Discussion in 'Linux Networking' started by Chris Rennert, May 10, 2005.

  1. Hey all,

    I have an office situation where I am just about using up all my addresses. I would like to start another network using addresses, but also give those addresses the ability to
    access computers on the network. I believe a router is
    teh way I want to go, and I have a linux box set up with 2 nics and I am
    try to get it set up to allow that traffic through, but really I am at
    a loss. Could somebody point me in the right direction of what how-tos
    I should read. Or examples I could follow? Any help would be greatly


    Chris Rennert, May 10, 2005
    1. Advertisements

  2. Simply configure the two nics in your linux box and then tell it to forward
    packets from one interface to the other if needed (so both networks are
    connected). This is done by advising linux to do ip forwarding. By doing
    this your linux box acts as a router.

    To enable ip forwarding say:

    echo 1 > /proc/sys/net/ipv4/ip_forward

    This has to set each time you boot the machine, so put it in some
    init-script or something like this.

    Info about this can be found in several Networking howtows and
    in /usr/src/linux/Documentation/networking/*

    Have a nice day
    Rainer Krienke, May 10, 2005
    1. Advertisements

  3. Ok, from a PC on the network I can ping and with are the 2 nics on the Router. From a PC on the network I can ping , but not
    From the router I can ping every box on either network, and get to the
    internet ( is my gateway to the Inet). I have enabled IP
    forwarding, and restarted and added the /proc/net/sys/ipv4/ip_forwarding
    to my rc.local file.

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use
    Iface U 0 0 0 eth1 UG 0 0 0 eth1 U 0 0 0 eth0 U 0 0 0 lo

    Thanks again for your help, I am not sure what to do next, I am also
    going through the doc you pointed me to.


    Chris Rennert, May 10, 2005
  4. have an office situation where I am just about using up all my

    Just install a router (linux box) and add two nics and assign ip
    addresses from both the networks.

    .... and you might like to add this command on that router machine
    when accessing from network.

    #route add -net netmask gw

    or using iproute2

    #ip route add via

    Well, I wouldn't miss reading little more at

    Raqueeb Hassan, May 10, 2005
  5. Chris Rennert

    Benway Guest

    If you don't mind changing a few NIC configs you can do it with a
    netmask change.

    E.G. If you take an NIC with and change the
    netmask to it will be able to access 192.168.0 and
    192.168.1 with no router.
    Benway, May 10, 2005
  6. You'll also need to have the right routing on each and
    every box.
    You didn't say which box this is, but I assume it is the Linux
    router, and if so it explains why it isn't working.

    Assuming the router's eth0 NIC is assigned and the
    eth1 NIC is assigned, here's what the router's table
    needs to look like: U 0 0 0 eth0 U 0 0 0 eth1 U 0 0 0 lo

    1) Every IP address in the 192.168.0.n range goes to eth0.
    2) Every IP address in the 192.168.1.n range goes to eth1.
    3) Every IP address in the 127.n.n.n range goes to lo.
    4) All other IP addresses are sent to on eth1.

    Every box on the physical network that eth0 is connected to must
    have an IP address in the 192.168.0.n range, and every box on
    the physical network that eth1 is connected to must have an IP
    address in the 192.168.1.n range.

    Each box on the 192.168.0.n subnet must have routing which looks
    like this (assuming the NIC on each box is eth0, though it could
    be otherwise), U 0 0 0 eth0 U 0 0 0 eth0 U 0 0 0 lo

    For a box with this routing, any packets sent to an address in
    the range 192.168.0.n will cause an attempt to match a MAC address
    on the Ethernet to the destination IP address. If there is no
    match, an error is reported. If there is a match, the packet is
    put on the wire with the MAC address that matched.

    And packets sent to an address in the range of 192.168.1.n will
    cause the MAC address association to be made with
    rather than the destination IP address. Since there is a route
    to (the router) the MAC address for the router will
    be matched and the packets put on the Ethernet addressed to the

    All IP addresses which are not matched in the route table will
    be matched to the MAC address of the host assigned the IP address.

    Each box on the 192.168.1.n subnet must have routing which looks
    like this, U 0 0 0 eth0 U 0 0 0 eth0 U 0 0 0 lo

    This is essentially the same as the above, of course, with the
    two physical networks swapped.

    The above means that IP addresses in the subnet range for each
    of the two subnets is sent directly to the addressed host on
    the physical net, while any IP address in the other subnet range
    will be sent to the router's interface on the physical net (with
    the expectation that it will be forwarded onto the other physical

    You can also do odd things, such as use addresses that are not
    in the appropriate ranges... but if you do there will have to be
    a route table entry to match on *every* machine. Hence if you
    put on the router's eth1 physical network, a host
    route (which is a network route with a netmask of will be necessary to allow the router to find
    it. The router would need an entry like this: ... eth1

    And every host on the 192.168.0.n physical net would need an
    entry like this, ... eth0

    While every host on the 192.168.1.n physical net would need an
    entry like this, ... eth0

    Another couple odd comments seem in order. You mentioned the
    reason you split the physical network was a lack of IP
    addresses. You could just more easily add more addresses to the
    physical network and then you don't need forwarding.

