12

Let's say I want to create an internal network with 4 subnets. There is no central router or switch. I have a "management subnet" available to link the gateways on all four subnets (192.168.0.0/24). The general diagram would look like this:

10.0.1.0/24 <-> 10.0.2.0/24 <-> 10.0.3.0/24 <-> 10.0.4.0/24

In words, I configure a single linux box on each subnet with 2 interfaces, a 10.0.x.1 and 192.168.0.x. These function as the gateway devices for each subnet. There will be multiple hosts for each 10.x/24 subnet. Other hosts will only have 1 interface available as a 10.0.x.x.

I want each host to be able to ping each other host on any other subnet. My question is first: is this possible. And second, if so, I need some help configuring iptables and/or routes. I've been experimenting with this, but can only come up with a solution that allow for pings in one direction (icmp packets are only an example, I'd ultimately like full network capabilities between hosts e.g. ssh, telnet, ftp, etc).

greyline
  • 123
  • 1
  • 1
  • 5

2 Answers2

9

Ok, so you have five networks 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24, 10.0.4.0/24 and 192.168.0.0/24, and four boxes routing between them. Let's say the routing boxes have addresses 10.0.1.1/192.168.0.1, 10.0.2.1/192.168.0.2, 10.0.3.1/192.168.0.3, and 10.0.4.1/192.168.0.4.

You will need to add static routes to the other 10.0.x.0/24 networks on each router box, with commands something like this (EDITED!):

# on the 10.0.1.1 box
ip route add 10.0.2.0/24 via 192.168.0.2
ip route add 10.0.3.0/24 via 192.168.0.3
ip route add 10.0.4.0/24 via 192.168.0.4

and the corresponding routes on the other router boxes. On the non-routing boxes with only one interface, set the default route to point to 10.0.x.1. Of course you will also have to add the static addresses and netmasks on all the interfaces.

Also note that linux does not function as a router by default, you will need to enable packet forwarding with:

echo 1 > /proc/sys/net/ipv4/ip_forward

The ip commands above do not make the settings persistent, how to do that is dependent on the distribution.

As I said, I haven't tested this and may have forgotten something.

Guy
  • 894
  • 1
  • 6
  • 20
Johan Myréen
  • 12,862
  • 1
  • 32
  • 33
  • Thanks for the assistance here. What you advised works when I ping router to router (10.0.1.1 to 10.0.2.1), but not when I ping a different host. For example, pinging from 10.0.1.1 to 10.0.2.2 results in no traffic being routing to the 10.0.2.2 host. Would you suggest doing some iptables manipulation somehow? I've been experimenting with this for a couple days but to no avail. – greyline Sep 25 '16 at 17:45
  • Standard routing techniques should be sufficient. Here's a checklist: 1. all addresses should be set up on the hosts (e.g. ip addr add 10.0.2.2/24 dev eth0), 2. the routes should be set up on the four router boxes as above, 3. the default route on the non-router boxes should be set up to point to the routing box on the network (e.g. ip route add default via 10.0.1.1), 4. cat /proc/sys/net/ipv4/ip_forward on the four router boxes should print "1". – Johan Myréen Sep 25 '16 at 19:17
  • I corrected a mistake in the ip route commands above. I also actually tested this setup, although only with four machines: two routing boxes and two hosts on the 10.0.x.0 sides. It works! – Johan Myréen Sep 26 '16 at 18:39
  • Johan, thanks for your additional input. This setup does work. Turns out the Linux image I was using had default iptables rules that were being problematic. Thank you for helping me in my learning about this. – greyline Sep 27 '16 at 01:27
0

The previous accepted answer is neglecting the fact that if each of the four hosts has only two interfaces, then without a central router or switch it can only directly connect to two networks.

If it uses one of these two interfaces to connect to clients on its own subnet, then it only has one interface to connect to the other three hosts.

So you'd need a central router or switch to go between these four hosts, or you'd need more interfaces on each host.

ChalkTalk
  • 131
  • 3