-1

I have a Centos server with three NIC cards.

ETH0 Public IP xx.xx.xx.xx1/xx.xx.xx.xx2 (with two public IP)

EHT1 Local Subnet 192.168.80.0 (DHCP server listening on this interface)

ETH2 Local Subnet (10.0.1.10) Connected to printers/file servers/other lans only accessible inside the organisation.

My Setup requirement:- on ETH1 (192.168.800/24 subnet) I have few users who needs to access Internet and their mails. We have setup a mail server inside 192.168.80.0/24 subnet itself so that mail access should be faster for the users.

I have enabled static NAT to mail server 192.168.80.2 which has got public IP xx.xx.xx.xx2. Rest users on eth1 see their public IP as xx.xx.xx.xx1 since we have enabled DNAT for it too.

File servers/Printers are accessible by the users on subnet 192.168.80.0/24.

I have another subnet 192.168.70.0/24 which needs to communicate to 192.168.80.0/24 subnet and similarly 192.168.80.0.24 needs to communicate to 192.168.70.0/24.

192.168.80.0/24 is connected to 10.0.0.0/24 using L3 switch. 192.168.70.0/24 is connected to 10.0.0.0/24 using L3 switch.

Everything works fine but unable to make communication b/w 192.168.80.0/24 to 192.168.70.0.. vis and vis.

Whenever I do traceroute from 192.168.80.0/24 to 192.168.70.0/24 network it goes to internet.

traceroute 192.168.70.1
* * * 192.168.80.1
* * * ISP default gateway IP

How can I enable forwarding or routing for traffic originating from subnet 192.168.80.0/24 and destined to 192.168.70.0/24 should go via eth2 (10.0.1.10) so that above traceroute should be appear something like below and rest should work as it is working now.

traceroute 192.168.70.1
* * * 192.168.80.1
* * * 10.0.1.10

I don't have any clue what needs to be done now.

My NAT rules:

-A PREROUTING -d xx.xx.xx.xx2/32 -i eth0 -j DNAT --to-destination 192.168.80.2
-A POSTROUTING -s 192.168.80.2/32 -o eth0 -j SNAT --to-source xx.xx.xx.xx2
-A POSTROUTING -s 192.168.80.0/24 -o eth0 -j SNAT --to-source xx.xx.xx.xx1
 -A POSTROUTING -o eth0 -j MASQUERADE

Routing:

 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
115.xx.xx.200  0.0.0.0         255.255.255.252 U     0      0        0 eth0
192.168.80.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.0.0.0        0.0.0.0         255.255.252.0   U     0      0        0 eth2
115.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 eth0
0.0.0.0         115.xx.xx.137 0.0.0.0         UG    0      0        0 eth0
Pratap
  • 695
  • 6
  • 22

1 Answers1

1

Somewhere you have to have gateway, which is connected to the 10.0.1.0/24 network and which connected 192.168.70.0/24 network too. Say, that this gateway have IP address 10.0.1.20.

Then you have to add this route on your linux router:

ip ro add 192.168.70.0/24 via 10.0.1.20

Because your router is gateway for 192.168.70.0/24 network too (although through one hop), you don't need add route for 192.168.80.0/24 on the gateway of network 192.168.70.0/24

EDIT1:

To make this route permanently on the CentOS, you have to add this line to the /etc/sysconfig/network-scripts/route-eth2 file:

192.168.70.0/24 via 10.0.1.20 dev eth2

You can see this deployment guide.

Jan Marek
  • 2,180
  • 1
  • 13
  • 14
  • @ Jan: I added this route and testing it, so far it works fine from 192.168.80 subnet. We are in process to perform some other check from 192.168.70 subnet. I have another silly question how to make this route persistent I followed instruction on [Link]URL(http://www.centos.org/docs/5/html/5.1/Deployment_Guide/s1-networkscripts-static-routes.html) but /etc/sysconfig/network-scripts/route-eth2: line 1: 192.168.70.0/24: No such file or directory. Where should i need to add this entry? – Pratap Sep 10 '13 at 10:06
  • @PratapSingh I've added information about permanent route... – Jan Marek Oct 02 '13 at 08:01