    Where each host has a route table entry that looks like this, ... eth0

    add another one like this: ... eth0

    And you can now have 500+ IP addresses on the same physical
    network. Of course actually having that many hosts might also
    serious congestion, so it isn't recommended unless you have an
    unusual situation. My point is that the *number* of IP
    addresses is not a reason to split a network. The amount of
    traffic, or a need to isolate some hosts from others, would be
    valid reasons.

    If you actually have few machines, but are assigning IP
    addresses in blocks (which might not all actually be used at any
    given time), you can, for example, access the entire 192.168.n.n
    range by using a netmask of for route table entries.
    There is a lot of flexibility available... and even more if you
    go to the 10.n.n.n address range.
    Floyd L. Davidson, May 10, 2005
  7. Chris Rennert

    Wolf Guest

    The right solution is to move to an RFC 1918 Class B.

    What you can try doing is reconfiguring the network to You
    some space (subnetting does that) but think of it as room to grow without
    having to
    make more changes.

    Wolf, May 11, 2005
  8. Chris Rennert

    James Knott Guest

    If all the computers are on the same network, just change the subnet mask
    from /24 to /23, which will allow both 192.168.1.x and 192.168.2.x on the
    same lan segment.
    James Knott, May 11, 2005
  9. Chris Rennert

    James Knott Guest

    The right solution, is to learn what a subnet mask is for. Currently it's Change it to and all computers will be able
    to access the range from to
    James Knott, May 11, 2005
  10. Chris Rennert

    James Knott Guest


    That should be 192.168.0.x and 192.168.1.x
    James Knott, May 11, 2005
  11. Chris Rennert

    Wolf Guest

    True, true. Except he wants to use .1.0 and .2.0 so 254 won't help a whole
    without a router.
    Wolf, May 12, 2005
  12. Chris Rennert

    Guest Guest

    What A dim wad so use

    The Point is JUST CHANGE the netmask don't remake the whole network
    Guest, May 12, 2005
  13. Chris Rennert

    James Knott Guest

    I don't know that .2 is the only option. However, if he's set on it, he can
    use a /23 mask, which will give him the range of to
    James Knott, May 12, 2005
  14. Chris Rennert

    Ken Guest

    What a dim wad ... is not a valid netmask.
    Ken, May 12, 2005
  15. Chris Rennert

    Shadow_7 Guest

    What A dim wad so use
    AFAIK, netmask is a bitwise operator. So it would be valid. Conventional
    on the other hand is another question. Since 253 == 11111101, probably
    not the best choice if you're not that familiar with netmask to start with.

    Shadow_7, May 12, 2005
  16. Chris Rennert

    Ulf Volmer Guest

    It's not valid.

    Ulf Volmer, May 12, 2005
  17. Chris Rennert

    Wolf Guest

    He's right, it is not valid. That would be something like a /22.5?

    If he is willing to use .0.x, he can use a /23. If it has to be a .2.x per
    his email, or he sees it growing yet again in the future, I would move to
    172.16/16 or to which will give him the range between And plenty to spare.
    Wolf, May 12, 2005
  18. Chris Rennert

    Wolf Guest

    It is not a valid netmask. Inverse the netmask for a looksie since this is
    more supernetting then subnetting.
    Wolf, May 12, 2005
  19. Dim wad? Wow, is that your idea of help? I am glad you were blessed
    with the ability to just know how to do this. I am sure you never used
    help, and I apologize for straining your eyes on my inferior rhetoric.

    For those who did help me, I appreciate it. My whole reason for doing
    this was a proof of concept for myself. We are looking at building an
    addition onto our company, and instead of just carrying over the .1.0/24
    network I wanted to just create another network. If it was just for
    the IP problem alone, I would have changed the netmask (not like I knew
    this before I came here, but I do now.)

    So thank you all for the help! It is working now!

    Chris Rennert, May 12, 2005
  20. Chris Rennert

    Ken Guest

    Hi -

    You are right that 253 = 11111101.

    When a netmask is expressed as a string of 32 bits, once you hit the
    first 0 bit (working left to right), there cannot be any 1 bits after
    it. If there are, it is not a valid netmask.

    That's why the /xx notation works, it is the number of 1 bits. If the
    1 bits were not required to be contiguous, starting at the left, the
    /xx notation would be ambiguous.
    Ken, May 12, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.