0

I've been squeezing my mind with this problem since a couple of days, unfortunately I can 't find a way out. May be it's lack of theory or just a bad setup. I will appreciate a bit of help :-)

schematic diagram

I 'm having a problem to achieve this task. I can't ping from linux box 10.0.1.2 to a host connected in the network 192.168.0.0

I can ping from linux router a host in the net 192.168.0.0 example 192.168.0.200 or 192.168.0.1

I can ping from linux router a host in the net 10.0.1.0 example 10.0.1.2 and of course 10.0.1.1

From linux box I can ping linux router 10.0.1.1 and 192.168.0.204, ( Both Network cards in the same box ) but I can 't ping for example 192.168.0.200 or 192.168.0.1

Linux router has two network cards enp0s3 --> 192.168.0.204 IP is assigned from the internet router through dhcp, the second card enp0s8 It has static IP 10.0.1.1/24

linux router:

1: enp0s3: 
    inet 192.168.0.209/24 brd 192.168.0.255 scope global dynamic enp0s3
 
2: enp0s8:
    inet 10.0.1.1/24 scope global enp0s8

ip route list:

default via 192.168.0.1 dev enp0s3 
10.0.1.0/24 dev enp0s8 proto kernel scope link src 10.0.1.1 
169.254.0.0/16 dev enp0s3 scope link metric 1000 
192.168.0.0/24 dev enp0s3 proto kernel scope link src 192.168.0.209

Linux box has network card enp0s3 --> It has static IP 10.0.1.2/24

linux box:

1: enp0s3:
    inet 10.0.1.2/24 scope global enp0s3

ip route list:

10.0.1.0/24 dev enp0s3 proto kernel scope link src 10.0.1.2 
192.168.0.0/24 via 10.0.1.1 dev enp0s3

NOTE: I did these in both linux router and linux box.

vi /etc/sysctl.conf
net.ipv4.ip_forward=1
sysctl -p

I would like to achieve this by routing and not with nat iptables or anything else.

Lacek
  • 6,585
  • 22
  • 28
tangerine3031
  • 1

1 Answers1

2

If you don't want to use NAT for this, then all devices must have routing entries to all others. Most probably the problem in your case is that the computers in the 192.168.0.0 subnet don't have a routing entry for 10.0.1.0/24. I'm guessing that the computer with IP address 192.168.0.200 has two routing table entries:

  1. An on-link entry for the 192.168.0.0/24 subnet
  2. And a default route through 192.168.0.1

So when you ping 192.168.0.200 from 10.0.1.2, the packages can reach the target server, but when it tries to answer, it routes the answer to another direction -- through 192.168.0.1, the only route it knows for not on-link addresses, which of course never reaches the destination.

If you add a route for 10.0.1.0/24 to the servers in the 192.168.0.0/24 subnet, it will probably work.

Lacek
  • 6,585
  • 22
  • 28
  • 1
    If you have not access to the servers in the 192.168.0.0/24 network you can add a static route to 10.0.1.0/24 on your internet router, but it is only a workaround. Don't use this if you can avoid this. – Alexander Worlitschek Jul 03 '20 at 15:03