James B. Byrne
2013-Apr-19 14:06 UTC
[CentOS] Need help with gateways nd routing of 192.168.0.0/24 addresses
Arch = x86_64 OS = CentOS-6.4 Problem: What is the correct gateway to specify for private IP addresses that may pass thorough NAT? Background: Our gateway is configured thus: #/etc/sysconfig/network-scripts/ificfg-eth1 BOOTPROTO=none BROADCAST="" DEFROUTE=yes DEVICE=eth1 DNS1=216.185.71.33 GATEWAY=216.185.64.53 IPADDR=216.185.71.1 IPV4_FAILURE_FATAL=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6INIT=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes MACADDR="" MTU="" NAME="LAN Link - eth1" NETMASK="" NETWORK="" NM_CONTROLLED=no ONBOOT=yes PREFIX=24 TYPE=Ethernet USERCTL=no and #/etc/sysconfig/network-scripts/ificfg-eth1:192006 NAME="eth1:192006 internal" BOOTPROTO=none MACADDR="" IPV6INIT=no DEVICE=eth1:192006 NETMASK=255.255.255.0 MTU="" BROADCAST=192.168.6.255 ONPARENT=yes IPADDR=192.168.6.1 NETWORK=192.168.6.0 On the gateway these are the routes present: 216.185.64.52/30 dev eth0 proto kernel scope link src 216.185.64.54 192.168.6.0/24 dev eth1 proto kernel scope link src 192.168.6.1 192.168.216.0/24 dev eth1 proto kernel scope link src 192.168.216.1 216.185.71.0/24 dev eth1 proto kernel scope link src 216.185.71.1 169.254.0.0/16 dev eth0 scope link metric 1002 169.254.0.0/16 dev eth1 scope link metric 1003 default via 216.185.64.53 dev eth0 Situation: I have a device configured thus: BOOTPROTO=none BROADCAST=255.255.255.255 DEVICE=eth0 DNS1=216.185.71.33 GATEWAY=216.185.71.1 IPADDR=192.168.6.9 IPV4_FAILURE_FATAL=yes IPV6INIT=no MACADDR="" MTU="" NAME="eth0" NETMASK=255.255.255.0 NETWORK=192.168.6.0 NM_CONTROLLED=no ONBOOT=yes PREFIX=24 TYPE=Ethernet When I try and ping this device I see this: PING 192.168.6.9 (192.168.6.9) 56(84) bytes of data.>From 216.185.71.1: icmp_seq=2 Redirect Host(New nexthop: 192.168.6.9) >From 216.185.71.1: icmp_seq=3 Redirect Host(New nexthop: 192.168.6.9) >From 216.185.71.1: icmp_seq=4 Redirect Host(New nexthop: 192.168.6.9) >From 216.185.71.1: icmp_seq=5 Redirect Host(New nexthop: 192.168.6.9)If I down eth1:192006 on the gateway then all ping packets are simply lost: PING 192.168.6.9 (192.168.6.9) 56(84) bytes of data. ^C --- 192.168.6.9 ping statistics --- 9 packets transmitted, 0 received, 100% packet loss, time 8277ms However, if leave eth1:192006 on the gateway up and I change the gateway on 192.168 device to 192.168.6.1 the problem goes away. I can see what works. My question is really is this the way things are supposed to be set up when one has private IP4 hosts on the same network segments as public IP4 hosts? Is there any way to configure the gateway so that it only requires one internal address [216.185.71.1] and can still route 192.168.6.0 addresses so that they stay on the LAN segment? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3