FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 10-02-2012, 07:07 PM
Robert Latest
 
Default How to address hosts in dual ethernet networks?

Hello all,

I'm planning on setting up a small linux PC in an industrial
environment. The PC will act as a bridge between a string of
Ethernet/Modbus devices and a database server. It will run a very
simple application that queries the Modbus devices and relays its
findings to the database. The PC will have two ethernet ports: One
connected to the Modbus devices, the other to the company's intranet.
One port will be assigned an IP address from the intranet's DHCP
server, and the Modbus devices will be assigned addresses in the
192.168 range using a DHCP server on my PC.

So far, very simple.

What I can't figure out is how to separate the IP address spaces in
this PC itself. There are plenty of 192.168 addresses in use in our
intranet, and it is quite possible that addresses will be used both in
the Intranet and in the Modbus space.

Suppose the application wants to talk to the Modbus device
192.168.0.101 on eth1 (where the Modbus devices are connected). How
can I prevent it from connecting to a host on the intranet that
happens to have the same address?

Actually, I know that the hosts that I need to connect to on the
intranet do not have 192.168.... addresses. So I suppose I can set up
the routing table using a network mask or something of the sort. But
what if, hypothetically, I do need to connect to an intranet host
whose IP address happens to be used by a Modbus device as well?

Thanks,
robert


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CAMXbmUQFiuGtWWJLbYR5odY=2L_WLYezN0Eu-vFrxmfZMbM_YA@mail.gmail.com
 
Old 10-02-2012, 08:45 PM
Jochen Spieker
 
Default How to address hosts in dual ethernet networks?

Robert Latest:
>
> What I can't figure out is how to separate the IP address spaces in
> this PC itself. There are plenty of 192.168 addresses in use in our
> intranet, and it is quite possible that addresses will be used both in
> the Intranet and in the Modbus space.

That is a broken network design.

> Suppose the application wants to talk to the Modbus device
> 192.168.0.101 on eth1 (where the Modbus devices are connected). How
> can I prevent it from connecting to a host on the intranet that
> happens to have the same address?

You can't, except when using static host routes for each intranet host
you want to connect to.

> Actually, I know that the hosts that I need to connect to on the
> intranet do not have 192.168.... addresses. So I suppose I can set up
> the routing table using a network mask or something of the sort.

That's the way to go if you can find a netmask that fits your needs.

J.
--
It is not in my power to change anything.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
 
Old 10-03-2012, 05:45 PM
Henning Follmann
 
Default How to address hosts in dual ethernet networks?

On Oct 2, 2012, at 3:07 PM, Robert Latest <boblatest@gmail.com> wrote:

> Hello all,
>
> I'm planning on setting up a small linux PC in an industrial
> environment. The PC will act as a bridge between a string of
> Ethernet/Modbus devices and a database server. It will run a very
> simple application that queries the Modbus devices and relays its
> findings to the database. The PC will have two ethernet ports: One
> connected to the Modbus devices, the other to the company's intranet.
> One port will be assigned an IP address from the intranet's DHCP
> server, and the Modbus devices will be assigned addresses in the
> 192.168 range using a DHCP server on my PC.
>
> So far, very simple.
>
> What I can't figure out is how to separate the IP address spaces in
> this PC itself. There are plenty of 192.168 addresses in use in our
> intranet, and it is quite possible that addresses will be used both in
> the Intranet and in the Modbus space.
>
> Suppose the application wants to talk to the Modbus device
> 192.168.0.101 on eth1 (where the Modbus devices are connected). How
> can I prevent it from connecting to a host on the intranet that
> happens to have the same address?
>
> Actually, I know that the hosts that I need to connect to on the
> intranet do not have 192.168.... addresses. So I suppose I can set up
> the routing table using a network mask or something of the sort. But
> what if, hypothetically, I do need to connect to an intranet host
> whose IP address happens to be used by a Modbus device as well?
>
> Thanks,
> robert
>
>


The network design at your place seems like a mess and the best advice
I can give you is to clean that up BEFORE you do anything else.

The devices on your modbus should be assign a unique IP address which
MUST NOT overlap with any other range already in use at your place.
Lets assume you assign them 192.168.66.0 / 24 and you also assign your
PC an address in that range, then it will be automatically be routed based
on the subnet. There is no need for static routes then.

