Re: [CentOS] Simple routing question
I am still having some difficulty understanding what is going on with routing on 192.168.x.x. I have removed the IP aliases from the gateway eth1 so that it only responds to aaa.bbb.ccc.1. I have changed the netmask on Host B eth1 [192.168.209.43] to 255.255.0.0 and set its gateway to aaa.bbb.ccc.1; as I have on all of the guests that have eth1 active. The network service on both hosts and guests has been restarted. However, when I do a traceroute from Host C [aaa.bbb.ccc.25] to 192.168.209.43 it still goes directly to the gateway at aaa.bbb.ccc.1 and thence out to the eth0 i/f on the gateway, where it dies as before. I note that Host C is a xen virtual host (used for some experiments several years ago but no longer hosting any active guests) and that it has the following virtual interface: 5: virbr0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 This has an address in the same network as 192.168.209.43 but with a different netmask. This seems to eb the case on the kvm virtual hosts as well. 6: virbr0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 52:54:00:a6:3f:49 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 So, is this the source of the problem when I try and connect to 192.168.209.43? Is the netblock 192.168.255.255 constrained to use a netmask of 255.255.255.0 because of its use by the virtual hosts? -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On Thu, Sep 6, 2012 at 11:11 AM, James B. Byrne byrn...@harte-lyne.ca wrote: I am still having some difficulty understanding what is going on with routing on 192.168.x.x. I have removed the IP aliases from the gateway eth1 so that it only responds to aaa.bbb.ccc.1. I have changed the netmask on Host B eth1 [192.168.209.43] to 255.255.0.0 and set its gateway to aaa.bbb.ccc.1; as I have on all of the guests that have eth1 active. The network service on both hosts and guests has been restarted. However, when I do a traceroute from Host C [aaa.bbb.ccc.25] to 192.168.209.43 it still goes directly to the gateway at aaa.bbb.ccc.1 and thence out to the eth0 i/f on the gateway, where it dies as before. I note that Host C is a xen virtual host (used for some experiments several years ago but no longer hosting any active guests) and that it has the following virtual interface: 5: virbr0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 This has an address in the same network as 192.168.209.43 but with a different netmask. This seems to eb the case on the kvm virtual hosts as well. 6: virbr0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 52:54:00:a6:3f:49 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 So, is this the source of the problem when I try and connect to 192.168.209.43? Is the netblock 192.168.255.255 constrained to use a netmask of 255.255.255.0 because of its use by the virtual hosts? A 'route -n' should show you where any destination will head on the next hop. On host C, what is the line with the smallest matching destination/mask? Likewise, on the gateway host where you think it is being forwarded the wrong way? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
Per: Les Mikesell lesmikesell at gmail.com Thu Sep 6 13:55:05 EDT 2012 A 'route -n' should show you where any destination will head on the next hop. On host C, what is the line with the smallest matching destination/mask? Likewise, on the gateway host where you think it is being forwarded the wrong way? $ /sbin/route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 aaa.bbb.ccc.00.0.0.0255.255.255.0 U 0 0 0 bridge0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 bridge0 0.0.0.0 aaa.1bbb.ccc.1 0.0.0.0 UG0 0 0 bridge0 $ traceroute 192.168.209.43 traceroute to 192.168.209.43 (192.168.209.43), 30 hops max, 40 byte packets 1 gway01 (aaa.bbb.ccc.1) 0.321 ms 0.298 ms 0.283 ms 2 ISPlink (aaa.bbb.ddd.53) 1.000 ms 0.993 ms 1.450 ms 3 * * * 4 * * * 5 * * * . . . This seems to say that 192.168.209.43 is being routed out to the Internet as aaa.bbb.ddd.53 is our external gateway address on the router. This is the routing table on the router: [root@gway01 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface aaa.bbb.ddd.52 0.0.0.0 255.255.255.252 U 0 0 0 eth0 aaa.bbb.ccc.