Results 1 to 7 of 7

Thread: duel subnet configuration

  1. #1

    Default duel subnet configuration

    I have a network that has two subnets. The network consists of three systems A, B and C as shown below.
    Firewall is disabled on on all three systems.

    I can SSH from A to B then from B to C, but I am not able to ping or SSH systems across the subnets ( from A to C).
    I tried setting the netmask on 10.0.19.3 to /16, but then i lose connectivity to the 10.0.19.3 network.

    Can some one tell me how I can get cross subnet access from systems in 10.0.19 to 10.0.10 subnets.



    A Nic 10.0.19.34/16
    |
    subnet 10.0.19
    |
    Nic 10.0.19.3/24
    B
    Nic 10.0.10.3/16
    |
    subnet 10.0.10
    |
    C Nic 10.0.10.21/16

    A and B are running osuse 11.4
    C is running osuse 12.2
    the fire will is disabled on all three systems
    IP forwarding is enabled on C.

    here is the network info.

    A
    ----------------------------------
    rg01:~ # ifconfig eth0
    eth0 Link encap:Ethernet HWaddr 00:21:86:F28:AB
    inet addr:10.0.19.34 Bcast:10.0.255.255 Mask:255.255.0.0
    inet6 addr: fe80::221:86ff:fef2:d8ab/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:530138 errors:0 dropped:0 overruns:0 frame:0
    TX packets:476211 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:396368011 (378.0 Mb) TX bytes:55816303 (53.2 Mb)
    Interrupt:16 Memory:fc500000-fc520000

    B
    -----------------------------------psdospm1:~ # ifconfig eth1
    eth1 Link encap:Ethernet HWaddr 00:0C:29:5F:95:2D
    inet addr:10.0.10.3 Bcast:10.0.255.255 Mask:255.255.0.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:418959 errors:0 dropped:0 overruns:0 frame:0
    TX packets:332696 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:147008679 (140.1 Mb) TX bytes:51260318 (48.8 Mb)

    psdospm1:~ # ifconfig eth3
    eth3 Link encap:Ethernet HWaddr 00:0C:29:5F:95:41
    inet addr:10.0.19.3 Bcast:10.0.19.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:282213 errors:0 dropped:0 overruns:0 frame:0
    TX packets:201773 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:35490233 (33.8 Mb) TX bytes:21609063 (20.6 Mb)

    psdospm1:~ #


    C
    ------------------------------------------------------------------
    pod-a1:~ # ifconfig eth0
    eth0 Link encap:Ethernet HWaddr 5C:F3:FC:E5:5A:E4
    inet addr:10.0.10.21 Bcast:10.0.255.255 Mask:255.255.0.0
    inet6 addr: fe80::5ef3:fcff:fee5:5ae4/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:591 errors:0 dropped:11 overruns:0 frame:0
    TX packets:197 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:60313 (58.8 Kb) TX bytes:38786 (37.8 Kb)
    Interrupt:28 Memory:96000000-96012800

    pod-a1:~ #

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    29,761

    Default Re: duel subnet configuration

    I am no expert, but when I look at your "picture", IMHO it is B that connects to both networks. Thus B must be able to foreward things, not C.

    And I guess the routing is important. How can A know that the route to C is through B?
    Thus you should check
    Code:
    /sbin/route -n
    on the systems.

    (And please use CODE tags around computer texts when you post them. Go to the advanced editor and use the # button in the tool bar.)
    Henk van Velden

  3. #3

    Default Re: duel subnet configuration

    Here is output of route command

    Code:
    psdospm1:~ # route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         10.0.10.2       0.0.0.0         UG    0      0        0 eth1
    9.49.217.0      10.0.10.2       255.255.255.255 UGH   0      0        0 eth1
    9.57.182.0      10.0.0.3        255.255.255.255 UGH   0      0        0 eth0
    9.76.41.0       10.0.10.2       255.255.255.255 UGH   0      0        0 eth1
    9.80.2.0        10.0.10.2       255.255.255.255 UGH   0      0        0 eth1
    10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
    10.0.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth1
    10.0.18.0       0.0.0.0         255.255.255.0   U     0      0        0 eth2
    10.0.19.0       0.0.0.0         255.255.255.0   U     0      0        0 eth3
    127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
    169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
    Note: for simplicity I did not mention NICS eth0 or eth2
    .
    I totally agree that issue is most likely on B. My understanding is that has NICS on several subnets and IP forwarding is enabled, then all subnets should be able to communicate with each other directly (e.g. ping C from A should work).

    I can ping 10.0.10.3 from A and it works fine. If I try to ping 10.0.10.21 from A tshark shows this on B:


    psdospm1:~ # tshark -n -i eth3
    Running as user "root" and group "root". This could be dangerous.
    Capturing on eth3
    0.000000 00:21:86:f2:d8:ab -> ff:ff:ff:ff:ff:ff ARP 60 Who has 10.0.10.21? Tell 10.0.19.34
    1.002038 00:21:86:f2:d8:ab -> ff:ff:ff:ff:ff:ff ARP 60 Who has 10.0.10.21? Tell 10.0.19.34
    ...

    but there is no reply

  4. #4
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    29,761

    Default Re: duel subnet configuration

    Am I right when I say that you did not understand my post completely?

    First question was: I think you should have forwarding in B, you only mention C (for no appaerent reason_. You did NOT clarify that, thus I am still wondering.

    Second I asked for routing information. Of course from A, B and C. Not from psdospm1.
    And when you post something you should not leave things out "for simplicity". It is you that has something you do not understand. You ask for help. Then please do not decide for yourself what is important and what not. Other people must be able to look to the complete and unabridged information, not hampered by any conclusions you jumped to. Others must be able to do a fresh assessment.

    Sorry for my remarks, but when we can not trust what you tell us, helping becomes impossible.
    Henk van Velden

  5. #5

    Default Re: duel subnet configuration

    Oh My mistake. IP forwarding is enabled in B, not C. Sorry.

  6. #6

    Default Re: duel subnet configuration

    also: rg01 is A, psdospm1 is B and pod-a1 is C.

  7. #7
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: duel subnet configuration

    A Quick Description of Routing for the Lay Person

    For any computer, it will know only about the network/subnet(s) in direct contact with the machine. This is true whether you're talking about a machine with only one NIC or a machine with several NICs. Any address that doesn't belong to one of the networks directly attached to a machine is "remote" and may pose a problem which needs to be addressed.

    When a machine attempts to connect/find another machine which is not in a network directly attached to the machine, then the machine needs to know where to send packets likely to eventually arrive at the destination. That is why for most network configurations there is a Default Gateway which a "catch-all" path to everywhere not on the local network.

    This "Default Gateway" works well for a linear hierarchy, but there may also be "side by side" networks which aren't reachable through a Default Gateway.

    Your scenario is an example where no Default Gateway may be defined for each client machine. Each client machine as always knows about its local subnet but doesn't have any idea where a machine on the other subnet exists.

    So, that's where a custom rule for the routing table can be created, the rule will essentially say "For any machine addresses (or specific machine) which are part of this unknown subnet, you get to it through this known machine (of course known machines have addresses the local machine knows).

    It's about as simple as that... configuring the routing table of the client so it "knows" that to get to the remote subnet the packets should be sent to a router address you specify.

    And remember that TCP/IP is a 2-way communication. This means that you will have to configure a custom route not just on one machine but on both machines that are communicating across the non-default gateway router.

    Strictly speaking, I don't think that "forwarding" should be used... It has its own meaning in other TCP/IP configurations. Best to get your nomenclature correct now and not run into confusion later.

    HTH,
    TSU

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •