Results 1 to 8 of 8

Thread: Routing between individual ips internal networks

  1. #1
    Join Date
    Feb 2020
    Beans
    3

    Routing between individual ips internal networks

    Hello,

    I have a slightly stupid question about iptables.

    At my "router" I have 2 internal networks in different IP networks.

    eth0: inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255
    eth1: inet 10.1.0.1 netmask 255.255.255.0 broadcast 10.1.0.255

    Default gateway is 10.0.0.1

    Most devices are attached to eth0 with ips within 10.0.0.x.

    Now there are a few devices within eth1 (e.g. 10.1.0.10) which i would like to reach from certain eth0 devices.


    e.g.
    10.0.0.100 and 10.0.0.101 should be able to access 10.1.0.10 and vice versa.

    Additionally, 10.1.0.10 should also have "external access" via 10.0.0.1 (default gw).

    What is the correct way to implement this with iptables?

    Thanks

    Dieter

  2. #2
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: Routing between individual ips internal networks

    Do you need to control access to the networks as you describe? Or do you just want to route packets from any device on 10.0.0.0/24 to 10.1.0.0/24? If the latter, all you need to do is uncomment the line
    Code:
    net.ipv4.ip_forward=1
    in the file /etc/sysctl.conf and reboot. If you are using iptables, make sure the FORWARD policy is ACCEPT.

    Devices on both networks need to have the router as their default gateways. The router itself should have an upstream router that is connected to the Internet as its default gateway if you want to let traffic leave the building.
    Last edited by SeijiSensei; February 8th, 2020 at 09:10 PM.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  3. #3
    Join Date
    Feb 2020
    Beans
    3

    Re: Routing between individual ips internal networks

    Thanks for the answer.

    I have already tried it like this with FORWARD:
    Code:
    iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT
    iptables -A FORWARD -s 10.1.0.0/24 -j ACCEPT
    But if I want to access 10.0.0.5 from a device with the IP address 10.1.0.100, unfortunately nothing works:
    Code:
    # traceroute 10.0.0.5
    traceroute to 10.0.0.5 (10.0.0.5), 30 hops max, 38 byte packets
     1 10.1.0.1 (10.1.0.1) 5,969 ms 3,094 ms 2,625 ms
     2 * * *
    From the router (10.0.0.1/10.1.0.1) I reach of course everything.

    Thanks

  4. #4
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    7,698

    Re: Routing between individual ips internal networks

    Does 10.1.0.100 know the correct route to reach 10.0.0.5? It needs to know to send via 10.1.0.1.
    Look at the routing table or ask explicitly what the route is, by running one of these two commands on 10.1.0.100:
    Code:
    ip route list
    ip route get 10.0.0.5
    Similarly, does 10.0.0.5 know how to send replies to 10.1.0.100?

    Oh, and do 10.0.0.5's firewall rules allow incoming from 10.1.0.100?

  5. #5
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: Routing between individual ips internal networks

    Quote Originally Posted by dieterkkk View Post
    But if I want to access 10.0.0.5 from a device with the IP address 10.1.0.100, unfortunately nothing works:
    As The Cog says, it's likely that 10.0.0.5 doesn't have a route to the 10.1.0.0/24 network. Is 10.0.0.1 the default gateway for 10.0.0.5? If not, you'll need an explicit route on 10.0.0.5 that directs traffic to 10.1.0.0/24 via 10.0.0.1.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  6. #6
    Join Date
    Feb 2020
    Beans
    3

    Re: Routing between individual ips internal networks

    Code:
    (on 10.1.0.100)
    # ip route list
    default via 10.1.0.1 dev eth0 
    10.1.0.0/24 dev eth0  src 10.1.0.100
    # 
    # ip route get 10.0.0.5
    10.0.0.5 via 10.1.0.1 dev eth0  src 10.1.0.100


    Is the router (10.0.0.1/10.1.0.1 with both interfaces) not able to take care of this?


    10.1.0.100 <==> 10.1.0.1/10.0.0.1 <==> 10.0.0.5


  7. #7
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    7,698

    Re: Routing between individual ips internal networks

    That looks OK for the outgiong direction.
    What about getting replies back (the reverse direction)?
    And what about firewall rules in 10.0.0.5?

  8. #8
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: Routing between individual ips internal networks

    What's the default route on 10.0.0.5?

    Your reply above looks at the situation from the point of view of the router. You also need to think about it from the point of view of 10.0.0.5.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •