Creating a Gateway
Tim
ignored_mailbox at yahoo.com.au
Wed May 11 17:01:19 UTC 2011
On Wed, 2011-05-11 at 17:13 +0100, Aaron Gray wrote:
> I now have DHCP working fine and a client attached, but am having
> problems adding a gateway.
>
> I have used WebMin to attempt to do it, adding a Static route and
> setting the "config as Router" option.
>
> This has added a file :-
>
> $ cat route-eth1
> ADDRESS0=192.168.1.0
> GATEWAY0=192.168.0.1
> NETMASK0=255.255.255.0
You've got two different sub-nets there, and the netmask says they're to
be considered differently. Is that what you're intending?
Theoretically, there has to be a gateway bridging between 192.168.0 and
192.168.1 (it could be a router, it could be a computer). *It* has to
be able to talk to either side, and each side needs to be told that it's
the gateway.
e.g.
+------------------+
| gateway with |
| two interfaces |
| that communicate |
| with each other |
192.168.0 network --> | 192.168.0.254 |
| & |
| 192.168.1.254 | <-- 192.168.1 network
+------------------+
The 192.168.0 network has 192.168.0.254 as its gateway.
The 192.168.1 network has 192.168.1.254 as its gateway.
Any time a computer on the 192.168.0 network tries to talk to something
on the 192.168.1 network, the netmask identifies that address is outside
of its own network, so it must go through the gateway. And vice versa.
They are isolated from each other, with only the gateway between them,
in theory... In practicality, if you put all the computers with
different addresses on a common switch, it's possible for them to
chatter directly between themselves when you didn't want them to. As
people will break rules, and there are some basic low-level networking
traffic below IP. And this can make things difficult for debugging with
the newcomer who can see network lights blinking but gets networking
errors.
If you look at a netmask like 255.255.255.0, it's showing you that the
first three quads of the address (192 and 168 and 0) must be the same to
be considered as being on the same network, and therefore directly
communicable between each other. If those parts of the address are
different, then they're not on the same network, and communication has
to be routed through the gateway.
As far as configuring the gateway, it's a very long time since I've done
this, and I can't remember much beyond having to enable IP forwarding on
it.
For the sake of network simplicity, it's easiest if your gateway is also
the DHCP server, and all of its LAN interfaces have fixed IP addresses.
It gets messy trying to boot up a computer that's waiting for networks
to be up before the DHCP server will start, and for network interfaces
to come up without a DHCP server to give them an address.
That's *almost* how my LAN currently works. My DHCP and DNS server is a
computer with fixed IP addresses. NetworkManager is not used on it.
All my computers are on the same subnet. The only gateway I have is the
modem/router to the internet, it's a standalone device, and it's DCHP
server is switched off. My DHCP server doles out IP addresses, puts the
info in the DNS server, tells the clients its own address for the local
DNS server, and gives out the modem/router IP as the gateway.
P.S. If this is part of some prior thread, I can't tell, as you've
started a new one. So I have no idea about any previous information you
might have supplied.
--
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
More information about the users
mailing list