Subnetting/Routing

Discussion in 'Linux Networking' started by Chris Rennert, May 10, 2005.

  1. Hey all,

    I have an office situation where I am just about using up all my
    192.168.1.0/24 addresses. I would like to start another network using
    192.168.2.0/24 addresses, but also give those addresses the ability to
    access computers on the 192.168.1.0/24 network. I believe a router is
    teh way I want to go, and I have a linux box set up with 2 nics and I am
    try to get it set up to allow that traffic through, but really I am at
    a loss. Could somebody point me in the right direction of what how-tos
    I should read. Or examples I could follow? Any help would be greatly
    appreciated!

    Thanks

    Chris
     
    Chris Rennert, May 10, 2005
    #1
    1. Advertisements

  2. Simply configure the two nics in your linux box and then tell it to forward
    packets from one interface to the other if needed (so both networks are
    connected). This is done by advising linux to do ip forwarding. By doing
    this your linux box acts as a router.

    To enable ip forwarding say:

    echo 1 > /proc/sys/net/ipv4/ip_forward

    This has to set each time you boot the machine, so put it in some
    init-script or something like this.

    Info about this can be found in several Networking howtows and
    in /usr/src/linux/Documentation/networking/*

    Have a nice day
    Rainer
     
    Rainer Krienke, May 10, 2005
    #2
    1. Advertisements

  3. Ok, from a PC on the 192.168.0.0/24 network I can ping 192.168.1.1 and
    192.168.0.1 with are the 2 nics on the Router. From a PC on the
    192.168.1.0/24 network I can ping 192.168.1.1 , but not 192.168.0.1.
    From the router I can ping every box on either network, and get to the
    internet (192.168.1.200 is my gateway to the Inet). I have enabled IP
    forwarding, and restarted and added the /proc/net/sys/ipv4/ip_forwarding
    to my rc.local file.

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use
    Iface
    192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
    192.168.0.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth1
    192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
    0.0.0.0 192.168.1.200


    Thanks again for your help, I am not sure what to do next, I am also
    going through the doc you pointed me to.

    thanks

    Chris
     
    Chris Rennert, May 10, 2005
    #3
  4. have an office situation where I am just about using up all my
    <snip>

    Just install a router (linux box) and add two nics and assign ip
    addresses from both the networks.

    .... and you might like to add this command on that router machine
    when accessing 192.168.2.0/24 from 192.168.1.0/24 network.

    #route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.1

    or using iproute2

    #ip route add 192.168.2.0/24 via 192.168.1.1.

    Well, I wouldn't miss reading little more at http://linux-ip.net/html/.

    HTH
     
    Raqueeb Hassan, May 10, 2005
    #4
  5. Chris Rennert

    Benway Guest

    If you don't mind changing a few NIC configs you can do it with a
    netmask change.

    E.G. If you take an NIC with 192.168.1.1/255.255.255.0 and change the
    netmask to 255.255.254.0 it will be able to access 192.168.0 and
    192.168.1 with no router.
     
    Benway, May 10, 2005
    #5
  6. You'll also need to have the right routing on each and
    every box.
    You didn't say which box this is, but I assume it is the Linux
    router, and if so it explains why it isn't working.

    Assuming the router's eth0 NIC is assigned 192.168.0.1 and the
    eth1 NIC is assigned 192.168.1.1, here's what the router's table
    needs to look like:

    192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
    127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
    0.0.0.0 192.168.1.200

    1) Every IP address in the 192.168.0.n range goes to eth0.
    2) Every IP address in the 192.168.1.n range goes to eth1.
    3) Every IP address in the 127.n.n.n range goes to lo.
    4) All other IP addresses are sent to 192.168.1.200 on eth1.

    Every box on the physical network that eth0 is connected to must
    have an IP address in the 192.168.0.n range, and every box on
    the physical network that eth1 is connected to must have an IP
    address in the 192.168.1.n range.

    Each box on the 192.168.0.n subnet must have routing which looks
    like this (assuming the NIC on each box is eth0, though it could
    be otherwise),

    192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    192.168.1.0 192.168.0.1 255.255.255.0 U 0 0 0 eth0
    127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
    0.0.0.0 192.168.1.200

    For a box with this routing, any packets sent to an address in
    the range 192.168.0.n will cause an attempt to match a MAC address
    on the Ethernet to the destination IP address. If there is no
    match, an error is reported. If there is a match, the packet is
    put on the wire with the MAC address that matched.

    And packets sent to an address in the range of 192.168.1.n will
    cause the MAC address association to be made with 192.168.0.1
    rather than the destination IP address. Since there is a route
    to 192.168.0.1 (the router) the MAC address for the router will
    be matched and the packets put on the Ethernet addressed to the
    router.

    All IP addresses which are not matched in the route table will
    be matched to the MAC address of the host assigned the
    192.168.1.200 IP address.

    Each box on the 192.168.1.n subnet must have routing which looks
    like this,

    192.168.0.0 192.168.1.1 255.255.255.0 U 0 0 0 eth0
    192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
    0.0.0.0 192.168.1.200

    This is essentially the same as the above, of course, with the
    two physical networks swapped.

    The above means that IP addresses in the subnet range for each
    of the two subnets is sent directly to the addressed host on
    the physical net, while any IP address in the other subnet range
    will be sent to the router's interface on the physical net (with
    the expectation that it will be forwarded onto the other physical
    network).

