Connecting two subnets using an Ubuntu 10.04 LTS as a router

Question

This has been bothering me for a couple of days,

I have two subnets:

192.168.1.0/24 : This is the subnet used by my ISP/router. The gateway to the WAN is 192.168.1.1 192.168.2.0/24 : This is a subnet that I've created on my ESXi 5 virtual machine.

The physical machine that ESXi 5 is running on has two NIC's one NIC is connected to my ISP/router and the other is connected to another router with the DHCP server disabled. I'm using this second router just to keep the NIC status 'UP' from a vmware perspective.

I have a virtual Ubuntu 10.04 LTS running with two NIC's connected to it. The idea is that this will server as a router between the two subnets. I have DHCP running on the Ubuntu router that is dishing out IPs to my virtual machines using the 192.168.2.0 LAN.

The problem I'm having is that I can't seem to get the Ubuntu router to forward packets from one subnet to another. I should note I have tried every possible combination of configuration settings I can think of. My current set up is as follows:

I have run the command echo 1 > /proc/sys/net/ipv4/ip_forward to enable packet forwarding.

My firewall looks like this:

root@gRouter:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

My '/etc/network/interfaces' looks like this:

root@gRouter:~# cat /etc/network/interfaces

auto lo eth0 eth1
iface lo inet loopback

iface eth0 inet static
    address 192.168.1.105
    network 192.168.1.0
    netmask 255.255.255.0
    up ip route add 192.168.2.0/24 via 192.168.1.105


iface eth1 inet static
    address 192.168.2.2
    network 192.168.2.0
    netmask 255.255.255.0
    up ip route add 192.168.1.0/24 via 192.168.2.2

From this dual NIC router to be, I can ping between virtual machines within the 192.168.2.0 subnet and I can ping between virtual machines and physical machines on the 192.168.1.0 subnet. But I cannot ping from one subnet to another.

My routes table looks like this:

root@gRouter:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     *               255.255.255.0   U     0      0        0 eth1
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0

My arp currently looks like this:

root@gRouter:~# arp -v
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.2.13             ether   00:0c:29:30:f4:d9   C                     eth1
192.168.2.10             ether   00:0c:29:bf:60:a3   C                     eth1
192.168.1.64             ether   38:59:f9:e7:a0:f5   C                     eth0
Entries: 3      Skipped: 0      Found: 3

When I try to ping from a machine in subnet 192.168.2.0 to a machine in 192.168.1.0 subnet, I immediately get the error message 'connect: Network is unreachable'

When I try to ping from a machine in subnet 192.168.1.0 to a machine in 192.168.2.0 subnet, the first ping is initiated but it just hangs indefinately.

Sorry for the long post, I hope I have given enough information. Really grateful for any help.

Thanks in advance.

`But I cannot ping from one subnet to another.`. Give is the IP configuration of the clients on each subnet. Are both sides set to use the Ubuntu box as their default gateway? What happens when you try to do a **traceroute**. When troubleshooting routing the tool you want is almost always **traceroute**, and not ping. — Zoredache, May 15 '12 at 22:30
You should get rid of the routes you are trying to add in you interfaces file with `up ip route add ...` they are not doing anything useful. — Zoredache, May 15 '12 at 22:31
What do your routs look like for your other vms? What do your routes look like for the systems on the 192.168.1.x side? The systems may not know which router to talk to for sending traffic through gRouter. — becomingwisest, May 15 '12 at 22:32

score 3 · Answer 1 · answered May 16 '12 at 06:29

You have no way to get the packets to the machine doing the routing. Machines on each network need to know that the router's interface on their network is their gateway to the other network.

The simplest way to do this is to add a static route to the default gateway on each network. For example, if the router is 192.168.1.10/24 and 192.168.2.20/24, and the default gateways for the two networks are 192.168.1.1 and 192.168.2.1, then you need to add the following two static routes:

1) On 192.168.1.1, you need a route to 192.168.2.0/24 with a gateway of 192.168.1.10

2) On 192.168.2.1, you need a route to 192.168.1.0/24 with a gateway of 192.168.2.20

That way, when machines on either network send packets for the other network to their default gateway, the default gateway will know to send the packets to the router that connects the two networks.

score -1 · Answer 2 · answered May 15 '12 at 23:29

-1

You need to make the appropriate trunk to route the two subnets together. With no firewall rules to ACCEPT, DENY, DROP, packets for either interface you're of course not going to get any connectivity between the two subnets.

Start reading up on some IPFW/IPTABLES rules.

http://forum.codecall.net/topic/48557-help-with-iptables-2-nics-2-subnets/

answered May 15 '12 at 23:29

Anonymous

47
1

He has forwarding on and his firewalls are set to accept everything. What else does he need? – David Schwartz May 16 '12 at 06:30

Connecting two subnets using an Ubuntu 10.04 LTS as a router

2 Answers2