FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 09-04-2012, 09:00 PM
"James B. Byrne"
 
Default Simple routing question

On Tue, September 4, 2012 16:51, Les Mikesell wrote:
>
> That should happen directly without C's involvement if the netmask is
> 255.255.0.0 on A and B's eth1 interfaces.

It is not. The netmask on those interfaces is 255.255.255.0.

>
>> Instead it goes to Eth0 on C where it dies as one would
>> expect.
>
> Why does C have both internet and LAN addresses on the same
> interfaces?
>

I am experimenting to see if this arrangement is workable. I want to
know if it is possible to have two separate 192.168.x subnets on the
same network. Why? I do not have a purpose in mind. I am just
checking out whether it can work or not.

If it is impossible then then I will discover why that is so, which I
think will be useful in itself.


--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-04-2012, 09:04 PM
John R Pierce
 
Default Simple routing question

On 09/04/12 2:00 PM, James B. Byrne wrote:
> I am experimenting to see if this arrangement is workable. I want to
> know if it is possible to have two separate 192.168.x subnets on the
> same network. Why? I do not have a purpose in mind. I am just
> checking out whether it can work or not.
>
> If it is impossible then then I will discover why that is so, which I
> think will be useful in itself.

its possible, but its excessively complicated, and there had better be a
darn good reason why to justify the complexity..





--
john r pierce N 37, W 122
santa cruz ca mid-left coast

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-04-2012, 09:23 PM
Cliff Pratt
 
Default Simple routing question

On Wed, Sep 5, 2012 at 9:00 AM, James B. Byrne <byrnejb@harte-lyne.ca> wrote:
>
> On Tue, September 4, 2012 16:51, Les Mikesell wrote:
>>
>> That should happen directly without C's involvement if the netmask is
>> 255.255.0.0 on A and B's eth1 interfaces.
>
> It is not. The netmask on those interfaces is 255.255.255.0.
>
>>
>>> Instead it goes to Eth0 on C where it dies as one would
>>> expect.
>>
>> Why does C have both internet and LAN addresses on the same
>> interfaces?
>>
>
> I am experimenting to see if this arrangement is workable. I want to
> know if it is possible to have two separate 192.168.x subnets on the
> same network. Why? I do not have a purpose in mind. I am just
> checking out whether it can work or not.
>
> If it is impossible then then I will discover why that is so, which I
> think will be useful in itself.
>
IMO you need to configure the two subnets separately and set the
netmask to 255.255.255.0. Then route traffic between the LANs via
either the firewall or another routing device on the shared network.

I've done similar in the past to migrate from one IP range to another.

Having both networks connect to the firewall router is risky in case
of a misconfiguration.

Cheers,

Cliff
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-04-2012, 09:27 PM
Les Mikesell
 
Default Simple routing question

On Tue, Sep 4, 2012 at 4:00 PM, James B. Byrne <byrnejb@harte-lyne.ca> wrote:
>
>> That should happen directly without C's involvement if the netmask is
>> 255.255.0.0 on A and B's eth1 interfaces.
>
> It is not. The netmask on those interfaces is 255.255.255.0.

Netmasks apply to (and describe) connected subnets, not individual
interfaces. Linux will sort-of sometimes work with mismatched subnet
masks but some things won't see arp broadcasts with the wrong
broadcast address (which again is for the whole subnet).

>>
>>> Instead it goes to Eth0 on C where it dies as one would
>>> expect.
>>
>> Why does C have both internet and LAN addresses on the same
>> interfaces?
>>
>
> I am experimenting to see if this arrangement is workable. I want to
> know if it is possible to have two separate 192.168.x subnets on the
> same network.

Some things might work sometimes. You can overlay separate subnets on
the same wire, each with a correct subnet mask, and a designated
router between them, but random things will happen with mixed
netmasks.

> Why? I do not have a purpose in mind. I am just
> checking out whether it can work or not.

You would probably be better off using VLANs than overlays in any case.

> If it is impossible then then I will discover why that is so, which I
> think will be useful in itself.

