4

Im trying to setup a test network with VMs to practice how static routing works, so what I thought to do is to setup two internal networks and one box with two interfaces to work as a router, here's the setup with the IPs:

enter image description here

I configured the static IPs in each box and also I added the default gateway to be adapter1 for vm-client-1 and adapter2 for vm-client-2.

Now, I'm in the last step to create the ip route, I executed in vm-client-1:

sudo ip route add 192.168.102.0/24 via 192.168.101.1 dev enp0s3

and I get this error as the output:

RTNETLINK answers: Network is unreachable.

Note: I cleared all the iptables rules with iptables -F so that the firewall is not the problem. Also, vm-client can ping 192.168.102.1 (the gateway of vm-client-2) so, I don't know why it says that Network is unreachable, help is appreciated.

VaTo
  • 3,071
  • 3
  • 18
  • 47
  • There is no need to add this manual route, since route `default` route is `192.168.101.1`, and this also means that `192.168.102.0/24` will be managed by this gateway... and if `ip_forward` is enabled at `vm-router` you should be able to access `vm-client-2` –  Jun 14 '17 at 17:55
  • I thought this was a good scenario to practice ip route add, could you suggest what can I do to make it a better scenario? Also, I don't get any response when I do `ping 192.168.102.3` from vm-client-1. Do you know why is that? – VaTo Jun 14 '17 at 18:02
  • Could be `ip_forward` kernel variable at `vm-router`, `OUTPUT` chain at `vm-client-1` firewall, `INPUT` chain at `vm-client-2`, or even `vm-client-2` with an empty gateway... I know a scenario where you could learn routing: add a second interface on `vm-client-1` and `vm-router` as `intnet3` network on your hypervisor, set `192.168.103.3` and `192.168.103.1` ip addresses on those vms, and leave this network without a gateway at `vm-client-1`. Now, add the route: `sudo ip route add 192.168.102.0/24 via 192.168.103.1`.. this will create a specific route to that network ;) –  Jun 14 '17 at 18:09
  • 1
    One possible reason for the *Network is unreachable* error is that the *via*-address is not configured on the *dev*-link, so check with `ip addr` if the link is correctly configured. BTW, you don't need full VMs, network namespaces and `veth` pairs are enough to experiment. – dirkt Jun 14 '17 at 21:03
  • @nwildner by my router already has two interfaces. you mean having 3 networks with 2 routers and 2 servers correct? – VaTo Jun 14 '17 at 22:22
  • No. I was building a solution that will not need to create ANOTHER router. Just create this additional network, assign ip addresses and new interfaces to `vm-router` and `vm-client-1`, and create a specific route that WILL NOT USE your default gateway route(`192.168.101.1`) with the command `ip route add 192.168.102.0/24 via 192.168.103.1`... This way you will enforce any traffic to `vm-client-2` from `vm-client-1` go through network3 –  Jun 20 '17 at 19:03
  • got the correct dev? You dont need to specify the dev explicitly in the route statement, the kernel will match it to wherever the via ip is, so it can be removed. Can you ping .101.1 from 101.3 ok? – math Sep 14 '17 at 14:17

0 Answers0