Dear all,
I'm getting close to figuring out IP routing in its simplest sense
now.
(In the following, .20.1 means 192.168.20.1)
4 machines:
| |
circle[.10.1]<-|->[.10.5]xerxes[.20.1]<-|->[.20.4]cambyses
| |
darius[10.4]<--|
|
Circle's routing tables tell it that .20.x destinations are to be
accessed through xerxes (.10.5), amoung other things:
[root@circle root]$ ip route
192.168.20.0/24 via 192.168.10.5 dev eth1
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.3
192.168.10.0/24 dev eth1 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.0.1 dev eth0
[root@circle root]$
The only route that I have explicitly added above (ie, with ip route
add), is this one:
192.168.20.0/24 via 192.168.10.5 dev eth1
the others were all set up with the setup of the network cards.
Xerxes' routing tables don't need to be anything other than dead
simple because xerxes has netcards on both the .10.x and .20.x nets,
so nothing to change here:
[root@xerxes root]$ ip route
192.168.20.0/24 dev eth1 scope link
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.5
127.0.0.0/8 dev lo scope link
default via 192.168.10.1 dev eth0
[root@xerxes root]$
Clients on the .20.x subnet need to know that the .10.x subnet is
reached through xerxes-if2 (.20.1). However, the default route
for clients on the .20.x subnet is through .20.1, so nothing to
change here:
[root@cambyses root]$ ip route
192.168.20.0/24 dev eth0 proto kernel scope link src 192.168.20.4
169.254.0.0/16 dev lo scope link
127.0.0.0/8 dev lo scope link
default via 192.168.20.1 dev eth0
[root@cambyses root]$
For clients on the .20.x subnet to be able to send and receive to the
..10.x subnet, the clients on the .10.x subnet must have a route
through to the .20.x subnet. This is where I get to my problem.
So, on, for example, darius (.10.4):
[root@darius root]$ ip route
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.4
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.10.1 dev eth0
This is the client "as it boots", without an explicit route to .20.x,
but with a default route to .10.1. Access to .20.x subnet doesn't
work (even though access from circle to .20.x works and circle is the
default route):
[root@darius root]$ ssh 192.168.20.4
(I press ctrl-c now, as this isn't working)
Add the route to .20.x explicitly, and all is ok:
[root@darius root]$ ip route add 192.168.20.0/24 via 192.168.10.5
[root@darius root]$ ssh 192.168.20.4
The authenticity of host '192.168.20.4 (192.168.20.4)' can't be established.
RSA key fingerprint is e5:b3:81:0f:6e:78:28:5d:26:f9:1c:29:64:61:06:fa.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.20.4' (RSA) to the list of known hosts.
root@192.168.20.4's password:
[root@cambyses root]$ echo Success!
Success!
What I don't understand is this:
If circle is set up to route packets for .20.x through xerxes (.10.5),
how come a .10.x client, using circle (.10.1) as its default route,
can't send packets to a .20.x client? Isn't this the point of routing
and having gateways?
I don't want to have to set up the individual clients with a route to
my .20.x network, I obviously would prefer to have gateways, such as
circle and xerxes, which do all the routing for the other machines.
Can someone advise me on where I am going wrong? I think I'm close
now. Please ignore the last rather long message I posted, as well.
thanks very much for reading,
Seb James.
|
Similar Threads
Linear Mode
