Chris Rennert <(E-Mail Removed)> wrote:
>Ok, from a PC on the 192.168.0.0/24 network I can ping
>192.168.1.1 and 192.168.0.1 with are the 2 nics on the Router.
>From a PC on the 192.168.1.0/24 network I can ping 192.168.1.1 ,
>but not 192.168.0.1. From the router I can ping every box on
>either network, and get to the internet (192.168.1.200 is my
>gateway to the Inet). I have enabled IP forwarding, and
>restarted and added the /proc/net/sys/ipv4/ip_forwarding to my
>rc.local file.
You'll also need to have the right routing on each and
every box.
>Destination Gateway Genmask Flags Metric Ref
>Use Iface
>192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
>192.168.0.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth1
>192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
>127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
>0.0.0.0 192.168.1.200
You didn't say which box this is, but I assume it is the Linux
router, and if so it explains why it isn't working.
Assuming the router's eth0 NIC is assigned 192.168.0.1 and the
eth1 NIC is assigned 192.168.1.1, here's what the router's table
needs to look like:
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.200
1) Every IP address in the 192.168.0.n range goes to eth0.
2) Every IP address in the 192.168.1.n range goes to eth1.
3) Every IP address in the 127.n.n.n range goes to lo.
4) All other IP addresses are sent to 192.168.1.200 on eth1.
Every box on the physical network that eth0 is connected to must
have an IP address in the 192.168.0.n range, and every box on
the physical network that eth1 is connected to must have an IP
address in the 192.168.1.n range.
Each box on the 192.168.0.n subnet must have routing which looks
like this (assuming the NIC on each box is eth0, though it could
be otherwise),
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 192.168.0.1 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.200
For a box with this routing, any packets sent to an address in
the range 192.168.0.n will cause an attempt to match a MAC address
on the Ethernet to the destination IP address. If there is no
match, an error is reported. If there is a match, the packet is
put on the wire with the MAC address that matched.
And packets sent to an address in the range of 192.168.1.n will
cause the MAC address association to be made with 192.168.0.1
rather than the destination IP address. Since there is a route
to 192.168.0.1 (the router) the MAC address for the router will
be matched and the packets put on the Ethernet addressed to the
router.
All IP addresses which are not matched in the route table will
be matched to the MAC address of the host assigned the
192.168.1.200 IP address.
Each box on the 192.168.1.n subnet must have routing which looks
like this,
192.168.0.0 192.168.1.1 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.200
This is essentially the same as the above, of course, with the
two physical networks swapped.
The above means that IP addresses in the subnet range for each
of the two subnets is sent directly to the addressed host on
the physical net, while any IP address in the other subnet range
will be sent to the router's interface on the physical net (with
the expectation that it will be forwarded onto the other physical
network).
You can also do odd things, such as use addresses that are not
in the appropriate ranges... but if you do there will have to be
a route table entry to match on *every* machine. Hence if you
put 192.168.0.201 on the router's eth1 physical network, a host
route (which is a network route with a netmask of
255.255.255.255) will be necessary to allow the router to find
it. The router would need an entry like this:
192.168.0.201 0.0.0.0 255.255.255.255 ... eth1
And every host on the 192.168.0.n physical net would need an
entry like this,
192.168.0.201 192.168.0.1 255.255.255.255 ... eth0
While every host on the 192.168.1.n physical net would need an
entry like this,
192.168.0.201 0.0.0.0 255.255.255.255 ... eth0
Another couple odd comments seem in order. You mentioned the
reason you split the physical network was a lack of IP
addresses. You could just more easily add more addresses to the
physical network and then you don't need forwarding.
Where each host has a route table entry that looks like this,
192.168.0.0 0.0.0.0 255.255.255.0 ... eth0
add another one like this:
192.168.1.0 0.0.0.0 255.255.255.0 ... eth0
And you can now have 500+ IP addresses on the same physical
network. Of course actually having that many hosts might also
serious congestion, so it isn't recommended unless you have an
unusual situation. My point is that the *number* of IP
addresses is not a reason to split a network. The amount of
traffic, or a need to isolate some hosts from others, would be
valid reasons.
If you actually have few machines, but are assigning IP
addresses in blocks (which might not all actually be used at any
given time), you can, for example, access the entire 192.168.n.n
range by using a netmask of 255.255.0.0 for route table entries.
There is a lot of flexibility available... and even more if you
go to the 10.n.n.n address range.
--
Floyd L. Davidson <http://web.newsguy.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska)
(E-Mail Removed)
Similar Threads
Linear Mode
