[SOLVED] How to config route from nic B>C so A can talk to D

borgy95 · 09-25-2012, 12:26 PM

Right this is not really LInux so please forgive me, although it would be no different if it was pure linux, and NO other damn site seems to have an answer and i can't be the first person in the world to try this. So im hoping you guys can rock my world.

Here is the million dollar problem:

Quote:

I have an issue with some traffic routing i can't quite figure: i'll try map out blow what im aiming to do.

Machine A || Machine B (Win 2008 R2) || Machine C
Start: 192.168.5.9 > 192.168.5.5 (NIC 1) - 10.14.137.113 (NIC 2) > 10.14.137.128

So the question is how do I get traffic from Machine A to Machine C. I've tried various 'Route ADD' cmds but no luck so far. So was hoping someone out there could shed some light for me?

Machine B is a AD/DNS and can talk to the entire 10.14.137.x range but has no forwarders set up in DNS. And does not act as a AD/DNS server for the 10.14.137.x range. It fills these roles only for the 192.1668.5.x range. It also has RRAS installed already.

So far machine A can talk to NIC 2 on machine B via

Code:

route ADD 10.14.137.113 MASK 255.255.255.255 192.168.5.5

But beyond that i just can't get it to communicate, what am i doing wrong?
Does machine B need some kind of route forwarding rule?

whizje · 09-25-2012, 01:47 PM

This should do it.

Code:

route ADD 10.14.137.113 MASK 255.255.255.0
route ADD 192.168.5.5 MASK 255.255.255.0

borgy95 · 09-26-2012, 09:41 AM

Quote:

Originally Posted by whizje

This should do it.

Code:

route ADD 10.14.137.113 MASK 255.255.255.0
route ADD 192.168.5.5 MASK 255.255.255.0

So i had tried something like that. and yes it allow traffic from 192.168.5.9 > 10.14.137.113 but nothing goes beyond it can't figure it out. So im still in the same situation it seems if the destination is set as 10.14.137.128 but it first has to route via 192.168.5.5 then via 10.14.137.113 there is a lose of direction. So i need to figure out how to tell all packets destined for 10.14.137.128 from 192.168.5.9 that there are two ports of call: 1st: 192.168.5.5 2nd: 10.14.137.113.

How can i do this?

..and thanks

KatrinAlec · 09-26-2012, 09:49 AM

is IP forwarding active on B?

Joaquim Almeida · 09-26-2012, 10:33 AM

Are you trying to make your server act as a router? If so, have you done a RIP configuration? Here is one tutorial that explains it quite well.

For a better support maybe you should paste the routing tables of the 3 machines.

borgy95 · 09-26-2012, 11:51 AM

Quote:

Originally Posted by KatrinAlec

is IP forwarding active on B?

It wasn't but done that now.
so i guess i'll need a rule to forward from one nic to another if the packet is trying to get 10.14.137.113?

(please be patient with me... im really not a networking buff)

KatrinAlec · 09-27-2012, 02:02 AM

You need a route and you need to let it thorugh your firewall.
you can look up the routes with

Code:

ip route

and the firewall with

Code:

iptables -L

In the firewall it's the table called Chain FORWARD where you have to make the appropriate settings.

you can check your routing with

Code:

ip route get 10.14.137.128

it will tell you which interface it will go to.

You can check your firewall with

Code:

iptables -L -v

that will show you statistics if an entry of your firewall gets used at all.

borgy95 · 09-27-2012, 07:25 AM

Quote:

Originally Posted by Joaquim Almeida

Are you trying to make your server act as a router? If so, have you done a RIP configuration? Here is one tutorial that explains it quite well.

For a better support maybe you should paste the routing tables of the 3 machines.

Tutorial helped i wasn't aware of that step. I have now done that. Still not getting the traffic going across here are the routing table to help figure this out. There are no firewalsl on machine A, B or C.

I have attached the routing tables as pngs (sorry for the incovenience could not copy/paste em in here.) also haven't bothred with Machine C's as i only need traffic to go from A-C

thanks joaquim and others

KatrinAlec · 09-27-2012, 07:39 AM

Quote:

Machine A || Machine B (Win 2008 R2) || Machine C
Start: 192.168.5.9 > 192.168.5.5 (NIC 1) - 10.14.137.113 (NIC 2) > 10.14.137.128

It seems to me that your machine B (the black background?) has the wrong subnet.
At least you don't seem to have a route to machine C.
it says 10.14.137.113 is host only (255.255.255.255). So the default routing will be used, which doesn't send the data to machine C.

either change the subnet or add a route for 10.14.137.128.

And you do need a route back from C over B to A, so that A can reply. You won't be able to establish a TCP connection if C can't answer,
the the routing in C is important as well.

borgy95 · 09-27-2012, 09:01 AM

ahh really didn't know 255.255.255.255 means the route is for host only.

so should the route be something along the lines:

On Tunis:

Code:

route 10.14.137.128 MASK 255.255.252.0 192.0.168.5.5

is the route is disallowed. as apparently it "manipulates the routing table"

what kind of route would u recommend? is there a site that can teach me in depth this stuff, cos im clearly holding some serious knowledge gaps.

ok i'll config a route back as well in that case for C-A communiation.

KatrinAlec · 09-27-2012, 09:26 AM

on B
route ADD 10.14.137.128 10.14.137.113

That should send packets to .113 through .128

Joaquim Almeida · 09-27-2012, 08:14 PM

In my opinion this isn't a routing question because server knows its subnet. If you had, say 1.2.3.4 then the server didn't know which interface to send from, so it needs help (routing)!

This is a forwarding issue; RIP or NAT should solve your problem. I find very odd that you didn't manage to get it working with dynamic routing in WS2008 by using RIP. Try NAT instead: here.

Anyway, let's see a "talk" between systems:

Code:

A:
192.168.5.9

B:
192.168.5.5
10.14.137.113

C:
10.14.137.128

User at A issue "ping 10.14.137.128":
A: Do I have any route to 10.14.137.128?              > No
A: What is my default gateway?                        > Default gateway: 192.168.5.5
A: Send icmp through 192.168.5.9 to 192.168.5.5

B: Received icmp packet from 192.168.5.9. Where to?   > 10.14.137.128
B: Do I have any route to 10.14.137.128?              > Yes
B: What is route to 10.14.137.128                     > 10.14.137.113
B: Send icmp through 10.14.137.113 to 10.14.137.128

C: Got icmp ping packet for me from 192.168.5.9. Have to answer back. Send icmp answer to 192.168.5.9
C: Do I have any route to 192.168.5.9?                > No
C: What is my default gateway?                        > Default gateway: 10.14.137.113
C: Send icmp through 10.14.137.128 to 10.14.137.113

B: Received icmp packet from 10.14.137.128. Where to? > 192.168.5.9
B: Do I have any route to 192.168.5.9?                > Yes
B: What is route to 192.168.5.9                       > 192.168.5.5
B: Send icmp through 192.168.5.5 to 192.168.5.9

A: Got icmp ping answer packet for me from 10.14.137.128. Done.

So, since A and C have default gateways, only B server needs to know where to send packets.
The route table in your screenshot is incomplete. Above the table are interface parameters. You will need to match the id's with the interface. In this example interface 0 means subnet that contains A and interface 1 means the other (if 0 and if 1, respectively):

Code:

route -p add 10.14.137.128 mask 255.255.255.255 10.14.137.113 if 1
route -p add 192.168.5.9 mask 255.255.255.255 192.168.5.5 if 0

Hope it solves.

borgy95 · 09-28-2012, 05:23 AM

I added a route from A-C and that worked straight off no problem. After that A-C started communicting which is abit odd. but at least it's working.

i had tried

Code:

 route ADD 10.14.136.0 MASK 255.255.255.255 10.14.137.113

and that didnt change anything so it's all abit odd. but working so im kinda content to leave it at that.

joaquim, katrin thanks for helping me out. espcially the detail you guys have given me.. i'll be rmbring this thread.

borgy95 · 09-28-2012, 07:24 AM

And here is the corker, figured out why no ping reply was coming! there was no return route! i do feel daft..

thanks again