth0

Routing table of the internet server (192.168.0.3) (sorry for the french...)
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth1

On the Xterminal server, the default route is 192.168.1.1. (ssh seem to have crashed on the xterm server... grrr)

Forgot to say, every computer (firewall, server, xtermserver) have 2 NICs.

Thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6207317
Whoops, my bad... Use "route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3". Why linux can't figure out that we aretrying to route to a network when the netmask is 255.255.255.0 is beyond me... So you have to use the "-net" option.
0
Monthly Recap

May was a big month for new releases from Linux Academy! Take a look at what our team built recently in our blog. You can access the newest releases from our blog.

 

Author Comment

by:bomek
ID: 6207456
Ok, so, i did that:

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.3

I can't ping 192.168.1.2 (which is the xterm server) but i havent flush ipchains rules. I'll wait tomorrow when i'll be there.

So, usually, i should be able to ping 192.168.1.2 and 192.168.2.x?

thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6208315
If the routes are correct on each of the interior routers and each of those has routing enabled and the clients are using the correct default route and there are no firewall rules active on the interior routers, then yes you should be able to ping a node on the 192.168.2.0 network from a node on any of the other private networks (and vice versa).
0
 

Author Comment

by:bomek
ID: 6216179
It don't seem to work :-P

I even look in a book that say something like you tell me. Anyway, i'll buy an other switch, this gonna solve the problem :-)

Thanks
0

Featured Post

Learn by Doing. Anytime. Anywhere.

Do you like to learn by doing?
Our labs and exercises give you the chance to do just that: Learn by performing actions on real environments.

Hands-on, scenario-based labs give you experience on real environments provided by us so you don't have to worry about breaking anything.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will explain how to establish a SSH connection to Ubuntu through the firewall and using a different port other then 22. I have set up a Ubuntu virtual machine in Virtualbox and I am running a Windows 7 workstation. From the Ubuntu vi…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question