One interesting question

Posted on 2004-04-21
Last Modified: 2010-03-18
I have a machine called A with IP address

Another machine B with

There is no gateway entry specified in routing.
Their routing table is
For A
Destination Gateway Genmask Flags Metric Ref Use Iface U 0 0 0 eth0
For B
Destination Gateway Genmask Flags Metric Ref Use Iface U 0 0 0 eth0

Now I am able to ping A to B as well as B to A

Now i want to put these two machines in a Separate network without changing the IP ADDRESS&netmask.How to do that?.(if machines are in physically sepated network they should not excahnge packets using dev as my case.They can use only gateway).
Simply speaking I shud not be able to ping form A to B or vice versa if they are separate network) . Without using gateway I want to achieve the goal.
Any ideas.Thanks in advance

Question by:palanisaravanan
  • 2
LVL 40

Assisted Solution

jlevie earned 50 total points
ID: 10879064
I'm going to assume that the "separate networks" will be inside of your Internet gateway. in that case you can accomplish the goal by creating a physically separate network within your LAN whose only connection to the LAN is via a NAT'ing gateway. Assuming the NAT'ing gateway has the IP the topology would look like:

           Internet Gateway
                       | ---- Machine A (
                       | ---- NAT'ng Gateway (
                                              | ---- Machine B (

Firewall rules on the NAT'ing gateway are used to prevent packets from Machine A from reaching Machine B, which effectively prevents connections betweeen A & B in either direction.

Author Comment

ID: 10880413
Let me get U a clear picture.
If u want to connect for one network to another u can do routing by two ways.
one is
  route add -net netmask dev eth0

another one is

  route add -net netamask gw
(ip_forward is enabled)
packets should be sent to another network only if routing is done using gateway.
Packets should not be sent to another network if the routing is done using dev.
       how to do that?

Author Comment

ID: 10880488
If u want to connect for one network to another u can do routing by tw0
If u want to connect from one network to another u can do routing by two


Accepted Solution

yhetti earned 75 total points
ID: 11185591
I think you need to clarify a little better.  What I think you've described is the only way routing *can* work (i.e, it can only be sent to another network that's physically seperate if you specify a gateway.)

I may be intepreting it wrong.  Here's another way I'm looking at it...

You have 2 machines, and .11, and a gateway that .1 -- given this setup, you want to be forced to communicate to .11 via the gateway and never via the local network, and vice-versa.  Here's how I would accomplish that.

bring both interfaces up with a netmask (that's a /32) which specifies a single IP address.  That way there's no route in the routing table.  Then add a specific route to the router

route add -host netmask eth0
route add default gw

If you do that on both machines, it should force all traffic through the gateway.


Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question