The broadcast address for a subnet is tied to the bits in the subnet
mask, and ethernets need arp broadcasts to work.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-04-2012, 09:34 PM
Leon Fauster
 
Default Simple routing question

Am 04.09.2012 um 20:34 schrieb James B. Byrne:
> We use a dual homed CentOS-6.3 host for our Internet gateway router.
> Its internal nic (eth1) is configured such that the address
> 192.168.0.1 is one of its aliases.
>
> # cat /etc/sysconfig/network-scripts/ifcfg-eth1:192BOOTPROTO=none
> BROADCAST=192.168.255.255
> DEVICE=eth1:192

^^^^^^^^

> IPADDR=192.168.0.1
> IPV6INIT=no
> MTU=""
> NAME="LAN - Non-routable"
> NETMASK=255.255.0.0
> NETWORK=192.168.0.0
> ONBOOT=yes
> ONPARENT=yes
>
> Internal packets routed to 192.168.209.41 are passing through this
> router out onto the network. I am afraid that the reason is not
> evident to me and I have been unable to locate an answer.
>
> The primary address for eth1 has the following configuration:
>
> # cat /etc/sysconfig/network-scripts/ifcfg-eth1
> BOOTPROTO=none
> BROADCAST=""
> DEFROUTE=yes
> DEVICE=eth1

^^^^^^^^^

> DOMAIN="hamilton.harte-lyne.ca harte-lyne.ca"
> GATEWAY=216.xxx.yyy.53
> HWADDR=00:25:90:60:11:8D
> IPADDR=216.xxx.xxx.1
> IPV4_FAILURE_FATAL=yes
> IPV6_AUTOCONF=yes
> IPV6_DEFROUTE=yes
> IPV6_FAILURE_FATAL=no
> IPV6INIT=yes
> IPV6_PEERDNS=yes
> IPV6_PEERROUTES=yes
> MACADDR=""
> MTU=""
> NAME="LAN Link - eth1"
> NETMASK=""
> NETWORK=""
> NM_CONTROLLED=no
> ONBOOT=yes
> PREFIX=24
> TYPE=Ethernet
> UUID=9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04
>
> What configuration setting am I missing that will cause packets to
> 192.168.ccc.ddd to stay on the LAN and not try and pass though the WAN
> interface?


Is it correct to set the internal net as alias on the public
interface (216.xxx.xxx.1) - both via eth1? This is for sure
not your intention. Maybe a typo ...

--
LF



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-06-2012, 04:11 PM
"James B. Byrne"
 
Default Simple routing question

I am still having some difficulty understanding what is going on with
routing on 192.168.x.x.

I have removed the IP aliases from the gateway eth1 so that it only
responds to aaa.bbb.ccc.1.

I have changed the netmask on Host B eth1 [192.168.209.43] to
255.255.0.0 and set its gateway to aaa.bbb.ccc.1; as I have on all of
the guests that have eth1 active.

The network service on both hosts and guests has been restarted.

However, when I do a traceroute from Host C [aaa.bbb.ccc.25] to
192.168.209.43 it still goes directly to the gateway at aaa.bbb.ccc.1
and thence out to the eth0 i/f on the gateway, where it dies as
before.

I note that Host C is a xen virtual host (used for some experiments
several years ago but no longer hosting any active guests) and that it
has the following virtual interface:

5: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

This has an address in the same network as 192.168.209.43 but with a
different netmask. This seems to eb the case on the kvm virtual hosts
as well.

6: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN
link/ether 52:54:00:a6:3f:49 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

So, is this the source of the problem when I try and connect to
192.168.209.43? Is the netblock 192.168.255.255 constrained to use a
netmask of 255.255.255.0 because of its use by the virtual hosts?

