Route command and non-local gateways
15/04/2018 15:30
Hi all, I'm struggling with a route I'm trying to install on a workstation(Linux 2.4.22, but I think this is common to other OSes as well).

Assume that the workstation (WS1) sits on network 10.1.1.0/24 and thatthere is a gateway (GW1) off this subnet at 10.1.1.1. Also directlyconnected to GW1 is subnet 10.1.2.0/24, and in that subnet sits afirewall (FW1) at 10.1.2.2, with the Internet-at-large the otherside ofit. (Sorry, I don't do ASCII Art, and if you saw my attempts at it,you'd agree!). Internet routes are not propogated into the internalnetwork, nor is there a default route injected.

Now, there is an Internet connected host (H1) to which I need to make aconnection from WS1. FW1 has a rule inserted to catch the traffic fromWS1 to H1, Hide-NAT and forward the traffic. This does require that WS1have a static route to H1 via FW1. This is where I run intodifficulties.

I've tried adding the route like: WS1# route add -host H1 gw 10.1.2.2 but I get SIOCADDRT: Network is unreachable even though 10.1.2.2 isreachable, by dint of the default route to 10.1.1.1 So, I tried: WS1# route add -host 10.1.2.2 gw 10.1.1.1followed by: WS1# route add -host H1 gw 10.1.2.2but still SIOCADDRT: Network is unreachable According to the man page for route, NOTE: The specified gateway mustbe reachable first. This usually means that you have to set up a staticroute to the gateway beforehand.

ISTM that I've done that, but obviously I'm missing something. Cananybody point me at what I'm getting wrong, please? btw, I've tried this from a box in 10.1.2.0, and all works as I expect(ie I can connect to H1, and the log on FW1 shows the traffic beingNATed and forwarded). As a workaround, I've configured on WS1 a staticroute to H1 via GW1, and on GW1 I've configured a static route to H1via FW1, but this is not acceptable longterm.

Many thanks in anticipation of any help.

Steve

Source is Usenet: comp.os.linux.networking
Sign in to add a comment

Answer score: 5
15/04/2018 15:30 - +-----+| H1 |+--+--+ | y.y.y.y | Internet | eth0: x.x.x.x+--+--+| FW1 |+--+--+ | eth1: 10.1.2.2/24 | | eth0: 10.1.2.1/24+--+--+| GW1 |+--+--+ | eth1: 10.1.1.1/24 | | eth0: 10.1.1.x/24+--+--+| WS1 |+-----+ 1) WS1 should have default gw set to 10.1.1.1. GW1 should forward traffic between eth0 and eth1 with default gw as 10.1.2.2. FW1 should have a route for 10.1.1.0/24 pointing to 10.1.2.1 and do NAT both for 10.1.1.0/24 and 10.1.2.0/24.

2) WS1 should have default gw as 10.1.1.1. GW1 should do NAT from 10.1.1.0/24 to 10.1.2.1. FW1 should already be correct.

Personally, I don't like double NAT so I would go for no 1.


Source is Usenet: comp.os.linux.networking
Sign in to add a comment

Answer score: 5
15/04/2018 15:30 - Thanks for the reply. Option 1 is broadly similar to the workaroundthat I have in place. However, this is all part of a large corporateinternetwork - GW1 participates in a multi-area OSPF domain, which inturn exchanges routes with BGP internally within the organisation. Thisis why I do not want to either install on FW1 a default route via GW1,or leave the static route on GW1 to H1 via FW1, as this is distributedinto OSPF.

I've got the option of moving WS1 into 10.1.1.x, which is looking likemy most feasible solution right now, it's just that the doc for theroute command seems (to me) to be saying that what I want to do isfeasible. Oh well.

CheersSteve

Source is Usenet: comp.os.linux.networking
Sign in to add a comment

Answer score: 5
15/04/2018 15:30 - First, any route on WS1 can only point to the next hop. In your case, this is GW1. You can not insert a route on WS1 pointing directly to the other side of GW1 (in this case FW1 and/or H1).

Even if GW1 is a L3 switch, it probably already have a default route thru OSPF. As long as your Internet is accessed thru FW1, the default route should already point in the right direction ? Anyway, it is difficult to tell you what to do when the topology of your network is unknown, ie where are your border router (running BGP and OSPF on separate interfaces ?) and where are your OSPF routers.

