Routing between two networks on linux with different netmask and broadcast?
Solution 1
Your 192.168.0.0/16
(192.168.0.0 - 255.255
) contains 192.168.1.0/24
(192.168.1.0-255
). Therefore, you can't have route from ServerA to ClientX via ServerB.
Let's keep as much of the variables as is and only modify the necessary:
Keep:
- ClientX configuration as is.
- ServerB
eth0
as is. - ServerA IP address
192.168.255.254
andBcast=192.168.255.255
.
Change:
- ServerA netmask to
255.255.255.0
. -
ServerB
eth1
:auto eth1 iface eth1 inet static address 192.168.255.253 netmask 255.255.255.0 broadcast 192.168.255.255
Of course you can use wider netmask between ServerA and ServerB, as long as it doesn't overlap with 192.168.1.0/24
; the /17
i.e. netmask 255.255.128.0
i.e. 192.168.128.0 - 192.168.255.255
being the widest range possible.
This being just a quick solution to the exact problem, please introduce yourself with CIDR.
Now, based on comments. Let's say you have many servers and would like to use every single one as a router from it's own subnet to 192.168.255.0/24
, ServerA being 192.168.255.254
. You could use a simple pattern in your configuration, where the 192.168.255.254/24
works as the network between servers, the other being client-server networks.
eth0 eth1
ServerB 192.168.1.253 192.168.255.1
ServerC 192.168.2.253 192.168.255.2
ServerD 192.168.3.253 192.168.255.3
...
Server<N> 192.168.N.253 192.168.255.N
Assuming eth0
works as a default gateway to clients behind that particular server, every client is able to connect to ServerA via the intermediate servers. However, ServerA has default route 0.0.0.0
via its own default gateway (unknown to us). That includes everything but its own subnet. You'll need to add one route per every subnet behind other servers, i.e.
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.255.1
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.255.2
route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.255.3
...
route add -net 192.168.N.0 netmask 255.255.255.0 gw 192.168.255.N
You could make this persistent through the /etc/network/interfaces
on ServerA, e.g.
auto eth0
iface eth0 inet static
address 192.168.255.254
netmask 255.255.255.0
broadcast 192.168.255.255
up route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.255.1
up route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.255.2
up route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.255.3
down route del -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.255.1
down route del -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.255.2
down route del -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.255.3
Solution 2
I cant comment on the Linux setup (I don't know anything about linux) but if I were you id take a look at the IP Addressing scheme you have used.
ServerA is on the 192.168.0.0/16 network, it is trying to access a client1 on another subnet with the IP Address 192.168.1.252/24.
The problem is that ServerA will use its Subnetmask when working out whether Client1 is on the same subnet as it or not. if it thinks Client1 is on the same subnet then ServerA will try and communicate directly with CLient1 and not send traffic to the router.
Using the IP addressing scheme in the question. ServerA will see its network as 192.168.0.0/16 and using its own Subnetmask will think Client1 is also on the 192.168.0.0/16 network as well.
do all the things you need to do in Linux to enable routing but then try changing the network ID on the client side to a different network address perhaps:
172.16.0.0/16 or 10.0.0.0/8
Or anything that does start 192.168
alternatively you could change the Network ID of the network that serverA is on to 192.168.0.0/24 that would work too,
Related videos on Youtube
stahlstngel
Updated on September 18, 2022Comments
-
stahlstngel over 1 year
Ethernet Network:
ServerA; IP=192.168.255.254; Mask=255.255.0.0; Bcast=192.168.255.255 | | eth1 IP=192.168.1.254; Mask=255.255.0.0; Bcast=192.168.255.255 ServerB DHCP: 192.168.1.1 - 192.168.1.252 eth0 IP=192.168.1.253; Mask 255.255.255.0; Bcast=192.168.1.255 | | Client1..252 IP over DHCP (192.168.1.1 - 192.168.1.252)
How can I connect/route to communicate between a ClientX and ServerA?
_
Ping between ClientX and ServerB works.
Ping between ServerA and ServerB works.
_
I tried Routing between two networks on linux? to route between eth0 and eth1 but didn't worked.
