Default gateway is in different subnet. How to configure in RHEL6.2

Question

I have two subnets routed to my server from ISP. I have only one gateway ip. The gateway is on the same VLAN as my IP address. For example netowrk 1 is 1.0.0.0/24 and network 2 is 2.0.0.0/24. Both are routed to eth0 by my ISP. Gateway is 1.0.0.1. My host ip is 2.0.0.1/24 (eth0) So I can configure default gateway manually with

ip route add default dev eth0
ip route add default via 1.0.0.1

and then internet connection works properly. How do I configure it in /etc/sysconfig/network-scripts/ifcfg-eth0 ?

I tried to set GATEWAY=1.0.0.1 but it doesn't work. Tried to set GATEWAY and GATEWAYDEV in /etc/sysconfig/network and it does only what first command from listing above do.

Can you clarify how the network interfaces are configured? Traffic from the 2.0.0.0 network address should be routed via the gateway in the 1.0.0.0 network. — Shane Madden, Mar 17 '12 at 23:00
Yeap. eth0 inet 2.0.0.1 mask 255.255.255.0 gateway is on the same VLAN and it's arp address is in arp table. Gateway ip address is 1.0.0.1 — Dmytro Leonenko, Mar 17 '12 at 23:18
I've edited original message to be more specific about configuration. There is only one interface: eth0 — Dmytro Leonenko, Mar 17 '12 at 23:40
If your ISP gave you two disparate subnets, they intended for you to put a router between them. — AdmiralNemo, Mar 23 '12 at 23:35

score 5 · Answer 1 · answered Mar 20 '12 at 00:05

You really won't find support for something like this, as it's not something that will pass any sanity checks.

So, think about it a bit. Your computer needs to know the gateway address in order to reach other machines outside it's local subnet. So, if you have a subnet 10.0.1.0/24 and your machine is 10.0.1.12, it would be able to reach any machine from 10.0.1.0-10.0.1.255 without using the gateway.

The gateway is typically required to be within the machine's subnet otherwise the machine has no way to reach it (without some routing tricks, as you are doing). Going back to the example above, if the gateway had an IP of 10.0.2.10, the machines would have no way to reach it (in order to send traffic outside their subnet, they need to reach the gateway, which is outside their subnet).

Are you absolutely certain that you have the correct subnet mask? As another example, if you have an IP in 10.0.1.0/16 with a gateway of 10.0.2.0, this is perfectly valid. If you had 10.0.1.0/24 and a gateway of 10.0.2.0, this is not. I would suspect that your ISP has given you the wrong netmask information.

Yes. Besides subnets in example it's absolutely real situatin where my ISP gave me one /29 subnet with GW and 5 usable ips and after a while another totally different /29 (so I can't aggregate them to single /28) subnet with 6 usable ip (without separate GW) and routed it to my interface. I personaly don't see anything magical reaching any device with any ip when it resides in common physical net — Dmytro Leonenko, Mar 20 '12 at 07:50
@Dmytro This is about routing table (`netstat -rn`). One row says an IP works as your GW, but you absolutely need at least one more row - the row which says how to actually get to that GW. This row is what is so misleadingly called "your subnet". — kubanczyk, Mar 21 '12 at 08:56

score 3 · Accepted Answer · answered Mar 20 '12 at 12:08

3

I've managed to find an answer by myself.