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1 0.0.0.0 aaa.bbb.ddd.53 0.0.0.0 UG0 0 0 eth0 -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On Thu, Sep 6, 2012 at 1:09 PM, James B. Byrne byrn...@harte-lyne.ca wrote: A 'route -n' should show you where any destination will head on the next hop. On host C, what is the line with the smallest matching destination/mask? Likewise, on the gateway host where you think it is being forwarded the wrong way? $ /sbin/route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 aaa.bbb.ccc.00.0.0.0255.255.255.0 U 0 0 0 bridge0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 bridge0 0.0.0.0 aaa.1bbb.ccc.1 0.0.0.0 UG0 0 0 bridge0 $ traceroute 192.168.209.43 traceroute to 192.168.209.43 (192.168.209.43), 30 hops max, 40 byte packets 1 gway01 (aaa.bbb.ccc.1) 0.321 ms 0.298 ms 0.283 ms OK, there is no better match than the default in the route table above, so it goes to the default gateway. I assume that's what you want if you don't make the netmask span the 192.168.x.x range, but a side effect is that it will source from the aaa.bbb.ccc.x interface address. This seems to say that 192.168.209.43 is being routed out to the Internet as aaa.bbb.ddd.53 is our external gateway address on the router. This is the routing table on the router: [root@gway01 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface aaa.bbb.ddd.52 0.0.0.0 255.255.255.252 U 0 0 0 eth0 aaa.bbb.ccc.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1 0.0.0.0 aaa.bbb.ddd.53 0.0.0.0 UG0 0 0 eth0 I don't see any 192.168.x.x interface/mask there. Where else could it go? Or is that 2nd 169.254.0.0 a typo? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
Per: Les Mikesell lesmikesell at gmail.com Thu Sep 6 14:20:43 EDT 2012 --- On Thu, Sep 6, 2012 at 1:09 PM, James B. Byrne byrnejb at harte-lyne.ca wrote: OK, there is no better match than the default in the route table above, so it goes to the default gateway. I assume that's what you want if you don't make the netmask span the 192.168.x.x range, but a side effect is that it will source from the aaa.bbb.ccc.x interface address. This seems to say that 192.168.209.43 is being routed out to the Internet as aaa.bbb.ddd.53 is our external gateway address on the router. This is the routing table on the router: [root at gway01 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface aaa.bbb.ddd.52 0.0.0.0 255.255.255.252 U 0 0 0 eth0 aaa.bbb.ccc.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1 0.0.0.0 aaa.bbb.ddd.53 0.0.0.0 UG0 0 0 eth0 I don't see any 192.168.x.x interface/mask there. Where else could it go? Or is that 2nd 169.254.0.0 a typo? --- You see, this is the question I am trying to fathom. Once upon a time, 2 days ago, the interface on the gateway system included ifcfg-eth1:192 which had the address 192.168.0.1 and the netmask 255.255.255.0. At that point I was not aware of any underlying problems and virtual interfaces on other hosts which had addresses like 192.168.216.ddd could be found and connected to from internal host addresses of the form aaa.bbb.ccc.0 where aaa.bbb.ccc is our publicly routable C class assigned address block. The difficulties started when I began testing a new virtual host which eventually will be moved off-site to our DR facility (which is a lot less impressive in fact than it appears when I write that, but at least we have one). On that machine, for no particular reason, I decided to use a different sub-net for the 192.168 IP on the VM guests eth1 i/f. When I did that the kvm host could connect to those i/f, presumably because its own eth1 was set to an address on the same netblock (192.168.209.43) but no other host could connect to either the host's eth1 or any of the running guests' eth1. This is what prompted the question which has turned into this thread. When I set this network up many ages ago I added 192.168.0.1 to the internal i/f of the gateway router in the apparently unfounded belief that if the router knew that the internal i/d had an address in the 192.168 address