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-06-2012, 05:55 PM
Les Mikesell
 
Default Simple routing question

On Thu, Sep 6, 2012 at 11:11 AM, James B. Byrne <byrnejb@harte-lyne.ca> wrote:
> I am still having some difficulty understanding what is going on with
> routing on 192.168.x.x.
>
> I have removed the IP aliases from the gateway eth1 so that it only
> responds to aaa.bbb.ccc.1.
>
> I have changed the netmask on Host B eth1 [192.168.209.43] to
> 255.255.0.0 and set its gateway to aaa.bbb.ccc.1; as I have on all of
> the guests that have eth1 active.
>
> The network service on both hosts and guests has been restarted.
>
> However, when I do a traceroute from Host C [aaa.bbb.ccc.25] to
> 192.168.209.43 it still goes directly to the gateway at aaa.bbb.ccc.1
> and thence out to the eth0 i/f on the gateway, where it dies as
> before.
>
> I note that Host C is a xen virtual host (used for some experiments
> several years ago but no longer hosting any active guests) and that it
> has the following virtual interface:
>
> 5: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
> inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
>
> This has an address in the same network as 192.168.209.43 but with a
> different netmask. This seems to eb the case on the kvm virtual hosts
> as well.
>
> 6: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UNKNOWN
> link/ether 52:54:00:a6:3f:49 brd ff:ff:ff:ff:ff:ff
> inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
>
> So, is this the source of the problem when I try and connect to
> 192.168.209.43? Is the netblock 192.168.255.255 constrained to use a
> netmask of 255.255.255.0 because of its use by the virtual hosts?
>

A 'route -n' should show you where any destination will head on the
next hop. On host C, what is the line with the smallest matching
destination/mask? Likewise, on the gateway host where you think it is
being forwarded the wrong way?

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-06-2012, 06:09 PM
"James B. Byrne"
 
Default Simple routing question

Per: Les Mikesell lesmikesell at gmail.com
Thu Sep 6 13:55:05 EDT 2012

> A 'route -n' should show you where any destination will head
> on the next hop. On host C, what is the line with the
> smallest matching destination/mask? Likewise, on the gateway
> host where you think it is being forwarded the wrong way?


$ /sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0
0 virbr0
aaa.bbb.ccc.0 0.0.0.0 255.255.255.0 U 0 0
0 bridge0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
0 bridge0
0.0.0.0 aaa.1bbb.ccc.1 0.0.0.0 UG 0 0
0 bridge0


$ traceroute 192.168.209.43
traceroute to 192.168.209.43 (192.168.209.43), 30 hops max, 40 byte
packets
1 gway01 (aaa.bbb.ccc.1) 0.321 ms 0.298 ms 0.283 ms
2 ISPlink (aaa.bbb.ddd.53) 1.000 ms 0.993 ms 1.450 ms
3 * * *
4 * * *
5 * * *
. . .

This seems to say that 192.168.209.43 is being routed out to the
Internet as aaa.bbb.ddd.53 is our external gateway address on the
router.

This is the routing table on the router:

[root@gway01 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
aaa.bbb.ddd.52 0.0.0.0 255.255.255.252 U 0 0
0 eth0
aaa.bbb.ccc.0 0.0.0.0 255.255.255.0 U 0 0
0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0
0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0
0 eth1
0.0.0.0 aaa.bbb.ddd.53 0.0.0.0 UG 0 0
0 eth0


--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-06-2012, 06:20 PM
Les Mikesell
 
Default Simple routing question

On Thu, Sep 6, 2012 at 1:09 PM, James B. Byrne <byrnejb@harte-lyne.ca> wrote:
>
>> A 'route -n' should show you where any destination will head
>> on the next hop. On host C, what is the line with the
>> smallest matching destination/mask? Likewise, on the gateway
>> host where you think it is being forwarded the wrong way?
>
>
> $ /sbin/route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0
> 0 virbr0
> aaa.bbb.ccc.0 0.0.0.0 255.255.255.0 U 0 0
> 0 bridge0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
> 0 bridge0
> 0.0.0.0 aaa.1bbb.ccc.1 0.0.0.0 UG 0 0
> 0 bridge0
>
>
> $ traceroute 192.168.209.43
> traceroute to 192.168.209.43 (192.168.209.43), 30 hops max, 40 byte
> packets
> 1 gway01 (aaa.bbb.ccc.1) 0.321 ms 0.298 ms 0.283 ms

OK, there is no better match than the default in the route table
above, so it goes to the default gateway. I assume that's what you
want if you don't make the netmask span the 192.168.x.x range, but a
side effect is that it will source from the aaa.bbb.ccc.x interface
address.

