Mac Xserve route 3 subnets: IPFW: Routing Table

Thank you for the response Nopius!

Yes... MacOS X is very close to FreeBSD.  I have been looking at websites for FreeBSD to find most of my information.

ipforwarding is set to 1

------------------
I'm not sure about the gateway_enable parameter... I'm assuming this is related to the ipforwarding being turned on during startup?  

I looked for a rc.conf file, but only found rc, rc.common, rc.boot.  I looked for a gateway parameter in those files and did not find it.  Let me know if I need to find that parameter and make sure that parameter is turned on.

----------------
For the delaut router on different subnets...

The default router in the .1.x subnet is 192.168.1.1.

The Mac Server (which is the server that has the Routing Table I am working on) is connected to that subnet through a NIC card with the address: 192.168.1.101.

All the clients on the .1x subnet are pointing to the 192.168.1.1 router.

In my Mac Server Routing Table... should the gateway be the NIC card on the Mac server or the router on the subnet?  Should it be...

route add -net 192.168.1/24 192.168.1.101
or
route add -net 192.168.1/24 192.168.1.1

This has caused me some confusion.

Hmm... do I need to go into the default router on the .1.x subnet (192.168.1.1) and update that routing table to point requests for 192.168.3/24 to the mac server (192.168.1.101)?

I have a default route set up... and am wondering if I should get rid of it?

Again, thank you for the help.

Ha!  I have some success!

I changed the routing table on the 192.168.1.1 server to point to the Mac server (192.168.1.101) and I can now ping 192.168.1.1 from 192.168.3.12!

I'm sooo clooose.  

The last step is being able to ping 192.168.1.92 from 192.168.3.12.  For some reason, I cannot ping inside the 192.168.1.x sub-domain from the 192.168.3.x sub-domain.  I can ping the 192.168.1.x server, but no other computer outside the server?

Any thoughts?

New Routing Diagram
http://www.kbdiondemand.org/client_files/routingDiagram.png

>> The default router in the .1.x subnet is 192.168.1.1.
>Why do you have 1.1 as a default router and not 1.101? Is it your internet router? If it is, then you >need to change it's routing table to get access to .3.x and .2.x networks from .1.x clients.
1.1 is the default router for that subnet.  I am routing between three different subnets, each with it's own DHCP, DNS & default router.
My last post was changing the router on 1.1.  It is a windows 2000 professional running vDHCP software.  I was finally able to ping this server when I changed the routing table on 1.1 to send 3.0 traffic to 192.168.1.101.

Thanks for the link!  The article started off wonderfully, but then quickly degraded into nothing.  I was hoping for a detailed description of how an IP address passes through a network, including routers.

Please let me know if you have any other link suggestions.

I made some additions to the routing diagram:
http://www.kbdiondemand.org/client_files/routingDiagram3.png

>To ping 192.168.1.92 from 192.168.3.12 you should have 2 things:
>1) 192.168.3.12 should have default route pointing to .3.10
>2) 192.168.1.1 should have route like this:
>route add -net 192.168.3/24 192.168.1.101

In response...
1) 192.168.3.12 has it's default router as .3.10
2)  192.168.1.1 is a windows computer.  The route table has a route that looks like this:
192.168.3.0     255.255.255.0     192.168.1.101     192.168.1.1
which should do the same thing as a freeBSD routing table example listed in your example.

As to your point on missing the whole routing theory?  Could you explain this in more detail?  What exactly did I miss?

Thank you for your help.

More progress!

I've been attempting to ping 192.168.1.8 from 192.168.3.12, and unsuccessful.

I've been assuming that because  I changed the routing table on 192.168.1.1, and all the .1 subdomain client computers list 192.168.1.1 as their router, that the IP packet looked like this...

From 192.168.003.012 to 192.168.003.010
192.168.003.010 to 192.168.001.101
192.168.001.101 to 192.168.001.008
192.168.001.008 to 192.168.001.001
192.168.001.001 to 192.168.001.101
192.168.001.101 to 192.168.003.010
192.168.003.010 to 192.168.003.012

But I don't think this is happening.  What is happening is once the packet gets to 192.168.001.008, that computer doesn't know what to do with a .3 subdomain.