Anyway, instead of a default route on GW1 you may try this static one: route add -host IP.ADR.OF.H1 gw 10.1.2.2 dev eth0 This should send packets addressed to H1 via GW1 to FW1. Then FW1 hopefully can send the packet to H1. Return packets will be routed to GW1 because of your newly inserted rule on FW1 route add -net 10.1.1.0/24 gw 10.1.2.1 dev eth1 Hopefully GW1 know how to route the packet from GW1 to WS1.


Source is Usenet: comp.os.linux.networking
Sign in to add a comment

Answer score: 5
15/04/2018 15:30 - Thanks.

I really cannot install a default route via FW1 into GW1, though. If Ido, that default route will be propogated through the OSPF area (inthis case, Area 0 (the backbone area)). This is where the problem lies,and why I wanted to install the static route in WS1 via a non-localgateway, as the doc seems to say that I can. (Btw, good spot about thedifferent prefix lengths - I was just testing! Actually, the host thatI took the route table off is one where I've been trying to replicate asetup out in userland, and whilst the test net I'm using is a /23, theuser's network is actually a /22, but for the sake of keeping thediscussion as simple as I could, I used ficticious /24s).

Thanks so much for your input, though.

Steve

Source is Usenet: comp.os.linux.networking
Sign in to add a comment

Answer score: 5
15/04/2018 15:30 - Disregarding your BGP/OSPF setup, this is the routes you will need (based upon option 1): WS1: the routes in your reply to Unruh should be OK, except you described /24 networks while your routing table is /23.

Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface10.1.1.0 * 255.255.255.0 U 0 0 0 eth0127.0.0.0 * 255.0.0.0 U 0 0 0 lo0.0.0.0 10.1.1.1 0.0.0.0 UG 1 0 0 eth0 GW1: routes to 10.1.1.0/24 and 10.1.2.0/24 should be set when your eth's come up, default gw should also be 10.1.2.2/24. If not, do route add -net 10.1.1.0 netmask 255.255.255.0 dev eth1route add -net 10.1.2.0 netmask 255.255.255.0 dev eth0route add default gw 10.1.2.2 dev eth0 Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface10.1.2.0 * 255.255.255.0 U 0 0 0 eth010.1.1.0 * 255.255.255.0 U 0 0 0 eth1127.0.0.0 * 255.0.0.0 U 0 0 0 lo0.0.0.0 10.1.2.2 0.0.0.0 UG 1 0 0 eth0 FW1: here you must add a static route to WS1 thru GW1. You also need NAT from the 10.1.1.0/24 net (as is done with the 10.1.2.0/24 net): route add -net 10.1.1.0/24 gw 10.1.2.1 dev eth1 Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Ifacexx.xx.xx.xx * xx.xx.xx.xx U 0 0 0 eth010.1.2.0 * 255.255.255.0 U 0 0 0 eth110.1.1.0 10.1.2.1 255.255.255.0 UG 0 0 0 eth1127.0.0.0 * 255.0.0.0 U 0 0 0 lo0.0.0.0 x.x.x.x 0.0.0.0 UG 1 0 0 eth0 Good luck!

Source is Usenet: comp.os.linux.networking
Sign in to add a comment

eDiscover
Helpforce eDiscover provides technical articles updated each dayHelpforce eDiscover RSS feed contains the latest technical articles in RSS
Click the logo to go back to the main page
Search eDiscover
  
Categories

Click an icon to go to that category

Helpforce eDiscover contains articles about Microsoft Windows Helpforce eDiscover contains articles about Apple products and MacOS Helpforce eDiscover contains articles about Linux and POSIX operating systems Helpforce eDiscover contains articles about Helpforce Helpforce has a large variety of technical information and articles for you to read Helpforce eDiscover contains articles about databases, MYSQL, SQL Server Oracle Helpforce eDiscover contains articles about Java, JVM and the JRE Helpforce eDiscover contains articles about the QNX operating system Helpforce eDiscover contains articles about Oracle Solaris and Open Solaris Helpforce eDiscover contains articles about RISC OS, Acorn and the BBC Micro Helpforce eDiscover contains articles about Amiga and AmigaOS

Type your comment into the box below