> This seems to say that 192.168.209.43 is being routed out to the
> Internet as aaa.bbb.ddd.53 is our external gateway address on the
> router.
>
> This is the routing table on the router:
>
> [root@gway01 ~]# route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> aaa.bbb.ddd.52 0.0.0.0 255.255.255.252 U 0 0
> 0 eth0
> aaa.bbb.ccc.0 0.0.0.0 255.255.255.0 U 0 0
> 0 eth1
> 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0
> 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0
> 0 eth1
> 0.0.0.0 aaa.bbb.ddd.53 0.0.0.0 UG 0 0
> 0 eth0

I don't see any 192.168.x.x interface/mask there. Where else could
it go? Or is that 2nd 169.254.0.0 a typo?

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 09-06-2012, 07:04 PM
"James B. Byrne"
 
Default Simple routing question

Per: Les Mikesell lesmikesell at gmail.com
Thu Sep 6 14:20:43 EDT 2012

--->
On Thu, Sep 6, 2012 at 1:09 PM, James B. Byrne <byrnejb at
harte-lyne.ca> wrote:


> OK, there is no better match than the default in the route table
> above, so it goes to the default gateway. I assume that's what you
> want if you don't make the netmask span the 192.168.x.x range, but a
> side effect is that it will source from the aaa.bbb.ccc.x interface
> address.

> This seems to say that 192.168.209.43 is being routed out to the
> Internet as aaa.bbb.ddd.53 is our external gateway address on the
> router.
>
> This is the routing table on the router:
>
> [root at gway01 ~]# route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> aaa.bbb.ddd.52 0.0.0.0 255.255.255.252 U 0 0
> 0 eth0
> aaa.bbb.ccc.0 0.0.0.0 255.255.255.0 U 0 0
> 0 eth1
> 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0
> 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0
> 0 eth1
> 0.0.0.0 aaa.bbb.ddd.53 0.0.0.0 UG 0 0
> 0 eth0

I don't see any 192.168.x.x interface/mask there. Where else could
it go? Or is that 2nd 169.254.0.0 a typo?
<---

You see, this is the question I am trying to fathom. Once upon a
time, 2 days ago, the interface on the gateway system included
ifcfg-eth1:192 which had the address 192.168.0.1 and the netmask
255.255.255.0. At that point I was not aware of any underlying
problems and virtual interfaces on other hosts which had addresses
like 192.168.216.ddd could be found and connected to from internal
host addresses of the form aaa.bbb.ccc.0 where aaa.bbb.ccc is our
publicly routable C class assigned address block.

The difficulties started when I began testing a new virtual host which
eventually will be moved off-site to our DR facility (which is a lot
less impressive in fact than it appears when I write that, but at
least we have one). On that machine, for no particular reason, I
decided to use a different sub-net for the 192.168 IP on the VM guests
eth1 i/f.

When I did that the kvm host could connect to those i/f, presumably
because its own eth1 was set to an address on the same netblock
(192.168.209.43) but no other host could connect to either the host's
eth1 or any of the running guests' eth1. This is what prompted the
question which has turned into this thread.

When I set this network up many ages ago I added 192.168.0.1 to the
internal i/f of the gateway router in the apparently unfounded belief
that if the router knew that the internal i/d had an address in the
192.168 address space then it would not try to route traffic destined
for those addresses through the router. As I say, my knowledge of
this is very limited. Although, to be fair, everything has worked as I
expected up to now and this situation is simply an experiment of my
own devising. So, I am hardly a walking accident waiting to happen.

What I wanted to have happen was for all traffic destined for
192.168.anything to stay inside the LAN and attached to the specified
address, while any traffic that originated from 192.168.anything
destined to anywhere else would route through the gateway; where it is
NAT mangled.

I just want to understand what is going on in this specific case
without delving deeply into the subject of routing, for which I do not
have the luxury of time. This not impacting anything of significance
so I take it up on a time available basis. On the other hand, I am
definitely gaining an education in the process.

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 06:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org