space then it would not try to route traffic destined for those addresses through the router. As I say, my knowledge of this is very limited. Although, to be fair, everything has worked as I expected up to now and this situation is simply an experiment of my own devising. So, I am hardly a walking accident waiting to happen. What I wanted to have happen was for all traffic destined for 192.168.anything to stay inside the LAN and attached to the specified address, while any traffic that originated from 192.168.anything destined to anywhere else would route through the gateway; where it is NAT mangled. I just want to understand what is going on in this specific case without delving deeply into the subject of routing, for which I do not have the luxury of time. This not impacting anything of significance so I take it up on a time available basis. On the other hand, I am definitely gaining an education in the process. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On Thu, Sep 6, 2012 at 2:04 PM, James B. Byrne byrn...@harte-lyne.ca wrote: What I wanted to have happen was for all traffic destined for 192.168.anything to stay inside the LAN and attached to the specified address, while any traffic that originated from 192.168.anything destined to anywhere else would route through the gateway; where it is NAT mangled. To make that happen on your C host, you need to make the netmask cover the range of the LAN addresses. Otherwise it is going to source off of the other interface and send to the default router. I just want to understand what is going on in this specific case without delving deeply into the subject of routing, for which I do not have the luxury of time. This not impacting anything of significance so I take it up on a time available basis. On the other hand, I am definitely gaining an education in the process. There is nothing 'deep' about routing. Just convert the addresses and netmasks to binary and line the bits up. Where there are 0's in the netmask bit positions, the destination doesn't have to match; where there are ones it does. If there are multiple route matches, the most specific match wins - that will be the one with the most 1's in the netmask. Every hop makes this decision independently. But, it doesn't make sense that ifconfig would show an interface/netmask that doesn't appear in the route table. Normally the system does that automatically. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
Well, I seem to be getting somewhere, although where exactly is open to question. I did this. I put the virtual interface address 192.168.0.1 back onto eth1 of the gateway host and restarted the network services. The ifcfg file looked like this: BOOTPROTO=none BROADCAST=192.168.255.255 DEVICE=eth1:192 IPADDR=192.168.0.1 IPV6INIT=no MTU= NAME=LAN - Non-routable NETMASK=255.255.0.0 NETWORK=192.168.0.0 ONBOOT=yes ONPARENT=yes After the restart ip addr showed this: 3: eth1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:25:90:60:11:8d brd ff:ff:ff:ff:ff:ff inet aaa.bbb.ccc.1/24 brd aaa.bbb.ccc.255 scope global eth1 inet 192.168.0.1/24 brd 192.168.255.255 scope global eth1:192 inet6 fe80::225:90ff:fe60:118d/64 scope link valid_lft forever preferred_lft forever Note the cidr suffix on 192.168.0.1 = 24 That is not what I expected. Restarting with the same config did not change the initially observed outcome. SO, I edited ifcfg-eth1:192 and added exactly one line: PREFIX=16 and restarted the network. ip addr now shows this: 3: eth1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:25:90:60:11:8d brd ff:ff:ff:ff:ff:ff inet aaa.bbb.ccc.1/24 brd aaa.bbb.ccc.255 scope global eth1 inet 192.168.0.1/16 brd 192.168.255.255 scope global eth1:192 inet6 fe80::225:90ff:fe60:118d/64 scope link valid_lft forever preferred_lft forever Note that the cidr suffix is now 16. Now, when I try and ping an address on the 192.168 netblock from host C I see this: # ping 192.168.209.43 PING 192.168.209.43 (192.168.209.43) 56(84) bytes of data. From 216.185.71.1: icmp_seq=2 Redirect Host(New nexthop: 192.168.209.43) From 216.185.71.1: icmp_seq=3 Redirect Host(New nexthop: 192.168.209.43) From 216.185.71.1: icmp_seq=4 Redirect Host(New nexthop: 192.168.209.43) From 216.185.71.1: icmp_seq=5 Redirect Host(New nexthop: 192.168.209.43) From 216.185.71.1: icmp_seq=6 Redirect Host(New nexthop: 192.168.209.43) My question now is how do I get to 192.168.209.43? -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On Thu, Sep 6, 2012 at 3:54 PM, James B. Byrne byrn...