Solved

One interesting question

Posted on 2004-04-21
4
209 Views
Last Modified: 2010-03-18
I have a machine called A with IP address 192.168.1.1/netmask 255.255.255.0

Another machine B with 192.168.1.2/netmask 255.255.255.0

There is no gateway entry specified in routing.
Their routing table is
For A
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
For B
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0


Now I am able to ping A to B as well as B to A

Now i want to put these two machines in a Separate network without changing the IP ADDRESS&netmask.How to do that?.(if machines are in physically sepated network they should not excahnge packets using dev as my case.They can use only gateway).
Simply speaking I shud not be able to ping form A to B or vice versa if they are separate network) . Without using gateway I want to achieve the goal.
Any ideas.Thanks in advance

0
Comment
Question by:palanisaravanan
  • 2
4 Comments
 
LVL 40

Assisted Solution

by:jlevie
jlevie earned 50 total points
ID: 10879064
I'm going to assume that the "separate networks" will be inside of your Internet gateway. in that case you can accomplish the goal by creating a physically separate network within your LAN whose only connection to the LAN is via a NAT'ing gateway. Assuming the NAT'ing gateway has the IP 192.168.1.253 the topology would look like:

           Internet Gateway
                       |
                       | ---- Machine A (192.168.1.1)
                       |
                       | ---- NAT'ng Gateway (192.168.1.253)
                                              |
                                              | ---- Machine B (192.168.1.2)

Firewall rules on the NAT'ing gateway are used to prevent packets from Machine A from reaching Machine B, which effectively prevents connections betweeen A & B in either direction.
0
 

Author Comment

by:palanisaravanan
ID: 10880413
Let me get U a clear picture.
If u want to connect for one network to another u can do routing by two ways.
one is
  route add -net 192.168.0.0 netmask 255.255.255.0 dev eth0

another one is

  route add -net 192.168.0.0 netamask 255.255.255.0 gw 192.168.1.1
(ip_forward is enabled)
  MY QUESTION IS
packets should be sent to another network only if routing is done using gateway.
Packets should not be sent to another network if the routing is done using dev.
       how to do that?
0
 

Author Comment

by:palanisaravanan
ID: 10880488
If u want to connect for one network to another u can do routing by tw0
       READ THIS LINE AS
If u want to connect from one network to another u can do routing by two

     
0
 
LVL 3

Accepted Solution

by:
yhetti earned 75 total points
ID: 11185591
I think you need to clarify a little better.  What I think you've described is the only way routing *can* work (i.e, it can only be sent to another network that's physically seperate if you specify a gateway.)

I may be intepreting it wrong.  Here's another way I'm looking at it...

You have 2 machines, 192.168.1.10 and .11, and a gateway that .1 -- given this setup, you want 192.168.1.10 to be forced to communicate to .11 via the gateway and never via the local network, and vice-versa.  Here's how I would accomplish that.

bring both interfaces up with a 255.255.255.255 netmask (that's a /32) which specifies a single IP address.  That way there's no route in the routing table.  Then add a specific route to the router

route add -host 192.168.1.1 netmask 255.255.255.255 eth0
route add default gw 192.168.1.1

If you do that on both machines, it should force all traffic through the gateway.

0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question