linux as router

Hi there,
sorry for the newbye question.

Im trying to setup my linux (knoppix 3.3 kernel 2.4.24) as a router.

I have different PCs having different IP addresses like:
10.223.29.x 255.255.255.0 gw 10.223.29.1
10.223.30.x 255.255.255.0 gw 10.223.30.1
10.223.31.x 255.255.255.0 gw 10.223.31.1

and my linux to which i assigned three different IPs to the same eth0
NIC:
eth0 ip= 10.223.29.1 nm =255.255.255.0
eth0:1 ip=10.223.30.1 nm=255.255.255.0
eth0:2 ip= 10.223.31.1 nm=255.255.255.0

which i want to be the router for all the PCs. All the PCs are
connected to the same physical network.I'd like that all the PCs may
"talk" each other.

I also put "1" in /proc/sys/net/ipv4/ip_forward.

It's not enough! What do i have to do more?

Please help me! thanks in advance
F.

Why do you made it so difficult and assigned 3 ip's to one machine?

Is this necessary?


(E-Mail Removed) wrote:
> Hi there,
> sorry for the newbye question.
>
> Im trying to setup my linux (knoppix 3.3 kernel 2.4.24) as a router.
>
> I have different PCs having different IP addresses like:
> 10.223.29.x 255.255.255.0 gw 10.223.29.1
> 10.223.30.x 255.255.255.0 gw 10.223.30.1
> 10.223.31.x 255.255.255.0 gw 10.223.31.1
>
> and my linux to which i assigned three different IPs to the same eth0
> NIC:
> eth0 ip= 10.223.29.1 nm =255.255.255.0
> eth0:1 ip=10.223.30.1 nm=255.255.255.0
> eth0:2 ip= 10.223.31.1 nm=255.255.255.0
>
> which i want to be the router for all the PCs. All the PCs are
> connected to the same physical network.I'd like that all the PCs may
> "talk" each other.
>
> I also put "1" in /proc/sys/net/ipv4/ip_forward.
>
> It's not enough! What do i have to do more?
>
> Please help me! thanks in advance
> F.

(E-Mail Removed) wrote:
> Hi there,
> sorry for the newbye question.
>
> Im trying to setup my linux (knoppix 3.3 kernel 2.4.24) as a router.
>
> I have different PCs having different IP addresses like:
> 10.223.29.x 255.255.255.0 gw 10.223.29.1
> 10.223.30.x 255.255.255.0 gw 10.223.30.1
> 10.223.31.x 255.255.255.0 gw 10.223.31.1
>
> and my linux to which i assigned three different IPs to the same eth0
> NIC:
> eth0 ip= 10.223.29.1 nm =255.255.255.0
> eth0:1 ip=10.223.30.1 nm=255.255.255.0
> eth0:2 ip= 10.223.31.1 nm=255.255.255.0
>
> which i want to be the router for all the PCs. All the PCs are
> connected to the same physical network.I'd like that all the PCs may
> "talk" each other.
>
> I also put "1" in /proc/sys/net/ipv4/ip_forward.
>
> It's not enough! What do i have to do more?

OK.

The crystal ball is being repaired, so we need
some information of the set-up:

Are the 'PCs' Windows machines?
Can you ping the Linux machine from the PCs?
Can you ping the PCs from the Linux machine?
What do you mean by "it's not enough"?
What did you try that did not work?
Does your Linux machine have a firewall set up?

Please note that a Windows SMB network is intended to
be in a single subnet without extra measures taken on
the Windows side (which is off-topic here), so it
is not intended to work in a network like this.

Please post the responses of the Linux machine for the commands:

ifconfig -a
route -n
iptables -nvL

Please copy, do not attempt to interpret or modify the responses.

--

Tauno Voipio
tauno voipio (at) iki fi

Thomas Bosch <t-(E-Mail Removed)> writes:

>Why do you made it so difficult and assigned 3 ip's to one machine?

I agree. This is just silly.

>Is this necessary?


>(E-Mail Removed) wrote:
>> Hi there,
>> sorry for the newbye question.
>>
>> Im trying to setup my linux (knoppix 3.3 kernel 2.4.24) as a router.
>>
>> I have different PCs having different IP addresses like:
>> 10.223.29.x 255.255.255.0 gw 10.223.29.1
>> 10.223.30.x 255.255.255.0 gw 10.223.30.1
>> 10.223.31.x 255.255.255.0 gw 10.223.31.1

Unless you have over 500 PCs on your net, why do you not just use one
subnet.
Or if you have that many use
10.223.x.y 255.255.0.0 gw 10.223.0.1


>>
>> and my linux to which i assigned three different IPs to the same eth0
>> NIC:
>> eth0 ip= 10.223.29.1 nm =255.255.255.0
>> eth0:1 ip=10.223.30.1 nm=255.255.255.0
>> eth0:2 ip= 10.223.31.1 nm=255.255.255.0

Why?

>>
>> which i want to be the router for all the PCs. All the PCs are
>> connected to the same physical network.I'd like that all the PCs may
>> "talk" each other.

Then why in the world make it so hard for them to do so. "I want to win a
race but I am tying my left arm to my right ankle. How can I win the race?"