@harte-lyne.ca wrote: I did this. I put the virtual interface address 192.168.0.1 back onto eth1 of the gateway host and restarted the network services. The ifcfg file looked like this: BOOTPROTO=none BROADCAST=192.168.255.255 DEVICE=eth1:192 IPADDR=192.168.0.1 IPV6INIT=no MTU= NAME=LAN - Non-routable NETMASK=255.255.0.0 NETWORK=192.168.0.0 ONBOOT=yes ONPARENT=yes After the restart ip addr showed this: 3: eth1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:25:90:60:11:8d brd ff:ff:ff:ff:ff:ff inet aaa.bbb.ccc.1/24 brd aaa.bbb.ccc.255 scope global eth1 inet 192.168.0.1/24 brd 192.168.255.255 scope global eth1:192 inet6 fe80::225:90ff:fe60:118d/64 scope link valid_lft forever preferred_lft forever Note the cidr suffix on 192.168.0.1 = 24 That is not what I expected. Restarting with the same config did not change the initially observed outcome. SO, I edited ifcfg-eth1:192 and added exactly one line: PREFIX=16 and restarted the network. ip addr now shows this: 3: eth1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:25:90:60:11:8d brd ff:ff:ff:ff:ff:ff inet aaa.bbb.ccc.1/24 brd aaa.bbb.ccc.255 scope global eth1 inet 192.168.0.1/16 brd 192.168.255.255 scope global eth1:192 inet6 fe80::225:90ff:fe60:118d/64 scope link valid_lft forever preferred_lft forever Note that the cidr suffix is now 16. I thought it would figure that out from the NETMASK, but OK Now, when I try and ping an address on the 192.168 netblock from host C I see this: # ping 192.168.209.43 PING 192.168.209.43 (192.168.209.43) 56(84) bytes of data. From 216.185.71.1: icmp_seq=2 Redirect Host(New nexthop: 192.168.209.43) From 216.185.71.1: icmp_seq=3 Redirect Host(New nexthop: 192.168.209.43) From 216.185.71.1: icmp_seq=4 Redirect Host(New nexthop: 192.168.209.43) From 216.185.71.1: icmp_seq=5 Redirect Host(New nexthop: 192.168.209.43) From 216.185.71.1: icmp_seq=6 Redirect Host(New nexthop: 192.168.209.43) My question now is how do I get to 192.168.209.43? This is your router telling the source box that it can send directly to the destination (which it knows because netmasks really are supposed to be global for the subnet and routers don't like to route back the inbound interface). However, it should also have routed the packet. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On 09/06/2012 11:11 PM, Les Mikesell wrote: On Thu, Sep 6, 2012 at 3:54 PM, James B. Byrne byrn...@harte-lyne.ca wrote: I did this. I put the virtual interface address 192.168.0.1 back onto eth1 of the gateway host and restarted the network services. The ifcfg file looked like this: BOOTPROTO=none BROADCAST=192.168.255.255 DEVICE=eth1:192 IPADDR=192.168.0.1 IPV6INIT=no MTU= NAME=LAN - Non-routable NETMASK=255.255.0.0 NETWORK=192.168.0.0 ONBOOT=yes ONPARENT=yes After the restart ip addr showed this: 3: eth1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:25:90:60:11:8d brd ff:ff:ff:ff:ff:ff inet aaa.bbb.ccc.1/24 brd aaa.bbb.ccc.255 scope global eth1 inet 192.168.0.1/24 brd 192.168.255.255 scope global eth1:192 inet6 fe80::225:90ff:fe60:118d/64 scope link valid_lft forever preferred_lft forever Note the cidr suffix on 192.168.0.1 = 24 That is not what I expected. Restarting with the same config did not change the initially observed outcome. SO, I edited ifcfg-eth1:192 and added exactly one line: PREFIX=16 and restarted the network. ip addr now shows this: 3: eth1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:25:90:60:11:8d brd ff:ff:ff:ff:ff:ff inet aaa.bbb.ccc.1/24 brd aaa.bbb.ccc.255 scope global eth1 inet 192.168.0.1/16 brd 192.168.255.255 scope global eth1:192 inet6 fe80::225:90ff:fe60:118d/64 scope link valid_lft forever preferred_lft forever Note that the cidr suffix is now 16. I thought it would figure that out from the NETMASK, but OK It does. The question is what does the config file for eth1 look like because when you bring up an alias interface first the config file for the parent interface is read and then those values are overwritten by the values in the alias config file. So it might be the case that there is a PREFIX=24 definition in the eth1 file and none in the eth1:192 file which so in the end PREFIX=24 would be used for the alias interface. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Simple routing question