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.1.253 netmask 255.255.255.0 broadcast 192.168.1.255 auto eth1 iface eth1 inet static address 192.168.1.254 netmask 255.255.0.0 broadcast 192.168.255.255
/etc/network/interfaces
interface=eth0 no-dhcp-interface=eth1 dhcp-range=interface:eth0,192.168.1.1,192.168.1.252,1
/etc/dnsmasq.conf
----------------------------------UPDATE 1------------------------------------
ServerA; IP=192.168.255.254; Mask=255.255.255.0; Bcast=192.168.255.255 | | eth1 IP=192.168.255.1; Mask=255.255.255.0; Bcast=192.168.255.255 ServerB DHCP: 192.168.1.1 - 192.168.1.253 eth0 IP=192.168.1.254; Mask 255.255.255.0; Bcast=192.168.1.255 | | Client1..253 IP over DHCP (192.168.1.1 - 192.168.1.253)
Routing:
sysctl -w net.ipv4.ip_forward=1 iptables -A INPUT -i lo -j ACCEPT # Always accept loopback traffic iptables -A INPUT -i eth0 -j ACCEPT # We allow traffic from the LAN side iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow established connections iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE # Masquerade iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT # fowarding iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT # Allow outgoing connections from the LAN side.
Result:
Ping from ClientX to ServerA works, but not from ServerA to ClientX:
$ ping 192.168.1.119 PING 192.168.1.119 (192.168.1.119) 56(84) bytes of data. From 192.168.255.254 icmp_seq=1 Destination Host Unreachable From 192.168.255.254 icmp_seq=2 Destination Host Unreachable …
----------------------------------UPDATE 2 without iptables (Solution)------------------------------------
Network according to UPDATE 1:
ServerA | |------------------|------------------|-------------… eth1 eth1 eth1 ServerB ServerC ServerD eth0 eth0 eth0 | | | | | … ClientX network ClientY network
Routing on ServerA:
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.255.1 route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.255.2 … route add -net 192.168.N.0 netmask 255.255.255.0 gw 192.168.255.N
Forwarting on ServerB:
sysctl -w net.ipv4.ip_forward=1
Ping between all network participant are working without iptables.
-
Admin almost 7 yearsThere is no internet connection for any system (not for ServerA, not for ServerB or any Client)!
-
-
stahlstngel almost 7 yearsIs this not the same as "echo 1 >> /proc/sys/net/ipv4/ip_forward" from the link? But also with the forward option there is no communication.
-
stahlstngel almost 7 yearseth0 inet addr:192.168.1.253 Bcast:192.168.1.255 Mask:255.255.0.0___ eth1 inet addr:192.168.1.254 Bcast:192.168.255.255 Mask:255.255.0.0_ When I change the subnetmask to the same network and "sysctl -w net.ipv4.ip_forward=1": ServerA is no longer reachable on the network.
-
Michael Brown almost 7 yearsi think that's the problem, its addressing scheme is overlapping with the other Interface
-
stahlstngel almost 7 yearsThe same happens when I additional change the Broadcast to 192.168.255.255 for eth1 and eth0.
-
Michael Brown almost 7 yearsHi don't change both, I would just change one of them, maybe change the Subnet that the serverA is on to 192.168.0.0/24 and make a sure that ServerA and int eth0 have addresses between 192.168.0.1/24 and 192.168.0.254/24 t
-
stahlstngel almost 7 yearsServerB is the only the first Server under ServerA. Beside ServerB (192.168.1.XXX) comes ServerC (192.168.2.XXX) and ServerD (192.168.3.XXX)....and so on. Therefore I need a /16 network between ServerA and ServerB.
-
Esa Jokinen almost 7 yearsNo, you don't. Simply, because this configuration wouldn't work. Let's say you have 40 servers and would like to use every single one as a router from it's own subnet to
192.168.255.0/24
, server A being192.168.255.254
. You could use a simple pattern betweeneth0
/eth1
configuration:192.168.1.253
/192.168.255.1
;192.168.2.253
/192.168.255.2
; ...192.168.N.253
/192.168.255.N
; Now, the192.168.255.254/24
works as the network between servers, the other being client-server networks. -
stahlstngel almost 7 yearsOkay...I understand. Nice idea. I configured everything as mentioned. But still ping from ServerA to ClientX says "Destination Host Unreachable". I also did "sysctl -w net.ipv4.ip_forward=1". What did I miss???
-
stahlstngel almost 7 yearsVia iptables I am now able to ping ServerA from ClientX. But ServerA can not reach the Clients network. What did I miss?
-
Esa Jokinen almost 7 yearsI completed my answer by adding information on how to set all routes from ServerA to clients.
-
stahlstngel almost 7 yearsThanks so much. The network is working correct. Even without iptables what keeps the kernel small and the configuration simple over the route command