Find the answer to your Linux question:
Results 1 to 5 of 5
Hey guys. I am trying to set up a Linux box that can act as a router (and firewall later). I have a Debian 5 installation and it has two ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2008
    Posts
    6

    Question using route tool to forward traffic between two nics


    Hey guys. I am trying to set up a Linux box that can act as a router (and firewall later). I have a Debian 5 installation and it has two nics in it. I am trying to use the linux route command to set up a route between the two interfaces. I am finding it difficult to do.
    Let me explain how I am trying to set up my network:
    I have the ethernet cable from my modem connecting to eth0 of my Debian box, then I have eth1 connecting to a switch, which I connect all my computers and other devices to.

    I want to have two different ip address schemes for the devices.

    So here is my interfaces file:
    Code:
    #eth0 connects to modem
    allow-hotplug eth0
    iface eth0 inet static	
    	address 10.1.1.1
    	netmask 255.0.0.0
    	network 10.0.0.0
    	broadcast 10.255.255.255
    
    #eth1 connects to switch
    allow-hotplug eth1
    iface eth1 inet static
    	address 192.168.1.1
    	netmask 255.255.255.0
    	network 192.168.0.255
    	broadcast 192.168.0.255
    right now, route -n displays this:
    Code:
    Destination         Gateway    Genmask         Flags	   UseIface
    192.168.1.0         0.0.0.0    255.255.255.0   U         eth1
    10.0.0.0           0.0.0.0    255.0.0.0       U         eth0
    So I am wondering, to get my ethernet traffic from eth0 to eth1 and vice versa, do I need to make it so the Gateway for Destination 192.168.1.0 is 10.1.1.1, and for Destination 10.0.0.0, Gateway 192.168.1.0?

    I have looked at the linux manpage for route and I am still confused. I have also looked at the Debian networking page, but it is still unclear to me how to do this.

    Can someone help me understand how I am to use the route command to get this working? Or am I not even supposed to use the route command?

    Thanks for any input

  2. #2
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,746
    There is no "route" between the NIC's - they're on the same system. If all you want is Linux to forward TCP packets from one interface to another, just turn on TCP forwarding.

    Google: linux tcp forwarding

  3. #3
    Just Joined!
    Join Date
    Oct 2008
    Posts
    6
    HRO, thanks for the reply. I guess that makes sense. I was under the impression that I needed to use the route tool since the nics have different network addresses. Not to mention, I could later use this system as a router between to different networks that connect to the same internet source. That is probably when I would need the route tool, right?

  4. #4
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,746
    I was under the impression that I needed to use the route tool since the nics have different network addresses.
    A route is a *network* path between different network segments. Once a packet hits the kernel's TCP/IP stack, it's on that one system and the kernel knows which networks it has NIC's attached to (by referring to its local routing table.) You would only modify that routing table using the route command if there was a network path that you needed to add/modify. These would be paths external to the server. Because for *most* networks there is only 1 "upstream" path, modifying the routing table is not commonly needed.

    That is probably when I would need the route tool, right?
    No - again, the "router" server already knows that it has 2 NIC's and each subnet it's connected to. A Linux server can act as a router in one of 2 common ways:

    1) Use TCP_FORWARDING to forward packets between the two subnets.
    2) Run router-protocol daemons that interact with the other routers on the network.

    Assuming this layout from Network A to internet access:

    Code:
    Network_A (NA) => Router_Server (RS) => Network_B (NB) => Router (R) => Internet_Access (IA)
    Any system on (NA) has RS's (NA) interfaces as its gateway/router. Packets get sent up the chain to Google and (R) returns packets to (RS) which then passes them back to the system on (NA.) [This assumes (R) is correctly configured with a route that defines (NA) access via RS's (NB) interface.

    But what happens if the system on (NA) talks to a system on (NB)? The NB system will send any response packets to its...default gateway = (R). Without a manual route entry on the (NB) system, it will not know that it must send packets for (NA) to RS's NB interface. This is where the route command is used - not on the routing system itself.

    Why do enterprise networks not have dozens of these route entries in their workstations? Because if RS was replaced by a router running routing daemons (BGP, RIP, etc.) the 2 routers would be communicating their routes to each other. Hence the other option for RS - running routing daemons. Vyatta is an example of X86 hardware used for network routing.

    * Most "simple" network configs with the layout above would choose option 1 with the additional step of enabling iptables' MASQUERADE function. This creates a "many-to-one" NAT where no custom routes are needed for systems on (NB) because all packets from (NA) appear to originate from RS's NB interface.

  5. #5
    Just Joined!
    Join Date
    Oct 2008
    Posts
    6
    HRO, thanks for your nice reply. It looks like this is more complicated that I thought it would be. I'll try to enable tcp forwarding and see if I can get it working.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •