?
Solved

Linux route command giving error 'SIOCADDRT: Network is unreachable'

Posted on 2009-02-09
3
Medium Priority
?
5,790 Views
Last Modified: 2013-11-11
Basically trying to provide a route from eth1 to eth0 and getting an error when trying to issue the command:
route add -net 10.40.40.0 netmask 255.255.255.0 gw 192.168.0.10 dev eth1
Yeilds response:"SIOCADDRT: Network is unreachable"  
Relevant settings:
eth0  inet addr:192.168.0.167  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3329 errors:0 dropped:0 overruns:0 frame:0
          TX packets:259 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:424167 (414.2 KiB)  TX bytes:33542 (32.7 KiB)
eth1  inet addr:10.40.40.2  Bcast:10.40.40.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:63 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:476 (476.0 b)  TX bytes:9490 (9.2 KiB)
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1428 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1428 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2271504 (2.1 MiB)  TX bytes:2271504 (2.1 MiB)
route:Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.40.40.0      *               255.255.255.0   U     0      0        0 eth1
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default         192.168.0.10    0.0.0.0         UG    0      0        0 eth0
~~~~~
I can ping 192.168.0.10 and 10.40.40.7 (servers on both the subnets) and SSH to the server from the 192 subnet then SSH to the 10.40.40.7 server.
I get this regardless of whether I have set a 1 or a 0 to the ip_forward  
# echo 1 > /proc/sys/net/ipv4/ip_forward
I also get this if I take out the default gateway from eth0.
I am on RHEL5U2 and have tried it with iptables off, iptables -F (detault) and various NAT/forwarding.
~~~~~
Any ideas on how to make this work?
0
Comment
Question by:nodozeno
3 Comments
 
LVL 10

Accepted Solution

by:
kyleb84 earned 1600 total points
ID: 23597690
You do not need a "route" command as the linux box already knows how to get to each network.

Making a linux router is relatively easy...

Attached is a script that routes from the 192.168.1.0 network to the 172.16.0.0 network

ip_forward must be 1...

For different networks just change the last 2 lines....

#!/bin/sh
 
. /etc/functions.sh
WAN="eth0"
WANDEV="eth0"
LAN="eth1"
 
## CLEAR TABLES
for T in filter nat; do
  iptables -t $T -F
  iptables -t $T -X
done
 
iptables -N input_rule
iptables -N input_wan
iptables -N output_rule
iptables -N forwarding_rule
iptables -N forwarding_wan
 
iptables -t nat -N NEW
iptables -t nat -N prerouting_wan
iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule
 
iptables -N LAN_ACCEPT
[ -z "$WAN" ] || iptables -A LAN_ACCEPT -i "$WAN" -j RETURN
[ -z "$WANDEV" -o "$WANDEV" = "$WAN" ] || iptables -A LAN_ACCEPT -i "$WANDEV" -j RETURN
iptables -A LAN_ACCEPT -j ACCEPT
 
### INPUT
###  (connections with the router as destination)
 
  # base case
  iptables -P INPUT DROP
  iptables -A INPUT -m state --state INVALID -j DROP
  iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j  DROP
 
  #
  # insert accept rule or to jump to new accept-check table here
  #
  iptables -A INPUT -j input_rule
  iptables -A INPUT -i $WAN -j input_wan
 
  # allow
  iptables -A INPUT -j LAN_ACCEPT       # allow from lan/wifi interfaces
  iptables -A INPUT -p icmp     -j ACCEPT       # allow ICMP
  iptables -A INPUT -p gre      -j ACCEPT       # allow GRE
 
  # reject (what to do with anything not allowed earlier)
  iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
  iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
 
### OUTPUT
### (connections with the router as source)
 
  # base case
  iptables -P OUTPUT DROP
  iptables -A OUTPUT -m state --state INVALID -j DROP
  iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
  #
  # insert accept rule or to jump to new accept-check table here
  #
  iptables -A OUTPUT -j output_rule
 
  # allow
  iptables -A OUTPUT -j ACCEPT          #allow everything out
 
  # reject (what to do with anything not allowed earlier)
  iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset
  iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
 
### FORWARDING
### (connections routed through the router)
 
  # base case
  iptables -P FORWARD DROP
  iptables -A FORWARD -m state --state INVALID -j DROP
  iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
  iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
 
  #
  # insert accept rule or to jump to new accept-check table here
  #
  iptables -A FORWARD -j forwarding_rule
  iptables -A FORWARD -i $WAN -j forwarding_wan
 
  # allow
  iptables -A FORWARD -i br0 -o br0 -j ACCEPT
  iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
 
iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
 
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp -j ACCEPT
iptables -A INPUT -p udp -j ACCEPT
 
iptables -t nat -F
iptables -t nat -X
 
iptables -A FORWARD -s 192.168.1.0/24 -d 172.16.0.0/24 -j ACCEPT
iptables -A FORWARD -s 172.16.0.0/24 -d 192.168.1.0/24 -j ACCEPT

Open in new window

0
 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 400 total points
ID: 23599330
> route add -net 10.40.40.0 netmask 255.255.255.0 gw 192.168.0.10 dev eth1
> eth1  inet addr:10.40.40.2  Bcast:10.40.40.255  Mask:255.255.255.0
You don't need to add this route - the route is already there (as a link scope)
but even though "gw 192.168.0.10" is accesible only via eth0, not the eth1 You specified.
0
 

Author Closing Comment

by:nodozeno
ID: 31544880
Thanks gents for the info.  I was able to get most of what I needed.  I do still have some remaining issues but I think they are related to the fact that these servers are on a virtual infrasture (virt blade networking in a chassis as well as virtual networking on XEN on top of the blades).  I found tons of IPtables entries under the covers in the virt infrastructure and there may be some interaction.  Until I replicate this on a physical infrastructure I will have to assume that is the cause.  
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month17 days, 7 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question