Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


One interesting question

Posted on 2004-04-21
Medium Priority
Last Modified: 2010-03-18
I have a machine called A with IP address

Another machine B with

There is no gateway entry specified in routing.
Their routing table is
For A
Destination Gateway Genmask Flags Metric Ref Use Iface U 0 0 0 eth0
For B
Destination Gateway Genmask Flags Metric Ref Use Iface U 0 0 0 eth0

Now I am able to ping A to B as well as B to A

Now i want to put these two machines in a Separate network without changing the IP ADDRESS&netmask.How to do that?.(if machines are in physically sepated network they should not excahnge packets using dev as my case.They can use only gateway).
Simply speaking I shud not be able to ping form A to B or vice versa if they are separate network) . Without using gateway I want to achieve the goal.
Any ideas.Thanks in advance

Question by:palanisaravanan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 40

Assisted Solution

jlevie earned 100 total points
ID: 10879064
I'm going to assume that the "separate networks" will be inside of your Internet gateway. in that case you can accomplish the goal by creating a physically separate network within your LAN whose only connection to the LAN is via a NAT'ing gateway. Assuming the NAT'ing gateway has the IP the topology would look like:

           Internet Gateway
                       | ---- Machine A (
                       | ---- NAT'ng Gateway (
                                              | ---- Machine B (

Firewall rules on the NAT'ing gateway are used to prevent packets from Machine A from reaching Machine B, which effectively prevents connections betweeen A & B in either direction.

Author Comment

ID: 10880413
Let me get U a clear picture.
If u want to connect for one network to another u can do routing by two ways.
one is
  route add -net netmask dev eth0

another one is

  route add -net netamask gw
(ip_forward is enabled)
packets should be sent to another network only if routing is done using gateway.
Packets should not be sent to another network if the routing is done using dev.
       how to do that?

Author Comment

ID: 10880488
If u want to connect for one network to another u can do routing by tw0
If u want to connect from one network to another u can do routing by two


Accepted Solution

yhetti earned 150 total points
ID: 11185591
I think you need to clarify a little better.  What I think you've described is the only way routing *can* work (i.e, it can only be sent to another network that's physically seperate if you specify a gateway.)

I may be intepreting it wrong.  Here's another way I'm looking at it...

You have 2 machines, and .11, and a gateway that .1 -- given this setup, you want to be forced to communicate to .11 via the gateway and never via the local network, and vice-versa.  Here's how I would accomplish that.

bring both interfaces up with a netmask (that's a /32) which specifies a single IP address.  That way there's no route in the routing table.  Then add a specific route to the router

route add -host netmask eth0
route add default gw

If you do that on both machines, it should force all traffic through the gateway.


Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question