I assume that the address you get on the other ethernet port includes an
default route (gateway). So anything not in your modbus space and in your
locally assigned space will be sent there and the router should have the
information how to forward this package to the correct host/network.


--
Henning


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 362FD33D-24B5-4F17-9A3D-032F48C544D6@itcfollmann.com">http://lists.debian.org/362FD33D-24B5-4F17-9A3D-032F48C544D6@itcfollmann.com
 
Old 10-03-2012, 06:35 PM
lee
 
Default How to address hosts in dual ethernet networks?

Robert Latest <boblatest@gmail.com> writes:

> Hello all,
>
> I'm planning on setting up a small linux PC in an industrial
> environment. The PC will act as a bridge between a string of
> Ethernet/Modbus devices and a database server. It will run a very
> simple application that queries the Modbus devices and relays its
> findings to the database. The PC will have two ethernet ports: One
> connected to the Modbus devices, the other to the company's intranet.
> One port will be assigned an IP address from the intranet's DHCP
> server, and the Modbus devices will be assigned addresses in the
> 192.168 range using a DHCP server on my PC.

What if you actually do make your host a bridge that bridges the two
networks and let the Modbus devices get their addresses from the DHCP
server? The shorewall documentation has an example called something
like "simple bridge setup" that might accommodate your needs.

You could also use another private address range like 10.x.x.x for the
Modbus devices.

> the routing table using a network mask or something of the sort. But
> what if, hypothetically, I do need to connect to an intranet host
> whose IP address happens to be used by a Modbus device as well?

That won't work unless you change the routing before connecting to that
host (and restore it afterwards) or actually bridge the networks and
make sure that IP addresses are each used for no more than one device at
the same time.


--
Debian testing iad96 brokenarch


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87391v2ykt.fsf@yun.yagibdah.de">http://lists.debian.org/87391v2ykt.fsf@yun.yagibdah.de
 
Old 10-04-2012, 03:01 PM
Robert Latest
 
Default How to address hosts in dual ethernet networks?

On Wed, Oct 3, 2012 at 7:45 PM, Henning Follmann
<hfollmann@itcfollmann.com> wrote:
> The network design at your place seems like a mess and the best advice
> I can give you is to clean that up BEFORE you do anything else.

What's the mess? That the Intranet contains 192.168... addresses?
Anyway, this is a big multinational corporation, and I can't have any
situation where the Intranet "sees" my Modbus devices, and I can't
make any assumptions about addresses being or not being in use in the
Intranet.

I understand that from the viewpoint of my control PC I can't have any
duplicate addresses because that's how IP addresses work. That was my
basic question, and it was answered. So as long as I put my modbus
stuff into an IP address range that I don't need on the intranet, and
I make that address space "invisible" on the intranet side using a
netmask, I'm fine.

> The devices on your modbus should be assign a unique IP address which
> MUST NOT overlap with any other range already in use at your place.

Got that.

Thanks!
robert


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAMXbmUR8B1EHdASKOoGkhWEUGk3aeN7MBq7niJ-m7cbSQHX-OA@mail.gmail.com">http://lists.debian.org/CAMXbmUR8B1EHdASKOoGkhWEUGk3aeN7MBq7niJ-m7cbSQHX-OA@mail.gmail.com
 
Old 10-04-2012, 03:06 PM
Robert Latest
 
Default How to address hosts in dual ethernet networks?

On Wed, Oct 3, 2012 at 8:35 PM, lee <lee@yun.yagibdah.de> wrote:

> What if you actually do make your host a bridge that bridges the two
> networks and let the Modbus devices get their addresses from the DHCP
> server?

Can't. My local "modbus" subnet must not be visible from the outside.
Actually there are several production tools in use here that use
similar subnets with 400+ nodes (=IP addresses) in just the manner I'm
describing. There's no point in exposing all that to the outside
network, and it's also a potential security and reliability issue.
Just imagine a multi-million dollar tool out of production because the
DHCP server is down, when all those modules need to talk to is the
local controller.

> You could also use another private address range like 10.x.x.x for the
> Modbus devices.