I modified the 192.168.001.008 routing table to send .3 subdomains to 1.101, and it worked!

Almost done now.

I guess this goes back to one of your posts.

Either one of two things need to happen.

1.
All the client computers on the .1 subdomain should point to 1.101 as the router.  I didn't do this is the past because I didn't want the 1.101 server to be in charge of all the routing for the .1 subdomain.  I wanted the 1.1 DHCP server to be in charge of all the routing for the .1 subdomain, but if it found a packet that needed to be sent to .3 subdomain, it would send to 192.168.1.101 to be routed into the subdomain.

2.  Maybe all the client computers aren't getting refreshed with new routing table information?  If this is true and I can still have .1.1 in charge of routing for the .1 subdomain, can you tell me how to refresh client computers?

3.  Maybe because my router is not a server os, but just a Windows Professional running a vDHCP software, maybe the computer is not performing as a router?  Could you let me know if this is a correct assumption?

Thank you.

Thank you Nopius!

I'm so very close to completing this now!  I didn't think about looking for ip forwarding on the windows professional os.  I have enabled that now and still having a small problem.

Okay... so a computer with the ip of
192.168.1.8 has it's router set up to 192.168.1.1.  

192.168.1.1 has IP forwarding enabled and has an entry in it's routing table to forward all packets whose destination is the 3.x subdomain to ip address 192.168.1.101 (the mac server)

I am still not able to ping from 192.168.1.8 into the .3.x subnet.  I am attempting to ping a computer with the address 192.168.3.12.

If I go into the routing table on the 192.168.1.8 and add an entry that routes all .3.x subdomains traffic to the router at 192.168.1.1, then it works!

But if the default router setting on 192.168.1.8 is set to 192.168.1.1, why do I need to add an entry to the routing table on 192.168.1.8?

There is an entry in the routing table for the defalt router set to go to 192.168.1.1, but it doesn't appear to be working?

I have other computers on the .1.x subdomain who are already pointing to the router at 192.168.1.1 and don't want to go into each computer to add an entry to the routing table to send .3.x traffic to the 1.1 router.

Is there somethnig I am missing?

The computer I was having problems with... 192.168.1.8 has two NIC cards joined to two different subdomains.  I think I need an entry in that computers routing table so it knows which default router to send the .3.x request to.  (192.168.2.1 or 192.168.1.1)

I tested this on another computer (192.168.1.160) which only has 1 nic card on it, and it worked!  I was able to ping 192.168.3.12!

Any thoughts about computers that have 2 nic cards so the .3.x subdomain can automatically go to the correct nic card without me configuring the local router table?

> The computer I was having problems with... 192.168.1.8 has two NIC cards joined to two different subdomains.  
You have quite complex network for one LAN :-)

> But if the default router setting on 192.168.1.8 is set to 192.168.1.1, why do I need to add an entry to the routing table on 192.168.1.8?

Please provide entire routing table of 192.168.1.8:
'route print'
and it's addresses info:
'ipconfig /all'
If it runs Windows or 'netstat -rn' if it runs Unix.

Windows 2000 IP Configuration



      Host Name . . . . . . . . . . . . : Guidebuilder
      Primary DNS Suffix  . . . . . . . :
      Node Type . . . . . . . . . . . . : Hybrid

      IP Routing Enabled. . . . . . . . : No

      WINS Proxy Enabled. . . . . . . . : No


Ethernet adapter Tandberg Hub:



      Connection-specific DNS Suffix  . :
      Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Server Adapter #2
      Physical Address. . . . . . . . . : 00-0B-DB-90-B7-7E

      DHCP Enabled. . . . . . . . . . . : No

      IP Address. . . . . . . . . . . . : 192.168.2.230

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Default Gateway . . . . . . . . . : 192.168.2.1

      DNS Servers . . . . . . . . . . . :

Ethernet adapter OmNeon LAC:



      Connection-specific DNS Suffix  . :
      Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Server Adapter
      Physical Address. . . . . . . . . : 00-0B-DB-90-B7-7D

