Re: [Vserver] routing: 2 different virtual subnets on the same machine

From: Chuck <chuck_at_sbbsnet.net>
Date: Fri 06 Apr 2007 - 22:10:02 BST
Message-Id: <200704061710.02513.chuck@sbbsnet.net>

ok..

1. install iproute2on the host. this is the only place it is needed.
2. on my system the tables are kept in /etc/iproute2
    you only have to edit rt_tables
   at the bottom of the list that is included by default add 2 tables.
   you can call them whatever you want. each table you enter must
   have a unique number.
  
  192 192net1
  193 192net2

  would work fine.

 
I don't know how deb handles network configurations but in gentoo we use a
single 'net' file and we tell it what module to use (ifconfig,iproute2,etc).

if you need to, tell your system to use iproute2

since we have a very neat way of configuring the networks in gentoo, i am not
positive about the syntax for the ip program itself but it would be something
similar to :

ip addr add <ip> netmask <netmask> broadcast <broadcast> dev ethx
ip route add <netblock> src <ip> table 192net1 dev eth0
ip route add <netblock> src <ip> table 192net2 dev eth1
ip route add default via <gw ip> table 192net1 dev eth0
 ip route add default via <gw ip> table 192net2 dev eth1
ip rule add from 192.168.1.0/24 table 192net1 dev eth0
ip rule add from 192.168.2.0/24 table 192net2 dev eth1

i assigned arbitrary values to the ip addresses below:
our syntax in gentoo would be:
config_eth0=( "192.168.1.34 broadcast 192.168.1.255 netmask 255.255.255.0")
config_eth1=( "192.168.2.60 broadcast 192.168.2.255 netmask 255.255.255.0")
  
then the routing table instructions which simply say plug this netblock and
source ip using this ethx into this table

routes_eth0=( "192.168.1.0/24 src 192.168.1.34 table 192net1")
routes_eth1=( "192.168.2.0/24 src 192.168.2.60 table 192net2")

then the gateways for the tables
routes_eth0=( "default via 192.168.1.1 table 192net1" )
routes_eth1=( "default via 192.168.2.1 table 192net2" )

then we add the machine default gateway - note no table reference.. this
handles routing for everything else that doesnt get handled by tables above.

routes_eth0=( "default via 192.168.1.1" )

now we add rules which basically say anything from netblock 'x' use the proper
table

rules_eth0=( "from 192.168.1.0/24 table 192net1")
rules_eth1=( "from 192.168.2.0/24 table 192net2")

hope this isn't too confusing since i am not positive of the actual ip program
syntax ... the gentoo instructions are accurate and so would probably tell
you a bit about everything you need to plug into whatever.. gentoo has
subroutines that read the devices and line after them and plug the proper
values into the ip program syntax.

debian probably has some type of similar network configuration to make it a
reasonable config.

please note that when using iproute2, using ifconfig to display assigned ip
addresses is somewhat innacurate at best. route -n is also somewhat
misleading. the proper way would be

ip addr show
ip route show
ip rule show

hope this helps some. it will definitely cure your problem with multiple
networks on multiple nics. i have had as many as 5 different networks plugged
into 5 nics without an oops at all. it just works.

Chuck

On Friday 06 April 2007 15:21, Konstantinos Pachopoulos wrote:
> //
>
> Hi Chuck,
> i am using Debian Etch. Everything could bu useful at this point :)
>
>
> > From: Chuck <chuck_at_sbbsnet.net
> <mailto:chuck_at_sbbsnet.net?Subject=Re:%20%5BVserver%5D%20routing:
%202%20different%20virtual%20subnets%20on%20the%20same%20machine>>
>
> > Date: Fri 06 Apr 2007 - 12:48:51 BST
> > Message-Id: <200704060748.52181.chuck@sbbsnet.net>
>
> > On Friday 06 April 2007 06:28, Konstantinos Pachopoulos wrote:
>
> > i ran into the same situation with 4 nics and solved it with iproute2
> on the
> > host. using simple tables and rules i was able to have the machine
> default
> > gateway for eth0 yet route all various subnets through their proper
> nics with
> > their own gateways. what distro are you using for the host? i can only
> give
> > exact specifics for gentoo but i can give you the basic config
> structures you
> > can adapt to other distros. iproute2 was the only way i could get this
> > working properly.
>
> > if interested let me know and i will post a basic structure for your
> setup.
>
> > /> Hi, /
> > /> i have not much knowlege on routing and following other advice or
> trying /
> > /> to follow solutions to similar cases /
> > /> (http://www.freenux.org/~mm/wordpress/?p=10
> <http://www.freenux.org/%7Emm/wordpress/?p=10> for example) didn't work
> for /
> > /> me. So here is the case: /
> > /> -on my virtual box there are guests running in 2 different subnets: /
> > /> 192.168.1.0/24 and 192.168.2.0/24 /
> > /> -192.168.2.0/24 is supposed to be a DMZ. /
> > /> -the virtual box has 2 interfaces: eth0 for routing 192.168.1.0/24
> and /
> > /> eth3 for routing 192.168.2.0/24 /
> > /> /
> > /> /
> > />
> ----------------------------------------------------------------------------------------------
> /
> > /> | vhost3-----vhost4 vhost1-----vhost2 /
> > /> | /
> > /> |__________________________________________________________| /
> > /> | | /
> > /> | 192.168.2.0/24 via eth3 | /
> > /> 192.168.1.0/24 via eth0 /
> > /> | | /
> > /> | | /
> > /> |_________ _______________________| /
> > /> | | /
> > /> router ----> wireless wan / Internet /
> > /> /
> > /> /
> > /> I just want the 192.168.2.0/24 to be routed via eth3 and
> 192.168.1.0/24 /
> > /> via eth0. The router/firewall will take over afterwards. /
> /> Suggestions? /
> > /> _______________________________________________ /
> > /> Vserver mailing list /
> > /> Vserver@list.linux-vserver.org /
> > /> http://list.linux-vserver.org/mailman/listinfo/vserver /
> > /> /
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>

-- 
Chuck
"...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose 
for an OS as *we* do?!!', and I answered...'I use Linux'. "
The Book of John, chapter 1, page 1, and end of book
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Fri Apr 6 23:16:38 2007
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 06 Apr 2007 - 23:16:41 BST by hypermail 2.1.8