On 16 Aug 2006, in the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed) .com>,
(E-Mail Removed)
wrote:
>I'm hoping someone can help me with this problem I've been trying to
>figure it out all day. I'm needing to bridge (not sure if that's the
>right word for what I'm trying to do) two private subnets together so
>that they act as if they're on the same subnet. If that makes sense.
That depend on how your systems are set up, but you probably don't mean
to bridge.
>Long story short, we had a 192.x.x.x network, now they're adding some
>voip and vlans, and presto a new network 10.x.x.x that can talk to the
>pre-existing network and visaversa.
OK - but they aren't on the same wire, and you need to have a gateway
router between the two. So this sounds more like a standard network
setup.
>We have a linux router setup on the "old" network 192.168.0.0/19. I
>need the machines that are using this router as their default gateway
>to communicate with the 10.0.0.0/8 network as if they were on the
>192.168.0.0/19 network. I have setup an ip route and have it kind of
>working. I can ping and connect to the 10.x.x.x network but it appears
>my connection is being NAT'ed.
Because you told it to.
OK - stop for a moment. "default gateway" always gets misunderstood. There
are several meanings to that phrase, depending on context. The meaning
could be "if no other route goes where you want, send it ''here'' and it
will be forwarded". This should NORMALLY be used in the context of "the
route to the world". A second (much less common) definition is in the
case where there are more that one routes to a destination, and the default
is used unless directed otherwise.
>I'm not sure what I'm doing wrong, but here are, what I think are, the
>vital parts of my last attempt. Any help would be greatly appreciated.
>
>New Network-
>Subnet: 10.0.0.0/8
>Netmask: 255.0.0.0
(Gotta love it - 16.777 millions hosts on the same wire. Oh well.)
>Old Network-
>Subnet: 192.168.0.0/19
>Netmask: 255.255.224.0
>Gateway: 192.168.0.1
>
>The ip route to the other network:
>"ip route add 10.0.0.0/8 via 192.168.1.200 dev eth1"
>192.168.1.200 is a switch on the 10.x.x.x network.
OK - that's fine. The routing table on hosts on 192.168.0.0/19 network
should look like this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.224.0 U 0 0 1234 eth0
10.0.0.0 192.168.1.200 255.0.0.0 UG 0 0 789 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 20 lo
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 567 eth0
which says that to talk to 192.168.0.0/19, you talk direct. To talk to
10.0.0.0/8, send the packets to 192.168.1.200 and that host will forward
them. 127.0.0.0 is the loopback, and for ALL OTHER ADDRESSES, send it to
192.168.0.1 for forwarding. This is a very normal setup.
>When I set 192.168.1.200 as my default gateway I don't have the NAT
>problem. However, I need to get the 192.168.0.1 gateway to work because
>there are a bunch of workstations, print servers and file servers that
>have it set manually as their default gateway.
Well, I don't know why your print servers need access to the world, but
that's your business. You are confusing the function 'default gateway'
and 'gateway'. They're not the same. A 'gateway' leads to some other
network[s]. A 'default gateway' in the routing sense means the route
to use when nothing else fits - and if you think about that, you can
have only one default (if 'A', use 'a', if 'B', use 'b' otherwise use 'c',
otherwise use 'd' - now which are you going to use, 'c' or 'd'?).
>Part of my ip masq script:
Ummm, OK... but if this is on '192.168.0.1' this _should_ have nothing to
do with how 192.168.0.0/19 reaches 10.0.0.0/8 - don't send this crap to
me - send it to 192.168.1.200. This is to say that the _other_ hosts
on 192.168.0.0/19 shouldn't be sending packets for 10.0.0.0 to this box,
as this box isn't "the way to San Jose".
>I have it masqing the 10.0.0.0 because I was told that they need the
>10.x.x.x network to connect externally through my router. ?? I don't
>know why. "They" being the people setting up the voip.
My security people would be having a heart attack, but we're paranoid.
There isn't enough information to know if this connection is in the best
interest of your company.
>I was thinking the ip route would fix my problem. Do I need some kind
>of special forwarding iptable? Can what I want to do be done? I'm
>hoping I'm just doing something stupid, but I don't know what it
>is. I'm going to continue searching, but I haven't had much luck
>yet.
Everyone has to know the address of the next hop router. Your 192.168.0.0/19
hosts have to know that the way to the world is through 192.168.0.1, but the
way to 10.0.0.0/8 is through 192.168.1.200. I'm assuming that the hosts
over on 10.0.0.0/8 know to use the 10.x.y.z address that is the other side
of 192.168.1.200 in order to reach 192.168.0.0/19. They may also know to
use that address to reach the world, which means 192.168.1.200 is smart
enough to forward those packets to 192.168.0.1 (for masquerading out to
the world) AND the 192.168.0.1 knows how to reach 10.0.0.0/8 by sending
those packets to 192.168.1.200.
For more help on this mess, have a look at Olaf Kirch's "Linux Network
Administrator's Guide" from the Linux Documentation Project
(
http://tldp.org/guides.html - but it might be on your system in
/usr/share/doc/LDP/nag2/), or if you want the dead tree version, get it
from O'Reilly (1st edition ISBN 1-56592-087-2, 2nd edition 1-56592-400-2,
3rd edition 0-596-00548-2 - each about US$35 list).
Old guy
Similar Threads
Linear Mode
