3

I have set up Ubuntu 16.04 VM server, and I'm trying to change default GW on it. (all traffic should be redirected to another gw - because of whitelisting problems).

Incoming traffic will come from 10.50.x.x network, but outgoing should go trough 192.168.0.254 gw.

Our setup is as follows:

I have router with 2 vlan's. First vlan is 10.50.0.0/24 with gw 10.50.0.1/24. Second vlan is 192.168.0.0/24 with gw 192.168.0.210. Second vlan has also another gateway on it - 192.168.0.254. Router can access both vlan's and all servers on them.

When server is started, default routing table is:

Destination   Gateway         Genmask         F   M R U Iface
0.0.0.0       10.50.0.1       0.0.0.0         UG  0 0 0 ens160
10.50.0.0     0.0.0.0         255.255.255.0   U   0 0 0 ens160

So to make 192.168.0.x network "available" I added:

route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.50.0.1 dev ens160

Then to explain 10.50.0.0/24 network to use 10.50.0.1 gateway (as we will change default gw):

route add -net 10.50.0.0 netmask 255.255.255.0 gw 10.50.0.1 dev ens160

And then to "explain" how to reach 192.168.0.254 gateway

route add -net 192.168.0.254 netmask 255.255.255.255 gw 10.50.0.1 dev ens160

Route is now as follows:

Destination     Gateway     Genmask         F   M  R  U   Iface
0.0.0.0         10.50.0.1   0.0.0.0         UG  0  0  0   ens160
10.50.0.0       10.50.0.1   255.255.255.0   UG  0  0  0   ens160
10.50.0.0       0.0.0.0     255.255.255.0   U   0  0  0   ens160
192.168.0.0     10.50.0.1   255.255.255.0   UG  0  0  0   ens160
192.168.0.254   10.50.0.1   255.255.255.255 UGH 0  0  0   ens160

And now to add default gw:

route add default gw 192.168.0.254 dev ens160

I get:

SIOCADDRT: Network is unreachable

I can ping 192.168.0.254 but with this setup server does not "see" 192.168.0.254?

root@tlt551:/home/user# ping 192.168.0.254
PING 192.168.0.254 (192.168.0.254) 56(84) bytes of data.
64 bytes from 192.168.0.254: icmp_seq=1 ttl=254 time=3.18 ms
64 bytes from 192.168.0.254: icmp_seq=2 ttl=254 time=1.60 ms
...

Can anyone help me understand what am I doing wrong (I'm noob with networks)?

Goran Keleković
  • 31
  • 1
  • 1
  • 2
  • Can you add a picture (eg. visio drawing) of the setup and the desired traffic flows? Also, can you tell us _why_ you want the desired behavior? From reading the question I get the impression that you have no clue how networking works.. Is that the case? – Tommiie Sep 13 '18 at 09:45

2 Answers2

3

Since your server is only connected to the 10.50.0.0/24 network, you can't fix this by only changing settings on the server. This server can only have 10.50.0.1 as its default gateway. No other static routes should be added as they are completley pointless.

The change needs to be done on your router connecting to both networks. Using IP source routing (also called policy-based routing), you can send traffic from the server to a different next-hop router. To help with the configuration, we need to know the brand of router you're using. But I strongly suggest you find some help with the networking team of your company.

Tommiie
  • 5,627
  • 2
  • 12
  • 46
0

Try this:

ip route add 192.168.0.254 dev ens160
ip route add default via 192.168.0.254
Krzysztof Księżyk
  • 522
  • 4
  • 10