[ale] network question

Michael B. Trausch mike at trausch.us
Sat Jan 23 13:49:07 EST 2010 

On 01/23/2010 12:36 PM, Geoffrey wrote:
> Here's the scenario.
>
> Two networks:
>
> aaa.aaa.aaa.000
> bbb.bbb.bbb.000
>
> network aaa has access to internet.  network bbb needs to access
> internet via a machine on aaa.
>
> Assumption is, simply create a route between aaa and bbb.  Does not seem
> to work, bbb can not get to internet.

So, note that I am not speaking from experience here: I am only speaking 
from the way that I understand things, and I could certainly be 
incorrect somewhere.  I and a few friends of mine are about to try to 
create an internetwork for the purpose of solidifying our knowledge in 
these things (though, our experimental network will be routed private 
IPv6, not routed private IPv4).

So, TAKE THIS WITH A GRAIN OF SALT, and ASSUME THAT I AM WRONG.  And if 
someone actually has experience with this type of setup, and I am indeed 
wrong, please, PLEASE correct me.  :)

So, for all the text that follows, we have:

  Machine A:
   * Interface "lan0": address 10.0.0.1 netmask 255.255.255.0
   * Is the NAT router for network 10.0.0.0/24.
   * Runs DHCP for 10.0.0.0/24.

  Machine B:
   * Interface "lan0": address 10.0.1.1 netmask 255.255.255.0
   * Interface "lan1": address 10.0.0.254 netmask 255.255.255.0
   * Runs DHCP for 10.0.1.0/24.
   * Wants to be the router between 10.0.0.0/24 and 10.0.1.0/24

So, then.  The first thing you need is to get packets from machine B's 
network to machine A's network.  To do this, you have to add a route on 
machine B that will send packets to machine A's network.  So:

   # route -A inet add -net 10.0.0.0 netmask 255.255.255.0 \
       dev lan1

Now, when 10.0.1.1 gets a packet for, say, 10.0.0.25, it will send that 
packet out the lan1 interface, which is on the 10.0.0.0/24 network.

The next thing, then, is to tell machine A's network how to send packets 
to 10.0.1.0/24.  There are two ways that we can do this: we can 
configure all the hosts on that network to have a new route, or we can 
add the route to the gateway for that network, which should be in all 
those machine's default routes.  So, then, we'll opt for the latter.  On 
machine A:

   # route -A inet add -net 10.0.1.0 netmask 255.255.255.0 \
       gw 10.0.0.254

So machines on network A trying to send to 10.0.1.25 will send to the 
default gateway (10.0.0.1), which says "Hey, I can send this packet for 
10.0.1.25 to 10.0.0.254 and it will know what to do with it!" and life 
is (hopefully) good.

At this point, you should be able to ping between the two nets, but you 
won't be able to get Internet access on the 10.0.1.0/24 network yet.  In 
order to get that to work, we first have to add a default route from 
10.0.1.0/24 to the gateway on the 10.0.0.0/24 network.  So, then, on 
machine B, do this:

   # route -A inet add -net default gw 10.0.0.1

This should then tell the router between networks A and B that the 
default route should go through machine A over machine A's network. 
Machine A will then do NAT and route things back, using the already 
route from machine A to machine B.

You should be able to ping www.google.com, 4.2.2.1, etc. from machine 
B's network, and you should generally have connectivity.

	--- Mike

-- 
Michael B. Trausch - mike at trausch.us
Tel: (404) 592-5746 x1

More information about the Ale mailing list