subnet to subnet routing question

Discussion in 'Linux Networking' started by S James, Sep 4, 2003.

  1. S James

    S James Guest

    Dear all,

    I'm getting close to figuring out IP routing in its simplest sense
    now.

    (In the following, .20.1 means 192.168.20.1)

    4 machines:

    | |
    circle[.10.1]<-|->[.10.5]xerxes[.20.1]<-|->[.20.4]cambyses
    | |
    darius[10.4]<--|
    |

    Circle's routing tables tell it that .20.x destinations are to be
    accessed through xerxes (.10.5), amoung other things:

    [[email protected] root]$ ip route
    192.168.20.0/24 via 192.168.10.5 dev eth1
    192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.3
    192.168.10.0/24 dev eth1 scope link
    127.0.0.0/8 dev lo scope link
    default via 192.168.0.1 dev eth0
    [[email protected] root]$

    The only route that I have explicitly added above (ie, with ip route
    add), is this one:

    192.168.20.0/24 via 192.168.10.5 dev eth1

    the others were all set up with the setup of the network cards.

    Xerxes' routing tables don't need to be anything other than dead
    simple because xerxes has netcards on both the .10.x and .20.x nets,
    so nothing to change here:

    [[email protected] root]$ ip route
    192.168.20.0/24 dev eth1 scope link
    192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.5
    127.0.0.0/8 dev lo scope link
    default via 192.168.10.1 dev eth0
    [[email protected] root]$

    Clients on the .20.x subnet need to know that the .10.x subnet is
    reached through xerxes-if2 (.20.1). However, the default route
    for clients on the .20.x subnet is through .20.1, so nothing to
    change here:

    [[email protected] root]$ ip route
    192.168.20.0/24 dev eth0 proto kernel scope link src 192.168.20.4
    169.254.0.0/16 dev lo scope link
    127.0.0.0/8 dev lo scope link
    default via 192.168.20.1 dev eth0
    [[email protected] root]$

    For clients on the .20.x subnet to be able to send and receive to the
    ..10.x subnet, the clients on the .10.x subnet must have a route
    through to the .20.x subnet. This is where I get to my problem.

    So, on, for example, darius (.10.4):
    [[email protected] root]$ ip route
    192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.4
    169.254.0.0/16 dev eth0 scope link
    127.0.0.0/8 dev lo scope link
    default via 192.168.10.1 dev eth0

    This is the client "as it boots", without an explicit route to .20.x,
    but with a default route to .10.1. Access to .20.x subnet doesn't
    work (even though access from circle to .20.x works and circle is the
    default route):

    [[email protected] root]$ ssh 192.168.20.4
    (I press ctrl-c now, as this isn't working)

    Add the route to .20.x explicitly, and all is ok:

    [[email protected] root]$ ip route add 192.168.20.0/24 via 192.168.10.5
    [[email protected] root]$ ssh 192.168.20.4
    The authenticity of host '192.168.20.4 (192.168.20.4)' can't be established.
    RSA key fingerprint is e5:b3:81:0f:6e:78:28:5d:26:f9:1c:29:64:61:06:fa.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.20.4' (RSA) to the list of known hosts.
    [email protected]'s password:
    [[email protected] root]$ echo Success!
    Success!

    What I don't understand is this:

    If circle is set up to route packets for .20.x through xerxes (.10.5),
    how come a .10.x client, using circle (.10.1) as its default route,
    can't send packets to a .20.x client? Isn't this the point of routing
    and having gateways?

    I don't want to have to set up the individual clients with a route to
    my .20.x network, I obviously would prefer to have gateways, such as
    circle and xerxes, which do all the routing for the other machines.

    Can someone advise me on where I am going wrong? I think I'm close
    now. Please ignore the last rather long message I posted, as well.


    thanks very much for reading,

    Seb James.
     
    S James, Sep 4, 2003
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.