We use a dual homed CentOS-6.3 host for our Internet gateway router. Its internal nic (eth1) is configured such that the address 192.168.0.1 is one of its aliases. # cat /etc/sysconfig/network-scripts/ifcfg-eth1:192BOOTPROTO=none BROADCAST=192.168.255.255 DEVICE=eth1:192 IPADDR=192.168.0.1 IPV6INIT=no MTU= NAME=LAN - Non-routable NETMASK=255.255.0.0 NETWORK=192.168.0.0 ONBOOT=yes ONPARENT=yes Internal packets routed to 192.168.209.41 are passing through this router out onto the network. I am afraid that the reason is not evident to me and I have been unable to locate an answer. The primary address for eth1 has the following configuration: # cat /etc/sysconfig/network-scripts/ifcfg-eth1 BOOTPROTO=none BROADCAST= DEFROUTE=yes DEVICE=eth1 DOMAIN=hamilton.harte-lyne.ca harte-lyne.ca GATEWAY=216.xxx.yyy.53 HWADDR=00:25:90:60:11:8D IPADDR=216.xxx.xxx.1 IPV4_FAILURE_FATAL=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6INIT=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes MACADDR= MTU= NAME=LAN Link - eth1 NETMASK= NETWORK= NM_CONTROLLED=no ONBOOT=yes PREFIX=24 TYPE=Ethernet UUID=9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 What configuration setting am I missing that will cause packets to 192.168.ccc.ddd to stay on the LAN and not try and pass though the WAN interface? -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On Tue, Sep 4, 2012 at 1:34 PM, James B. Byrne byrn...@harte-lyne.ca wrote: We use a dual homed CentOS-6.3 host for our Internet gateway router. Its internal nic (eth1) is configured such that the address 192.168.0.1 is one of its aliases. # cat /etc/sysconfig/network-scripts/ifcfg-eth1:192BOOTPROTO=none DEVICE=eth1:192 IPADDR=192.168.0.1 NETMASK=255.255.0.0 Internal packets routed to 192.168.209.41 are passing through this router out onto the network. I am afraid that the reason is not evident to me and I have been unable to locate an answer. That netmask says the interface handles the range from 192.168.0.0-192.168.255.255. Maybe you meant 255.255.255.0? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On Tue, September 4, 2012 14:34, James B. Byrne wrote: We use a dual homed CentOS-6.3 host for our Internet gateway router. Its internal nic (eth1) is configured such that the address 192.168.0.1 is one of its aliases. per: Les Mikesell lesmikesell at gmail.com Tue Sep 4 15:01:18 EDT 2012 # cat /etc/sysconfig/network-scripts/ifcfg-eth1:192BOOTPROTO=none DEVICE=eth1:192 IPADDR=192.168.0.1 NETMASK=255.255.0.0 Internal packets routed to 192.168.209.41 are passing through this router out onto the network. I am afraid that the reason is not evident to me and I have been unable to locate an answer. That netmask says the interface handles the range from 192.168.0.0-192.168.255.255. Maybe you meant 255.255.255.0? There are presently two subnets on the lan, 192.168.209.0 and 192.168.209.0. I believe that the present netmask is correct in these circumstances. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On Tue, Sep 4, 2012 at 2:18 PM, James B. Byrne byrn...@harte-lyne.ca wrote: On Tue, September 4, 2012 14:34, James B. Byrne wrote: We use a dual homed CentOS-6.3 host for our Internet gateway router. Its internal nic (eth1) is configured such that the address 192.168.0.1 is one of its aliases. per: Les Mikesell lesmikesell at gmail.com Tue Sep 4 15:01:18 EDT 2012 # cat /etc/sysconfig/network-scripts/ifcfg-eth1:192BOOTPROTO=none DEVICE=eth1:192 IPADDR=192.168.0.1 NETMASK=255.255.0.0 Internal packets routed to 192.168.209.41 are passing through this router out onto the network. I am afraid that the reason is not evident to me and I have been unable to locate an answer. That netmask says the interface handles the range from 192.168.0.0-192.168.255.255. Maybe you meant 255.255.255.0? There are presently two subnets on the lan, 192.168.209.0 and 192.168.209.0. I believe that the present netmask is correct in these circumstances. If the 192.168.209.x range is connected to this interface, then I don't think I understand the problem. I thought you were saying those addresses should not go out this interface. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On 09/04/12 12:18 PM, James B. Byrne wrote: There are presently two subnets on the lan, 192.168.209.0 and 192.168.209.0. I believe that the present netmask is correct in these circumstances. um, those are both the same? I assume you meant one of them to be different? when you say therre are two subnets, whats the mask for those two 'subnets' ? if its /24 (255.255.255.0) then those subnets would not be able to reach the gateway at 192.168.0.1 without additional routing information. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On 09/04/12 12:18 PM, James B. Byrne wrote: There are presently two subnets on the lan, 192.168.209.0 and 192.168.209.0. I believe that the present netmask is correct in these circumstances. um, those are both the same? I assume you meant one of them to be different? You are correct. I mistyped. I have host A with eth0[aaa.bbb.ccc.A] and eth1[192.168.216.A] I have host B with eth0[aaa.bbb.ccc.B] and eth1[192.168.209.B] and I have host C as the gateway with eth0 being the WAN and eth1 being the LAN. Eth1 on C has the address [aaa.bbb.ccc.1] assigned to it and has the alias [192.168.0.1] as well. I want traffic from 192.168.216.A addressed to 192.168.209.B to go to eth1 on B. Instead it goes to Eth0 on C where it dies as one would expect. I am not terribly familiar with routing so I expect that I am doing something wrong that is obvious yet invisible to me. This is an experimental set up so that I can explore these issues before inflicting them on my unsuspecting users. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
James B. Byrne wrote: On 09/04/12 12:18 PM, James B. Byrne wrote: There are presently two subnets on the lan, 192.168.209.0 and 192.168.209.0. I believe that the present netmask is correct in these circumstances. um, those are both the same? I assume you meant one of them to be different? You are correct. I mistyped. I have host A with eth0[aaa.bbb.ccc.A] and eth1[192.168.216.A] I have host B with eth0[aaa.bbb.ccc.B] and eth1[192.168.209.B] and I have host C as the gateway with eth0 being the WAN and eth1 being the LAN. Eth1 on C has the address [aaa.bbb.ccc.1] assigned to it and has the alias [192.168.0.1] as well. I want traffic from 192.168.216.A addressed to 192.168.209.B to go to eth1 on B. Instead it goes to Eth0 on C where it dies as one would expect. I am not terribly familiar with routing so I expect that I am doing something wrong that is obvious yet invisible to me. This is an experimental set up so that I can explore these issues before inflicting them on my unsuspecting users. could you show the result of the route command on host C? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On Tue, Sep 4, 2012 at 3:25 PM, James B. Byrne byrn...@harte-lyne.ca wrote: On 09/04/12 12:18 PM, James B. Byrne wrote: There are presently two subnets on the lan, 192.168.209.0 and 192.168.209.0. I believe that the present netmask is correct in these circumstances. um, those are both the same? I assume you meant one of them to be different? You are correct. I mistyped. I have host A with eth0[aaa.bbb.ccc.A] and eth1[192.168.216.A] I have host B with eth0[aaa.bbb.ccc.B] and eth1[192.168.209.B] and I have host C as the gateway with eth0 being the WAN and eth1 being the LAN. Eth1 on C has the address [aaa.bbb.ccc.1] assigned to it and has the alias [192.168.0.1] as well. I want traffic from 192.168.216.A addressed to 192.168.209.B to go to eth1 on B. That should happen directly without C's involvement if the netmask is 255.255.0.0 on A and B's eth1 interfaces. Instead it goes to Eth0 on C where it dies as one would expect. Why does C have both internet and LAN addresses on the same interfaces? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On 09/04/12 1:25 PM, James B. Byrne wrote: I have host A with eth0[aaa.bbb.ccc.A] and eth1[192.168.216.A] I have host B with eth0[aaa.bbb.ccc.B] and eth1[192.168.209.B] what are the subnet masks defined on 192.168.216.A and 192.168.209.B ? and I have host C as the gateway with eth0 being the WAN and eth1 being the LAN. Eth1 on C has the address [aaa.bbb.ccc.1] assigned to it and has the alias [192.168.0.1] as well. assuming the answer to my above question is 255.255.255.0, then noone has a route to this 192.168.0.1 as its in an entirely different subnet. you can't overlap subnets with different size masks without creating some serious messes. I want traffic from 192.168.216.A addressed to 192.168.209.B to go to eth1 on B. Instead it goes to Eth0 on C where it dies as one would expect. there's no route defined to do that, since 192.168.209.B is not in any network that A has knowlege of. A would need an IP in the B subnet, and B would need an IP in the A subnet for this to work. why do you have two seperate LAN subnets? are you running two seperate LANs ? there have to be some really good reasons before I create anything this messy. for instance... host A with eth0[aaa.bbb.ccc.A] and eth1[192.168.216.A] and eth1[192.168.209.A] host B with eth0[aaa.bbb.ccc.B] and eth1[192.168.209.B] and eth1[192.168.216.B] now A can reach B via its eth1 as it now has a route to 192.168.216/24 -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
per: Nicolas Thierry-Mieg Nicolas.Thierry-Mieg at imag.fr Tue Sep 4 16:42:57 EDT 2012 could you show the result of the route command on host C? [root@gway01 ~]# ip route 216.185.64.52/30 dev eth0 proto kernel scope link src 216.185.64.54 10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.1 172.16.0.0/24 dev eth1 proto kernel scope link src 172.16.0.1 169.254.0.0/24 dev eth1 proto kernel scope link src 169.254.0.1 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1 192.0.0.0/24 dev eth1 proto kernel scope link src 192.0.0.1 216.185.71.0/24 dev eth1 proto kernel scope link src 216.185.71.1 169.254.0.0/16 dev eth0 scope link metric 1002 169.254.0.0/16 dev eth1 scope link metric 1003 default via 216.185.64.53 dev eth0 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1 is wrong I think, but I cannot figure out what in the configuration file is causing it. # cat /etc/sysconfig/networking/devices/ifcfg-eth1:192 BOOTPROTO=none NAME= MACADDR= IPV6INIT=no DEVICE=eth1:192 MTU= NETMASK=255.255.0.0 ONPARENT=yes BROADCAST=192.168.255.255 IPADDR=192.168.0.1 NETWORK=192.168.0.0 ONBOOT=yes -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On Tue, September 4, 2012 16:51, Les Mikesell wrote: That should happen directly without C's involvement if the netmask is 255.255.0.0 on A and B's eth1 interfaces. It is not. The netmask on those interfaces is 255.255.255.0. Instead it goes to Eth0 on C where it dies as one would expect. Why does C have both internet and LAN addresses on the same interfaces? I am experimenting to see if this arrangement is workable. I want to know if it is possible to have two separate 192.168.x subnets on the same network. Why? I do not have a purpose in mind. I am just checking out whether it can work or not. If it is impossible then then I will discover why that is so, which I think will be useful in itself. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On 09/04/12 2:00 PM, James B. Byrne wrote: I am experimenting to see if this arrangement is workable. I want to know if it is possible to have two separate 192.168.x subnets on the same network. Why? I do not have a purpose in mind. I am just checking out whether it can work or not. If it is impossible then then I will discover why that is so, which I think will be useful in itself. its possible, but its excessively complicated, and there had better be a darn good reason why to justify the complexity.. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On Wed, Sep 5, 2012 at 9:00 AM, James B. Byrne byrn...