Find the answer to your Linux question:
Results 1 to 4 of 4
I have configured a Linux firewall router running iptables with the following: Code: DEVICE=eth0 BOOTPROTO=none BROADCAST=xx.xx.92.239 HWADDR=00:04:75:db:2a:01 IPADDR=xx.xx.92.236 NETMASK=255.255.255.248 NETWORK=xx.xx.92.232 ONBOOT=yes GATEWAY=xx.xx.92.233 TYPE=Ethernet DEVICE=eth0:4 BOOTPROTO=none TYPE=Ethernet NETMASK=255.255.255.240 ONPARENT=yes BROADCAST=xx.xx.248.111 IPADDR=xx.xx.248.99 ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2012
    Posts
    1

    Multiple Ip networks on one nic


    I have configured a Linux firewall router running iptables with the following:

    Code:
    DEVICE=eth0
    BOOTPROTO=none
    BROADCAST=xx.xx.92.239
    HWADDR=00:04:75:db:2a:01
    IPADDR=xx.xx.92.236
    NETMASK=255.255.255.248
    NETWORK=xx.xx.92.232
    ONBOOT=yes
    GATEWAY=xx.xx.92.233
    TYPE=Ethernet
    
    DEVICE=eth0:4
    BOOTPROTO=none
    TYPE=Ethernet
    NETMASK=255.255.255.240
    ONPARENT=yes
    BROADCAST=xx.xx.248.111
    IPADDR=xx.xx.248.99
    NETWORK=xx.xx.248.96
    GATEWAY=xx.xx.248.97
    
    DEVICE=eth1
    BOOTPROTO=none
    HWADDR=00:06:5b:9f:b1:87
    ONBOOT=yes
    DHCP_HOSTNAME=router.mtdatasure.com
    TYPE=Ethernet
    IPADDR=192.168.1.254
    NETMASK=255.255.255.0
    
    
    The routing table looks like this:
    
    Destination Gateway Genmask Flags MSS Window irtt Iface
    xx.xx.92.232 0.0.0.0 255.255.255.248 U 0 0 0 eth0
    xx.xx.248.96 0.0.0.0 255.255.255.240 U 0 0 0 eth0
    192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
    169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
    0.0.0.0 xx.xx.248.97 0.0.0.0 UG 0 0 0 eth0
    0.0.0.0 xx.xx.92.233 0.0.0.0 UG 0 0 0 eth0
    I have IP tables setup with NAT. The hosts with an outside IP in the xx.xx.92.232 network are visible from anywhere. However the one host with an outside IP that is part of the xx.xx.248.96 network is only visible from computers who use an IP address on the same network. After much sweating, I suspect this is a routing problem. What am I missing in this routing table that would allow computer on the xx.xx.248.96 network be visible from anywhere and not just their own network?

    Thank you in advance.

    Pete
    Last edited by MikeTbob; 09-25-2012 at 02:26 PM. Reason: Added code tags

  2. #2
    Just Joined!
    Join Date
    Sep 2012
    Location
    Finland
    Posts
    96
    Instead of "xx.xx.248.96 0.0.0.0 255.255.255.240"
    Try "xx.xx.248.96 0.0.0.0 255.255.255.0"
    It might work.

  3. #3
    Just Joined! RobKendrick's Avatar
    Join Date
    Oct 2008
    Location
    Georgia, USA
    Posts
    15
    Hi Pete,

    In this line: xx.xx.248.96 0.0.0.0 255.255.255.240 U 0 0 0 eth0
    ...are you able to set it as you have above, like so? xx.xx.248.96 0.0.0.0 255.255.255.240 U 0 0 0 eth0:4

    Unfortunately, I'm still relatively new to iptables' usage, but if I'm understanding this correctly, you need to redirect traffic to the .248.96 network through port 4 on the eth0 interface...is that correct?

    Peconet009, your solution will not work because that netmask is not valid for his network. With a netmask of 240 (/28), you can only have 14 hosts per network (4 0-bits = 1+2+4+8 = 15, minus the broadcast address). Pete's netmask assignment is correct, as is his broadcast address (.248.111, which is 96+15).

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    Would be nice if you would include the output from
    Code:
    route -n
    Also would be nice to know how you have your IPTABLES setup.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •