2

I currently have a machine connected to a LAN and to the internet working fine. I now got a dedicated connection to a remote office and must create a route from my machine to specifically 1 machine on the new office, but it must go over the dedicated line (not over the internet). My machine has CentOS release 5.6.

Here is a diagram of my current setup (i cant post pics here yet)

Basically from "MyServer" using eth0 to the Internet it works. eth0 has the following config.

root@MyServer:/etc/sysconfig/network-scripts $ more ifcfg-eth0
# Intel Corporation 82578DC Gigabit Network Connection
DEVICE=eth0
BOOTPROTO=none
HWADDR=71:72:bd:ae:1f:49
ONBOOT=yes
DHCP_HOSTNAME=MyServer.local
IPADDR=192.168.3.11
NETMASK=255.255.255.0
GATEWAY=192.168.3.1
TYPE=Ethernet
root@MyServer:/etc/sysconfig/network-scripts $

and now I have to create an alias on eth0 and route it to "TARGET server". So what I have done is create a file named eth0:0 with the following:

root@MyServer:/etc/sysconfig/network-scripts $ more ifcfg-eth0:0
# Intel Corporation 82578DC Gigabit Network Connection
DEVICE=eth0:0
BOOTPROTO=none
HWADDR=71:72:bd:ae:1f:49
ONBOOT=yes
DHCP_HOSTNAME=MyServer.local
IPADDR=172.23.10.37
NETMASK=255.255.255.252
TYPE=Ethernet

root@MyServer:/etc/sysconfig/network-scripts $

With this alone, i can now ping 172.23.10.38

root@MyServer:/etc/sysconfig/network-scripts $ ping 172.23.10.38
PING 172.23.10.38 (172.23.10.38) 56(84) bytes of data.
64 bytes from 172.23.10.38: icmp_seq=1 ttl=255 time=6.30 ms
64 bytes from 172.23.10.38: icmp_seq=2 ttl=255 time=2.07 ms
64 bytes from 172.23.10.38: icmp_seq=3 ttl=255 time=3.13 ms

--- 172.23.10.38 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 2.071/3.839/6.309/1.801 ms
root@MyServer:/etc/sysconfig/network-scripts $

But my objective is to reach 192.168.1.96 and to reach there with a source IP address of 172.23.10.37

So i added the following route

root@MyServer:/etc/sysconfig/network-scripts $ route add -host 192.168.1.96 eth0:0
root@MyServer:/etc/sysconfig/network-scripts $ ip route list
192.168.1.96 dev eth0  scope link  src 172.23.10.37
172.23.10.36/30 dev eth0  proto kernel  scope link  src 172.23.10.37
192.168.3.0/24 dev eth0  proto kernel  scope link  src 192.168.3.11
169.254.0.0/16 dev eth0  scope link
default via 192.168.3.1 dev eth0
root@MyServer:/etc/sysconfig/network-scripts $

or with netstat -rn


root@MyServer:/etc/sysconfig/network-scripts $ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.96    0.0.0.0         255.255.255.255 UH        0 0          0 eth0
172.23.10.36    0.0.0.0         255.255.255.252 U         0 0          0 eth0
192.168.3.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         192.168.3.1     0.0.0.0         UG        0 0          0 eth0
root@MyServer:/etc/sysconfig/network-scripts $

From the route list, it seems to be set. 192.168.1.96 dev eth0 scope link src 172.23.10.37 and a traceroute 192.168.1.96 shows what to me seems that indeed its trying to go out over eth0:0

root@MyServer:/etc/sysconfig/network-scripts $ traceroute 192.168.1.96
traceroute to 192.168.1.96 (192.168.1.96), 30 hops max, 40 byte packets
 1  172.23.10.37 (172.23.10.37)  3001.699 ms !H  3001.698 ms !H  3001.693 ms !H
root@MyServer:/etc/sysconfig/network-scripts $

but as you can see the host is unreachable. The people that admin the remote server have guaranteed to me that their machine does respond to pings, and on my side, iptables for the time being is stopped just to be sure there are no external variables. Also, the firewall service on the router/firewall between us is stopped for the time being.

So basically I have 2 questions. 1) what am I doing wrong? 2) once I get it to work, how do I change the temporary route add -host 192.168.1.96 eth0:0 command into a persistent route? i was reading that the cleanest way to do this is adding a file called /etc/sysconfig/network-scripts/route-eth0:0 with the following line

192.168.1.96 via 172.23.10.37 dev eth0:0 is this correct?

Hopefully I have provided enough info to debug this. thanks, -gk

gkrawiec
  • 23
  • 1
  • 4

3 Answers3

1

The route should use 172.23.10.38 (the router ip) as the gateway. To test use:

route add -host 192.168.1.96 gw 172.23.10.38

The route-eth0:0 file entry would be:

192.168.1.96/32 via 172.23.10.38

TimS
  • 2,166
  • 13
  • 8
  • I will try this on monday. I am afraid if i try it now and something goes wrong I will get locked out of the machine. There is nobody on site right now. Thanks. – gkrawiec Apr 30 '11 at 20:50
  • Thank you. I just tested it. This seems to have done the trick. -gk – gkrawiec May 02 '11 at 22:47
0

Your cleanest approach would be to add the right entry in a route-eth0:0 in /etc.sysconfig/network-scripts, then run service network restart. That will use the specified eth0:0 interface for that route.

ewwhite
  • 197,159
  • 92
  • 443
  • 809
  • thanks, but why do you think its not working, and what would the equivalent line in route-eth0:0 be to the route add command i ran? – gkrawiec Apr 30 '11 at 12:21
  • In a file named `route-eth0:0`, add `192.168.1.96/32 via 172.23.10.37`. – ewwhite Apr 30 '11 at 12:30
  • since its to only one host can i just avoid the `/32` with no repercussions? – gkrawiec Apr 30 '11 at 12:32
  • i just tried and it did generate the route. thanks. though the whole thing still doesnt work. i.e. i still cant reach the remote server. – gkrawiec Apr 30 '11 at 12:34
0

I suggest you try do a traceroute to the server and from the server to your machine. That might discard the fact that there is a router separating the two networks and that it is allowing traffic between the machines.

eihoward
  • 1
  • the traceroute to the server is part of the info i provided at the beginning...it seems to know it has to go out the eth0:0 interface, but then i get host unreachable. I will ask the other side to traceroute to my machine and give it to me so I can post it. Thanks. – gkrawiec Apr 30 '11 at 17:14