Yeah, I'll do something of the sort. As I said, all I need to connect
to on the intranet side is a single host, so I'm sure I'll find an
unused address space ;-)

Thanks,
robert


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAMXbmUQztk+BRbcrWkro+uC0rV8XxwsJA+OSJUp4Xpzf6FtB0 A@mail.gmail.com">http://lists.debian.org/CAMXbmUQztk+BRbcrWkro+uC0rV8XxwsJA+OSJUp4Xpzf6FtB0 A@mail.gmail.com
 
Old 10-04-2012, 04:02 PM
Henning Follmann
 
Default How to address hosts in dual ethernet networks?

On Thu, Oct 04, 2012 at 05:01:13PM +0200, Robert Latest wrote:
> On Wed, Oct 3, 2012 at 7:45 PM, Henning Follmann
> <hfollmann@itcfollmann.com> wrote:
> > The network design at your place seems like a mess and the best advice
> > I can give you is to clean that up BEFORE you do anything else.
>
> What's the mess? That the Intranet contains 192.168... addresses?
> Anyway, this is a big multinational corporation, and I can't have any
> situation where the Intranet "sees" my Modbus devices, and I can't
> make any assumptions about addresses being or not being in use in the
> Intranet.
>

Using rfc1918 address space is fine. That's what they are there for.
"can't make any assumptions" here is your mess! Where is the responsible
person to talk to, how your network is designed and which subnets are
assigned and which are still free for use? But the phrase "multinational
corporation" does not instill hope. I worked for several of those and
usually the network is handled by college aged kids who graduated from the
geek squad. They click through some menues on M$ server machines until it
somehow works, but they have no clue what they are doing. Usually the
networks are flooded with broadcast packages and ICMP. Also the drop rate on
their routers sometime exceeds 50%.

> I understand that from the viewpoint of my control PC I can't have any
> duplicate addresses because that's how IP addresses work. That was my
> basic question, and it was answered. So as long as I put my modbus
> stuff into an IP address range that I don't need on the intranet, and
> I make that address space "invisible" on the intranet side using a
> netmask, I'm fine.
>
> > The devices on your modbus should be assign a unique IP address which
> > MUST NOT overlap with any other range already in use at your place.
>
> Got that.
>

Good luck then.


--
Henning Follmann | hfollmann@itcfollmann.com


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20121004160207.GA10218@newton.itcfollmann.com">htt p://lists.debian.org/20121004160207.GA10218@newton.itcfollmann.com
 
Old 10-04-2012, 06:17 PM
Joe
 
Default How to address hosts in dual ethernet networks?

On Thu, 4 Oct 2012 17:01:13 +0200
Robert Latest <boblatest@gmail.com> wrote:

> On Wed, Oct 3, 2012 at 7:45 PM, Henning Follmann
> <hfollmann@itcfollmann.com> wrote:
> > The network design at your place seems like a mess and the best
> > advice I can give you is to clean that up BEFORE you do anything
> > else.
>
> What's the mess? That the Intranet contains 192.168... addresses?
> Anyway, this is a big multinational corporation, and I can't have any
> situation where the Intranet "sees" my Modbus devices, and I can't
> make any assumptions about addresses being or not being in use in the
> Intranet.
>
> I understand that from the viewpoint of my control PC I can't have any
> duplicate addresses because that's how IP addresses work. That was my
> basic question, and it was answered. So as long as I put my modbus
> stuff into an IP address range that I don't need on the intranet, and
> I make that address space "invisible" on the intranet side using a
> netmask, I'm fine.
>

Absolutely right, I and possibly others had the impression that the
same network address might be in use on both sides of a router, and that
this was beyond your control.

There are other private network addresses than 192.168., the 16 x
172.16. to 172.31. networks each have over 65,000 addresses available,
and for some reason these networks are not often used in corporate
systems. The 10. network is an /8 ('class A') and has 16 million
addresses, but I prefer to avoid that one, as I've seen a few odd
results when used with smaller subnets.

Joe


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20121004191717.51addce1@jretrading.com">http://lists.debian.org/20121004191717.51addce1@jretrading.com
 
Old 10-13-2012, 08:51 PM
Robert Latest
 
Default How to address hosts in dual ethernet networks?

Thanks, Henning, and everybody else for helping out on this. I think I
know what I have to do now.

Regards,
Robert


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CAMXbmUSkwKqYWhJLFZccnx7r8YXkTNU1Ub3d5M+4OqfjuMHF= Q@mail.gmail.com
 

Thread Tools




All times are GMT. The time now is 08:39 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org