    You can also do odd things, such as use addresses that are not
    in the appropriate ranges... but if you do there will have to be
    a route table entry to match on *every* machine. Hence if you
    put 192.168.0.201 on the router's eth1 physical network, a host
    route (which is a network route with a netmask of
    255.255.255.255) will be necessary to allow the router to find
    it. The router would need an entry like this:

    192.168.0.201 0.0.0.0 255.255.255.255 ... eth1

    And every host on the 192.168.0.n physical net would need an
    entry like this,

    192.168.0.201 192.168.0.1 255.255.255.255 ... eth0

    While every host on the 192.168.1.n physical net would need an
    entry like this,

    192.168.0.201 0.0.0.0 255.255.255.255 ... eth0


    Another couple odd comments seem in order. You mentioned the
    reason you split the physical network was a lack of IP
    addresses. You could just more easily add more addresses to the
    physical network and then you don't need forwarding.

    Where each host has a route table entry that looks like this,

    192.168.0.0 0.0.0.0 255.255.255.0 ... eth0

    add another one like this:

    192.168.1.0 0.0.0.0 255.255.255.0 ... eth0

    And you can now have 500+ IP addresses on the same physical
    network. Of course actually having that many hosts might also
    serious congestion, so it isn't recommended unless you have an
    unusual situation. My point is that the *number* of IP
    addresses is not a reason to split a network. The amount of
    traffic, or a need to isolate some hosts from others, would be
    valid reasons.

    If you actually have few machines, but are assigning IP
    addresses in blocks (which might not all actually be used at any
    given time), you can, for example, access the entire 192.168.n.n
    range by using a netmask of 255.255.0.0 for route table entries.
    There is a lot of flexibility available... and even more if you
    go to the 10.n.n.n address range.
     
    Floyd L. Davidson, May 10, 2005
    #6
  7. Chris Rennert

    Wolf Guest

    The right solution is to move to an RFC 1918 Class B.

    What you can try doing is reconfiguring the network to 192.168.0.0/22. You
    waste
    some space (subnetting does that) but think of it as room to grow without
    having to
    make more changes.

    network 192.168.0.0
    bcast 192.168.3.255
    netmask 255.255.252.0
     
    Wolf, May 11, 2005
    #7
  8. Chris Rennert

    James Knott Guest

    If all the computers are on the same network, just change the subnet mask
    from /24 to /23, which will allow both 192.168.1.x and 192.168.2.x on the
    same lan segment.
     
    James Knott, May 11, 2005
    #8
  9. Chris Rennert

    James Knott Guest

    The right solution, is to learn what a subnet mask is for. Currently it's
    255.255.255.0. Change it to 255.255.254.0 and all computers will be able
    to access the range from 192.168.0.0 to 192.168.1.255.
     
    James Knott, May 11, 2005
    #9
  10. Chris Rennert

    James Knott Guest

    Correction.

    That should be 192.168.0.x and 192.168.1.x
     
    James Knott, May 11, 2005
    #10
  11. Chris Rennert

    Wolf Guest

    True, true. Except he wants to use .1.0 and .2.0 so 254 won't help a whole
    lot
    without a router.
     
    Wolf, May 12, 2005
    #11
  12. Chris Rennert

    Guest Guest

    What A dim wad so use 255.255.253.0

    The Point is JUST CHANGE the netmask don't remake the whole network
     
    Guest, May 12, 2005
    #12
  13. Chris Rennert

    James Knott Guest

    I don't know that .2 is the only option. However, if he's set on it, he can
    use a /23 mask, which will give him the range of 192.168.0.0 to
    192.168.3.255.
     
    James Knott, May 12, 2005
    #13
  14. Chris Rennert

    Ken Guest

    What a dim wad ... 255.255.253.0 is not a valid netmask.
     
    Ken, May 12, 2005
    #14
  15. Chris Rennert

    Shadow_7 Guest

    What A dim wad so use 255.255.253.0
    AFAIK, netmask is a bitwise operator. So it would be valid. Conventional
    on the other hand is another question. Since 253 == 11111101, probably
    not the best choice if you're not that familiar with netmask to start with.

    Shadow_7
     
    Shadow_7, May 12, 2005
    #15
  16. Chris Rennert

    Ulf Volmer Guest

    It's not valid.

    cu
    ulf
     
    Ulf Volmer, May 12, 2005
    #16
  17. Chris Rennert

    Wolf Guest

    He's right, it is not valid. That would be something like a /22.5?

    If he is willing to use .0.x, he can use a /23. If it has to be a .2.x per
    his email, or he sees it growing yet again in the future, I would move to
    172.16/16 or to 192.168.0.0/22 which will give him the range between
    192.168.1.0-192.168.3.255. And plenty to spare.
     
    Wolf, May 12, 2005
    #17
  18. Chris Rennert

    Wolf Guest

    It is not a valid netmask. Inverse the netmask for a looksie since this is
    more supernetting then subnetting.
     
    Wolf, May 12, 2005
    #18
  19. Dim wad? Wow, is that your idea of help? I am glad you were blessed
    with the ability to just know how to do this. I am sure you never used
    help, and I apologize for straining your eyes on my inferior rhetoric.

    For those who did help me, I appreciate it. My whole reason for doing
    this was a proof of concept for myself. We are looking at building an
    addition onto our company, and instead of just carrying over the .1.0/24
    network I wanted to just create another network. If it was just for
    the IP problem alone, I would have changed the netmask (not like I knew
    this before I came here, but I do now.)

    So thank you all for the help! It is working now!

    Chris
     
    Chris Rennert, May 12, 2005
    #19
  20. Chris Rennert

    Ken Guest

    Hi -

    You are right that 253 = 11111101.

    When a netmask is expressed as a string of 32 bits, once you hit the
    first 0 bit (working left to right), there cannot be any 1 bits after
    it. If there are, it is not a valid netmask.

    That's why the /xx notation works, it is the number of 1 bits. If the
    1 bits were not required to be contiguous, starting at the left, the
    /xx notation would be ambiguous.
     
    Ken, May 12, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.