@harte-lyne.ca wrote: On Tue, September 4, 2012 16:51, Les Mikesell wrote: That should happen directly without C's involvement if the netmask is 255.255.0.0 on A and B's eth1 interfaces. It is not. The netmask on those interfaces is 255.255.255.0. Instead it goes to Eth0 on C where it dies as one would expect. Why does C have both internet and LAN addresses on the same interfaces? I am experimenting to see if this arrangement is workable. I want to know if it is possible to have two separate 192.168.x subnets on the same network. Why? I do not have a purpose in mind. I am just checking out whether it can work or not. If it is impossible then then I will discover why that is so, which I think will be useful in itself. IMO you need to configure the two subnets separately and set the netmask to 255.255.255.0. Then route traffic between the LANs via either the firewall or another routing device on the shared network. I've done similar in the past to migrate from one IP range to another. Having both networks connect to the firewall router is risky in case of a misconfiguration. Cheers, Cliff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
On Tue, Sep 4, 2012 at 4:00 PM, James B. Byrne byrn...@harte-lyne.ca wrote: That should happen directly without C's involvement if the netmask is 255.255.0.0 on A and B's eth1 interfaces. It is not. The netmask on those interfaces is 255.255.255.0. Netmasks apply to (and describe) connected subnets, not individual interfaces. Linux will sort-of sometimes work with mismatched subnet masks but some things won't see arp broadcasts with the wrong broadcast address (which again is for the whole subnet). Instead it goes to Eth0 on C where it dies as one would expect. Why does C have both internet and LAN addresses on the same interfaces? I am experimenting to see if this arrangement is workable. I want to know if it is possible to have two separate 192.168.x subnets on the same network. Some things might work sometimes. You can overlay separate subnets on the same wire, each with a correct subnet mask, and a designated router between them, but random things will happen with mixed netmasks. Why? I do not have a purpose in mind. I am just checking out whether it can work or not. You would probably be better off using VLANs than overlays in any case. If it is impossible then then I will discover why that is so, which I think will be useful in itself. The broadcast address for a subnet is tied to the bits in the subnet mask, and ethernets need arp broadcasts to work. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Simple routing question
Am 04.09.2012 um 20:34 schrieb James B. Byrne: We use a dual homed CentOS-6.3 host for our Internet gateway router. Its internal nic (eth1) is configured such that the address 192.168.0.1 is one of its aliases. # cat /etc/sysconfig/network-scripts/ifcfg-eth1:192BOOTPROTO=none BROADCAST=192.168.255.255 DEVICE=eth1:192 IPADDR=192.168.0.1 IPV6INIT=no MTU= NAME=LAN - Non-routable NETMASK=255.255.0.0 NETWORK=192.168.0.0 ONBOOT=yes ONPARENT=yes Internal packets routed to 192.168.209.41 are passing through this router out onto the network. I am afraid that the reason is not evident to me and I have been unable to locate an answer. The primary address for eth1 has the following configuration: # cat /etc/sysconfig/network-scripts/ifcfg-eth1 BOOTPROTO=none BROADCAST= DEFROUTE=yes DEVICE=eth1 ^ DOMAIN=hamilton.harte-lyne.ca harte-lyne.ca GATEWAY=216.xxx.yyy.53 HWADDR=00:25:90:60:11:8D IPADDR=216.xxx.xxx.1 IPV4_FAILURE_FATAL=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6INIT=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes MACADDR= MTU= NAME=LAN Link - eth1 NETMASK= NETWORK= NM_CONTROLLED=no ONBOOT=yes PREFIX=24 TYPE=Ethernet UUID=9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 What configuration setting am I missing that will cause packets to 192.168.ccc.ddd to stay on the LAN and not try and pass though the WAN interface? Is it correct to set the internal net as alias on the public interface (216.xxx.xxx.1) - both via eth1? This is for sure not your intention. Maybe a typo ... -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos