Solved

Bridge two subnets under Linux

Posted on 2001-06-19
6
2,110 Views
Last Modified: 2012-06-21
Hey there, i would like to know how do i bridge two subnets under Linux. Here is what i want to do:

192.168.0.x <--machine with 2 NICs--> 192.168.1.x

I want that 192.168.1.23 can ping 192.168.0.5 and vice-versa. Right now, i'm doing NAT from 192.168.1.x ---> 192.168.0.x. But with this setup, the 192.168.0 subnets can't access 192.168.1..

I tried to do echo 1 > /proc/sys/ipv4/ip_forward, but it seem to do nothing :-)

Here is my actual setup:

       Internet
          |
          |
      firewall (Doing NAT with iptables)
          |
          | subnet 192.168.0.x
          |
   Internet Server (Doing NAT with ipchains)
          |
          | subnet 192.168.1.x
          |
   XTerminal Server
          |
          | subnet 192.168.2.x
          |
      Xterminals (about 40 machines)

Ok, ok, i know, it's lame, but i'm out of switch!

Thanks for you help






0
Comment
Question by:bomek
  • 3
  • 3
6 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 200 total points
ID: 6206520
Yeah, that's a bit of  a mess. Take down ipchains on the "Internet server" and make sure that box has routing enabled and that its default route point to the firewall. On the firewall add routes to the interior networks pointing to the Internet server:

 route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.?
 route add 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.?
   (where "?" is the IP of the internet server)

Make sure that the the interior network nodes have their default gateway pointing to the next hop, i.e., on the .1 network the defualt gateway should point to the Internet server's 192.168.1.0 IP.
0
 

Author Comment

by:bomek
ID: 6206834
Ok, thx, i did that on the firewall (192.168.0.1):

/sbin/route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3
route: netmask 000000ff doesn't make sense with host route

The firewall have absolutly no clue about the 192.168.1 subnet.

Routing table of the firewall:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth1
132.215.56.214  0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
132.215.56.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         132.215.56.1    0.0.0.0         UG    0      0        0 eth0

Routing table of the internet server (192.168.0.3) (sorry for the french...)
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth1

On the Xterminal server, the default route is 192.168.1.1. (ssh seem to have crashed on the xterm server... grrr)

Forgot to say, every computer (firewall, server, xtermserver) have 2 NICs.

Thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6207317
Whoops, my bad... Use "route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3". Why linux can't figure out that we aretrying to route to a network when the netmask is 255.255.255.0 is beyond me... So you have to use the "-net" option.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:bomek
ID: 6207456
Ok, so, i did that:

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.3

I can't ping 192.168.1.2 (which is the xterm server) but i havent flush ipchains rules. I'll wait tomorrow when i'll be there.

So, usually, i should be able to ping 192.168.1.2 and 192.168.2.x?

thanks
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6208315
If the routes are correct on each of the interior routers and each of those has routing enabled and the clients are using the correct default route and there are no firewall rules active on the interior routers, then yes you should be able to ping a node on the 192.168.2.0 network from a node on any of the other private networks (and vice versa).
0
 

Author Comment

by:bomek
ID: 6216179
It don't seem to work :-P

I even look in a book that say something like you tell me. Anyway, i'll buy an other switch, this gonna solve the problem :-)

Thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
linux copy files from usb to folder on system 14 57
Replace Ubuntu Desktop with Ubuntu Server 7 89
Linux as a middle box 7 61
nagios alerts 3 32
You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now