#cat /etc/sysconfig/network-scripts/route-eth0
1.0.0.0/24 dev eth0
default via 1.0.0.1 dev eth0

It looks a bit better than lines in rc.local At least it is related to routing in terms if RHEL way of network configuraion

answered Mar 20 '12 at 12:08

Dmytro Leonenko

456
1
7
24

I was going to write this. But you don't need the "dev" specification. – ewwhite Mar 20 '12 at 12:24
Just making sure, I hope you're not using 1.0.0.0/24 for real but it's only an example. The 1/8 netblock is assigned to APNIC and is part of the internet IP pool: http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml Abusing IP addresses that way is a very bad idea. You have a perfectly valid alternative: 10/8. In addition, for examples you can use ranges such as 192.0.2.0/24: http://tools.ietf.org/html/rfc5737 – aseq Mar 20 '12 at 19:15
@aseq Sure it's just an example. In comments to other answers I noted that I have two /29 subnets but only one has gateway – Dmytro Leonenko Mar 20 '12 at 22:47
YOU are the gateway for the other subnet, you are expect to provide a ROUTER. The "connected" network is not meant to be used for anything but firewalls and routers, your /29 IP block is meant for your real devices. You can do what you want, but that's what it's for. – SpacemanSpiff Mar 24 '12 at 14:04
Further more, if you connect a firewall to the "connected" network where they provide a gateway, your firewall can proxy ARP for the other connected IP addresses if you want to NAT them, the other /29 subnet is routed to your assigned address on that connected network. – SpacemanSpiff Mar 24 '12 at 14:06
Haven't got your idea. What I have is a bunch of virtual machines on ESXi. I have no my own router. Only my ISP has one and provides me with it's IP in my subnet. ISP can also assing one ip from second subnet on router's interface but it is wasting my IPs – Dmytro Leonenko Mar 25 '12 at 18:53

Max Alginin · Answer 3 · 2012-03-20T01:03:26.123

2

You can't achieve the same result with initscripts. Here's the relevant portion of /etc/sysconfig/network-scripts/network-functions:

if [ "$GATEWAY" = "0.0.0.0" ]; then
    /sbin/ip route add default dev ${GATEWAYDEV}
else
    /sbin/ip route add default via ${GATEWAY}
fi

Which means that only one of the two commands you listed would run, but not both.

A better solution would be taking another IP from 1.0.0.0/24 and giving it to eth0 on the server instead of 2.0.0.1. Then you have the conventional setup, routing everything over 1.0.0.0/24, and you use 2.0.0.0/24 with fully legit stuff like proxy ARP and iptables.

If you can't do that, just stick the two ip route commands into /etc/rc.local.

edited Mar 20 '12 at 01:03

answered Mar 20 '12 at 00:56

Max Alginin

3,284
15
11

1

Indeed, there are ways to accomplish this, but it's much better to just fix the network configuration. Leaving as few WTF's for the person that comes after you is always good. – devicenull Mar 20 '12 at 01:07
Sysadmins asking such questions often don't have the freedom to get from their ISP what we tell them would be The Right Thing. I intentionally limited my answer to the options that don't require talking to the ISP. – Max Alginin Mar 20 '12 at 01:19
1

True, but it also could be the ISP typo'd their information.. talking to them would probably be a good first step even if their answer is "it's how we do things, live with it". – devicenull Mar 20 '12 at 02:35
I can't :) See comment to @devicenull answer. It's real situation with two /29 subnets. For now I'll wait to see if there is any other way. – Dmytro Leonenko Mar 20 '12 at 07:51
OK. Suppose I have 192.168.0.0/24 with no free IPs in my phisical net. How do I reach them if my IP is 192.168.2.1/24 (192.168.1.0/24 is unavaliable for some reason) without gateway (suppose there is no gateways at all. Only plain switched network)? – Dmytro Leonenko Mar 20 '12 at 07:55
You can't do that. Routing is the only way to cross subnets. Switching only works for things within the same subnet. – devicenull Mar 22 '12 at 00:03

score 0 · Answer 4 · answered Mar 23 '12 at 20:40

0

Ran into the same issue last week. Set up routes manually with ip route add..., and to make it persist, ip r l > /etc/sysconfig/network-scripts/route-em1 (edit it afterwards a bit) and voila

answered Mar 23 '12 at 20:40

dyasny

18,802
6
49
64

Default gateway is in different subnet. How to configure in RHEL6.2

4 Answers4