>>
>> I also put "1" in /proc/sys/net/ipv4/ip_forward.
>>
>> It's not enough! What do i have to do more?

Simplify.

>>
>> Please help me! thanks in advance
>> F.

(E-Mail Removed) wrote:
> Hi there,
> sorry for the newbye question.
>
> Im trying to setup my linux (knoppix 3.3 kernel 2.4.24) as a router.
>
> I have different PCs having different IP addresses like:
> 10.223.29.x 255.255.255.0 gw 10.223.29.1
> 10.223.30.x 255.255.255.0 gw 10.223.30.1
> 10.223.31.x 255.255.255.0 gw 10.223.31.1
>
> and my linux to which i assigned three different IPs to the same eth0
> NIC:
> eth0 ip= 10.223.29.1 nm =255.255.255.0
> eth0:1 ip=10.223.30.1 nm=255.255.255.0
> eth0:2 ip= 10.223.31.1 nm=255.255.255.0
>
> which i want to be the router for all the PCs. All the PCs are
> connected to the same physical network.I'd like that all the PCs may
> "talk" each other.
>
> I also put "1" in /proc/sys/net/ipv4/ip_forward.
>
> It's not enough! What do i have to do more?
>
> Please help me! thanks in advance
> F.
>
You probably have iptables running.
You can stop it:
/etc/init.d/iptables stop

and check if things are going better ( do not do this on a
internet-accessible server ! ).
If it helps then gather some info about "iptables" "linux firewall" and
see what's good for you!

> eth0 ip= 10.223.29.1 nm =255.255.255.0
> eth0:1 ip=10.223.30.1 nm=255.255.255.0
> eth0:2 ip= 10.223.31.1 nm=255.255.255.0
>

I'm missing something. You use ip aliasing. This means that all ip traffic is
coming on the same wire. You would have to use vlan trunking for this to work
perfectly. I don't see that in you configs. This probably means, that you have
all subnets in one wire. If you do, then i must ask: what is the purpose of
having three /24 subnets? Why not put all workstations in one subnet and
eliminate the need for the router? Why don't you shorten your network mask from
/24 to /19? This would place all three subnets in one: 10.223.0.0 -
10.223.31.255. No need for a router.

Regards
Adam

Thomas Bosch wrote:
> Why do you made it so difficult and assigned 3 ip's to one machine?
>
> Is this necessary?
>

Yes.

They are three different subnets, sharing the same physical wire.
But they still need a router to talk to each other.

Steve

Adam KOSA wrote:
>> eth0 ip= 10.223.29.1 nm =255.255.255.0
>> eth0:1 ip=10.223.30.1 nm=255.255.255.0
>> eth0:2 ip= 10.223.31.1 nm=255.255.255.0
>>
>
> I'm missing something. You use ip aliasing. This means that all ip
> traffic is coming on the same wire. You would have to use vlan trunking
> for this to work perfectly. I don't see that in you configs. This
> probably means, that you have all subnets in one wire. If you do, then
> i must ask: what is the purpose of having three /24 subnets? Why not
> put all workstations in one subnet and eliminate the need for the
> router? Why don't you shorten your network mask from /24 to /19? This
> would place all three subnets in one: 10.223.0.0 - 10.223.31.255. No
> need for a router.
>

It would also then involve reconfiguring every PC, and would
break connectivity to every other /24 subnet in the rest of the
corporate network that you had also incorporated into the larger
subnet. Then there are issues with some routing protocols not
supporting VLSM.

You don't need VLAN trunking for this to work - it is a fairly
standard setup when a site has outgrown the /24 subnet it was
originally assigned. The PCs can NOT talk directly to each other
because they _expect_ to talk to a router - their subnet mask
tells them to do that.

Steve

Steve Horsley wrote:

> Thomas Bosch wrote:
>> Why do you made it so difficult and assigned 3 ip's to one machine?
>>
>> Is this necessary?
>>
>
> Yes.
>
> They are three different subnets, sharing the same physical wire.
> But they still need a router to talk to each other.
>
> Steve

Yes, okay, but why using three subnets? With only 3 pc's there is no need
for this. Why not all in one subnet?

In the Usenet newsgroup comp.os.linux.networking, in article
<dktlnv$lsa$(E-Mail Removed)>, Steve Horsley wrote:

>Thomas Bosch wrote:
>
>> Why do you made it so difficult and assigned 3 ip's to one machine?
>>
>> Is this necessary?
>
>Yes.
>
>They are three different subnets, sharing the same physical wire.

Why? What media - coax? That would be the only reasonable explanation
I could think of to do this. Were it twisted pair or fiber, the networks
can usually be separated with not the greatest effort. Wireless?
While security has been improved by using WPA, I've not seen enough
security of links in a crowded environment (never mind the RFI problems)
to use these in a business setup.

In the 1980s, our subnets were designed with a 255.255.252.0 mask, allowing
1000 hosts on a single collision domain. By the mid 1990s, we were installing
EtherSwitches to break up the physical links to no more than 70 hosts on a
single segment (while retaining the same mask). Now, nearly all of our
subnets are on switches to avoid congestion.

>But they still need a router to talk to each other.

Yes, but most routers recognize they are wasting their time doing this,
and be barfing out ICMP type 5 errors when they see source and destination
hosts are on the same hose.

Old guy