Wednesday, November 2, 2011
8:36 PM

Static Routes Using Linux

My workplace LAN has around 500 hosts, and to make it more complicated, the hosts are spread across 6 geographic location. I would still call our network a LAN because the administrative privilege is limited to a few people. Anyway, like any other huge network, the LAN had broadcast problems, usually caused by viruses & Windows net-bios broadcast. The management had used separate IP addressing scheme for different campuses, but what they failed to realize is that, unless a layer-3 device is deployed, the network is one HUGE broadcast domain regardless of the IP addressing scheme.

Anyway,  I wanted to deploy Cisco Catalyst switches to implement VLAN to reduce the size of broadcasts. But somehow the management always prefers cheaper solution, right? My case is not much different. As a cheaper alternative, I have recently deployed a Linux host that acts as a Router to divide broadcast domain. Now the technical stuff begins.

Let us assume that there are 3 Linux computers. firefly and busy-bee are 2  has 4 LAN cards installed. We would configure each NIC as a separate subnet see how we can make things work. Let us name the Linux computer as Spider.

Let us build a scenario:





Host: firefly.example.com
Location: Mountain
Function: NAT and Proxy server for Mountain users
NIC1: R1 (Real IP provided by ISP)
NIC2: 192.168.10.1/24


Host: busy-bee.example.com
Location: Forest
Function: NAT & Proxy server for Forest users
NIC1: R2 (Real IP provided by ISP)
NIC2: 192.168.20.1/24

Host: scorpion.example.com
Location: Desert
Function: NAT & Proxy Server for Desert users
NIC1: R3 (Real IP provided by ISP)
NIC2: 192.168.30.1/24


Host: spider
Locatoin: Mountain OR Forest OR Desert, doesn't matter.
Function: Works as a Router between Mountain and Forest
NIC1: 192.168.10.254/24
NIC2: 192.168.20.254/24
NIC3: 192.168.30.254/24

Spider Configuration:

vim /etc/sysctl.conf
net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o NIC1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o NIC2 -j MASQUERADE
iptables -t nat -A POSTROUTING -o NIC3 -j MASQUERADE

Firefly Configuration:
route add -net 192.168.20.0 netmask 255.255.255.0 gw 192.168.10.254 dev NIC2
route add -net 192.168.30.0 netmask 255.255.255.0 gw 192.168.10.254 dev NIC2

The route command would contain output like this:

root@firefly:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags       Metric Ref    Use Iface
192.168.20.0    192.168.10.254     255.255.255.0   UG    0      0        0    eth2
192.168.30.0    192.168.10.254     255.255.255.0   UG    0      0        0    eth2


Busy-bee Configuration:
route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.20.254 dev NIC2
route add -net 192.168.30.0 netmask 255.255.255.0 gw 192.168.20.254 dev NIC2

Scorpion Configuration:
route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.20.254 dev NIC2
route add -net 192.168.20.0 netmask 255.255.255.0 gw 192.168.20.254 dev NIC2

########## End of Configuration ###########

If the physical connectivity is alright, try pinging from one network to the other to test connectivity. For example, if you can't ping from Forest to Desert, check whether you can ping spider.example.com, especially the corresponding NIC of Desert. Use common troubleshooting, shouldn't be that hard. 

Tested and working for me :). Linux rocks!!!

0 comments:

Post a Comment