      DHCP Enabled. . . . . . . . . . . : No

      IP Address. . . . . . . . . . . . : 192.168.1.8

      Subnet Mask . . . . . . . . . . . : 255.255.255.0

      Default Gateway . . . . . . . . . : 192.168.1.1

      DNS Servers . . . . . . . . . . . :

----------------------------------------

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 0b db 90 b7 7e ...... Intel(R) PRO/1000 XT Server Adapter
0x1000004 ...00 0b db 90 b7 7d ...... Intel(R) PRO/1000 XT Server Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.8        1
          0.0.0.0          0.0.0.0      192.168.2.1   192.168.2.230        1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1        1
      192.168.1.0    255.255.255.0      192.168.1.8     192.168.1.8        1
      192.168.1.8  255.255.255.255        127.0.0.1       127.0.0.1        1
    192.168.1.255  255.255.255.255      192.168.1.8     192.168.1.8        1
      192.168.2.0    255.255.255.0    192.168.2.230   192.168.2.230        1
    192.168.2.230  255.255.255.255        127.0.0.1       127.0.0.1        1
    192.168.2.255  255.255.255.255    192.168.2.230   192.168.2.230        1
        224.0.0.0        224.0.0.0      192.168.1.8     192.168.1.8        1
        224.0.0.0        224.0.0.0    192.168.2.230   192.168.2.230        1
  255.255.255.255  255.255.255.255    192.168.2.230   192.168.2.230        1
Default Gateway:       192.168.2.1
===========================================================================
Persistent Routes:
  None

Summary of Solution:
Okay... so this is what I did to solve this problem.

1.  Set all NIC cards on the server to static ip addresses joined to each subdomain.
192.168.1.101
192.168.3.10
192.168.2.88

2.  Make sure IP forwarding is set to on.

3.  Enter routing commands into the Mac server routing table:
route add 192.168.1.0/24 -net 192.168.1.101
route add 192.168.3.0/24 -net 192.168.3.10
route add 192.168.2.0/24 -net 192.168.2.88

The second IP address is the IP address that is on the network card on the Mac.

This tells the routing on the server to send all IP packets that match the ip address of 192.168.1.xxx to be sent out the 192.168.1.101 network card.

Then on the 192.168.1 subdomain, I found the computer that was acting as the router.  192.168.1.1.

This is a windows 2000 professional server that was running vDHCP software to act as a DHCP server and all the other computers on that subdomain were pointed to it as the router.

However, this computer did not have IP forwarding turned on.  
To turn on IP forwarding on a windows 2000 computer:
http://www.windowsnetworking.com/articles_tutorials/w2kprout.html

Then I needed to add a route to the routing table that sends all 192.168.3.xxx traffic back to the mac server, which is connected to the 192.168.1.xxx subdomain with the IP address of 192.168.1.101.

On the 192.168.1.1 Server this is the route I added:
route add 192.168.3.0 mask 255.255.255.0 192.168.1.101

Now the .1.xxx & .3.xxx subdomains are connected and traffic can be passed back and forth between the two.

--------------
Example:
On client computer 192.168.3.12, ping 192.168.1.8.

The ip packet first looks for information on the routing table found on 192.168.3.12, it doesn't find any matching routes for the ip address, but it does match the default router (0.0.0.0) and sends the IP packet to the default router which is the mac server: 192.168.3.10

The routing table on the server matches 192.168.1.8 to the route 192.168.1.0/24 and sends the packet out the 192.168.1.101 network card.

From the 192.168.1.101 network card, the computer 192.168.1.8 can be seen and the IP packet is sent to 192.168.1.8.

Once it reaches 1.8, it looks at the return address on the IP packet.  (192.168.3.12).  It searches for a match on the local routing table.  It doesn't find a match but the default router is 192.168.1.1.  It sends the IP packet to 192.168.1.1.

The routing table on 192.168.1.1 has a route to send packets that match 192.168.3.0/24 to the ip address of 192.168.1.101.  (mac os x server)

Once the packet reaches the mac server, it finds a route to send packets that match 192.168.3.0/24 to the network card with the address of 192.168.3.10.  

Once the IP packet reaches the card, it can see the ip address: 192.168.3.12 and gets sent to that computer.

------------
Thank you Nopius.

Thank you, spiralOcean.
Now you understand routing principals better then me :-)