duel subnet configuration

kennedto · December 20, 2013, 5:44pm

I have a network that has two subnets. The network consists of three systems A, B and C as shown below.
Firewall is disabled on on all three systems.

I can SSH from A to B then from B to C, but I am not able to ping or SSH systems across the subnets ( from A to C).
I tried setting the netmask on 10.0.19.3 to /16, but then i lose connectivity to the 10.0.19.3 network.

Can some one tell me how I can get cross subnet access from systems in 10.0.19 to 10.0.10 subnets.

A Nic 10.0.19.34/16
|
subnet 10.0.19
|
Nic 10.0.19.3/24
B
Nic 10.0.10.3/16
|
subnet 10.0.10
|
C Nic 10.0.10.21/16

A and B are running osuse 11.4
C is running osuse 12.2
the fire will is disabled on all three systems
IP forwarding is enabled on C.

here is the network info.

A

rg01:~ # ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:21:86:F2:D8:AB
inet addr:10.0.19.34 Bcast:10.0.255.255 Mask:255.255.0.0
inet6 addr: fe80::221:86ff:fef2:d8ab/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:530138 errors:0 dropped:0 overruns:0 frame:0
TX packets:476211 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:396368011 (378.0 Mb) TX bytes:55816303 (53.2 Mb)
Interrupt:16 Memory:fc500000-fc520000

B
-----------------------------------psdospm1:~ # ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0C:29:5F:95:2D
inet addr:10.0.10.3 Bcast:10.0.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:418959 errors:0 dropped:0 overruns:0 frame:0
TX packets:332696 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:147008679 (140.1 Mb) TX bytes:51260318 (48.8 Mb)

psdospm1:~ # ifconfig eth3
eth3 Link encap:Ethernet HWaddr 00:0C:29:5F:95:41
inet addr:10.0.19.3 Bcast:10.0.19.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:282213 errors:0 dropped:0 overruns:0 frame:0
TX packets:201773 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:35490233 (33.8 Mb) TX bytes:21609063 (20.6 Mb)

psdospm1:~ #

C

pod-a1:~ # ifconfig eth0
eth0 Link encap:Ethernet HWaddr 5C:F3:FC:E5:5A:E4
inet addr:10.0.10.21 Bcast:10.0.255.255 Mask:255.255.0.0
inet6 addr: fe80::5ef3:fcff:fee5:5ae4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:591 errors:0 dropped:11 overruns:0 frame:0
TX packets:197 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:60313 (58.8 Kb) TX bytes:38786 (37.8 Kb)
Interrupt:28 Memory:96000000-96012800

pod-a1:~ #

hcvv · December 20, 2013, 6:31pm

I am no expert, but when I look at your “picture”, IMHO it is B that connects to both networks. Thus B must be able to foreward things, not C.

And I guess the routing is important. How can A know that the route to C is through B?
Thus you should check

/sbin/route -n

on the systems.

(And please use CODE tags around computer texts when you post them. Go to the advanced editor and use the # button in the tool bar.)

kennedto · December 20, 2013, 10:12pm

Here is output of route command

psdospm1:~ # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.10.2       0.0.0.0         UG    0      0        0 eth1
9.49.217.0      10.0.10.2       255.255.255.255 UGH   0      0        0 eth1
9.57.182.0      10.0.0.3        255.255.255.255 UGH   0      0        0 eth0
9.76.41.0       10.0.10.2       255.255.255.255 UGH   0      0        0 eth1
9.80.2.0        10.0.10.2       255.255.255.255 UGH   0      0        0 eth1
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth1
10.0.18.0       0.0.0.0         255.255.255.0   U     0      0        0 eth2
10.0.19.0       0.0.0.0         255.255.255.0   U     0      0        0 eth3
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0

Note: for simplicity I did not mention NICS eth0 or eth2
.
I totally agree that issue is most likely on B. My understanding is that has NICS on several subnets and IP forwarding is enabled, then all subnets should be able to communicate with each other directly (e.g. ping C from A should work).

I can ping 10.0.10.3 from A and it works fine. If I try to ping 10.0.10.21 from A tshark shows this on B:

psdospm1:~ # tshark -n -i eth3
Running as user “root” and group “root”. This could be dangerous.
Capturing on eth3
0.000000 00:21:86:f2:d8:ab → ff:ff:ff:ff:ff:ff ARP 60 Who has 10.0.10.21? Tell 10.0.19.34
1.002038 00:21:86:f2:d8:ab → ff:ff:ff:ff:ff:ff ARP 60 Who has 10.0.10.21? Tell 10.0.19.34
…

but there is no reply

hcvv · December 20, 2013, 10:57pm

Am I right when I say that you did not understand my post completely?

First question was: I think you should have forwarding in B, you only mention C (for no appaerent reason_. You did NOT clarify that, thus I am still wondering.

Second I asked for routing information. Of course from A, B and C. Not from psdospm1.
And when you post something you should not leave things out “for simplicity”. It is you that has something you do not understand. You ask for help. Then please do not decide for yourself what is important and what not. Other people must be able to look to the complete and unabridged information, not hampered by any conclusions you jumped to. Others must be able to do a fresh assessment.

Sorry for my remarks, but when we can not trust what you tell us, helping becomes impossible.

kennedto · December 20, 2013, 11:03pm

Oh My mistake. IP forwarding is enabled in B, not C. Sorry.

kennedto · December 20, 2013, 11:10pm

also: rg01 is A, psdospm1 is B and pod-a1 is C.

tsu2 · December 21, 2013, 12:42am

A Quick Description of Routing for the Lay Person

For any computer, it will know only about the network/subnet(s) in direct contact with the machine. This is true whether you’re talking about a machine with only one NIC or a machine with several NICs. Any address that doesn’t belong to one of the networks directly attached to a machine is “remote” and may pose a problem which needs to be addressed.

When a machine attempts to connect/find another machine which is not in a network directly attached to the machine, then the machine needs to know where to send packets likely to eventually arrive at the destination. That is why for most network configurations there is a Default Gateway which a “catch-all” path to everywhere not on the local network.

This “Default Gateway” works well for a linear hierarchy, but there may also be “side by side” networks which aren’t reachable through a Default Gateway.

Your scenario is an example where no Default Gateway may be defined for each client machine. Each client machine as always knows about its local subnet but doesn’t have any idea where a machine on the other subnet exists.

So, that’s where a custom rule for the routing table can be created, the rule will essentially say "For any machine addresses (or specific machine) which are part of this unknown subnet, you get to it through this known machine (of course known machines have addresses the local machine knows).

It’s about as simple as that… configuring the routing table of the client so it “knows” that to get to the remote subnet the packets should be sent to a router address you specify.

And remember that TCP/IP is a 2-way communication. This means that you will have to configure a custom route not just on one machine but on both machines that are communicating across the non-default gateway router.

Strictly speaking, I don’t think that “forwarding” should be used… It has its own meaning in other TCP/IP configurations. Best to get your nomenclature correct now and not run into confusion later.

HTH,
TSU