jump to navigation

Configuring Routes on Linux March 5, 2011

Posted by Tournas Dimitrios in Linux.
trackback

Routing is the act of transferring packets from one host or subnet to another. Let’s say that you have two LAN subnets, 192.168.0.0/24 and 192.168.1.0/24, and a Linux router machine with two Ethernet cards, one connected to each subnet. The router has two IP addresses: 192.168.0.1 for eth0 and 192.168.1.1 for eth1. The picture below shows the two networks , the router’s routing table looks like this (obtained by running route -n):

Destination       Gateway          Genmask    Flags   Metric      Ref   Use  Iface
192.168.0.0     0.0.0.0        255.255.255.0   U       0             0             0       eth0
192.168.1.0      0.0.0.0        255.255.255.0   U      0            0              0       eth1

Furthermore, let’s say that the hosts on each subnet have the router as their default gateway (192.168.0.1 for 192.168.0.0/24 and 192.168.1.1 for 192.168.1.0/24). Therefore, if 192.168.0.30 wanted to send a packet to anything outside of 192.168.0.0/24, it would pass the packet to 192.168.0.1. Now let’s say that you want to send a packet from 192.168.0.30 to 192.168.1.30. The packet goes to 192.168.0.1 (the router) via its eth0 interface, and now you want it to go back out through the router’s eth1 interface. To make the Linux kernel perform this basic routing function, the only thing you need to do is enable IP forwarding on the router with the following command:

echo 1 > /proc/sys/net/ipv4/ip_forward

This is easy enough, but what if you have another subnet, 192.168.2.0/24, connected to the host at 192.168.1.40 on that host’s second network interface, as shown in the picture below ?


After configuring 192.168.1.40’s second Ethernet interface to 192.168.2.1, you now need to figure out how everything else in 192.168.0.0/24 and 192.168.1.0/24 can talk to 192.168.2.0/24. Let’s start with the router that connects 192.168.0.0/24 and 192.168.1.0/24. You can tell the router that 192.168.1.40 handles 192.168.2.0/24 with this command:
route add -net 192.168.2.0  netmask  255.255.255.0 gw 192.168.1.40

The routing table on the router now looks like this:
Destination   Gateway           Genmask        Flags   Metric Ref Use Iface
192.168.2.0   192.168.1.40   255.255.255.0 UG     0            0     0    eth0
192.168.0.0   0.0.0.0             255.255.255.0   U      0            0     0    eth0
192.168.1.0   0.0.0.0              255.255.255.0  U        0            0    0    eth1

As an added bonus, recall that all traffic from 192.168.0.0/24 initially goes to the router, because 192.168.0.1 is the default gateway on that subnet. Therefore, anything on 192.168.0.0/24 can now talk to 192.168.2.0/24, and vice versa (as long as you set the default route for the hosts on 192.168.2.0/24 to 192.168.2.1). But what about 192.168.1.0/24?

Technically, this also works now, because the packets go to 192.168.1.1 (eth1 on the router), then back out the same network interface to 192.168.1.40. This is inefficient and a bit slower, of course, because the packets to 192.168.2.0/24 must go across the same wire twice, with the router handling the packet between the transmissions. If you want to “fix” this, you must run a route command similar to the one above for each host on 192.168.1.0/24.

Say that the router has a connection to the Internet, and that this is the router’s default gateway. Theoretically, there’s no problem in sending packets out of your network to the rest of the Internet. Unfortunately,  your IP addresses are in private networks and you will never get anything back. You need to run NAT  or do some other trick to get everything within the network talking to the outside world.

Read also : How to add static routes on Linux

Links :

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s