-5

Having two LAN, each one have its own gateway, DHCP and internet connexion

  • LAN 1 - IPs: 192.168.0.0-255, Mask: 255.255.254.0, Gateway: 192.168.0.1
  • LAN 2 - IPs: 192.168.1.1-255, Mask: 255.255.254.0, Gateway: 192.168.1.1

Connect them with a linux computer having two NIC, one for each LAN. The NIC connected to LAN 1 accept all packets sent to 192.168.1/24 (ips of LAN2) and sends them with the other NIC and vice-versa. It is seen as being all the other computers.

Is this possible ? Wich command should I type in the linux box to setup this "routes". The goal is that each LAN stay with their DHCP, current gateway and internet connexion, but able to reach the computers of the other LAN.

Please, don't tell me it is not the academic way to do it. The question is about guessing if this setup is possible or not and pointing out what will prevent it from working. I know it is not the usual way to do it, that it is not pretty, that I should setup routes on the gateways... But I want to have gigabit troughput and the routers are too weak for this.

EDIT AFTER QUESTION HAS BEEN CLOSED:

Despite the really hostile reactions this question rised, I managed to find an answer. What I was describing is called a pseudo-bridge. I managed connecting the subnets using a dual port NAS (Synology ds1812+). One port connected to each network and enabling both ip_forwarding and proxy_arp.

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp

Works like a charm at Gigabit speed and for free. Thanks to mfinni for shouting the answer in comments (as question was closed).

More info there http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml, http://en.wikipedia.org/wiki/Proxy_ARP and there http://www.sjdjweis.com/linux/proxyarp/

bokan
  • 225
  • 3
  • 13
  • 2
    Why are you using /23 netmasks? – EEAA Oct 03 '13 at 12:57
  • 1
    So computers from LAN 1 do not sent packets for 192.168.1.x to the gateway. They send them directly to the connect box that emulate all 192.168.1.x IP. – bokan Oct 03 '13 at 13:00
  • Are you asking for how to configure your linux box between the networks in order to route traffic between the networks or how to configure the clients on each network? – Trondh Oct 03 '13 at 13:03
  • @Trondh : Client are configured using DHCP, I'm asking if it is possible, and how to configure the linux box between networks. – bokan Oct 03 '13 at 13:13
  • 4
    `So computers from LAN 1 do not sent packets for 192.168.1.x to the gateway. They send them directly to the connect box that emulate all 192.168.1.x IP` You're doing it wrong. Configure additional non-default routes on your routers for the other subnets and point those routes to the server's interface on the subnet if you have to do it like this. – MDMarra Oct 03 '13 at 13:15
  • @MDMarra : The question is not about how to interconnect two LAN. The question is wether this trick could work or why it won't work. – bokan Oct 03 '13 at 13:22
  • Is this in a professional environment? – MDMarra Oct 03 '13 at 13:23
  • 9
    Each time someone designs a network like this the gods will kill kittens.. by the dozens.. – pauska Oct 03 '13 at 13:48
  • it could possibly be done with bridges. but it would be really really complex, scary and difficult (and detrimental to the kitten population) – Doon Oct 03 '13 at 14:03
  • The answer is to stick with a /24 and (if he really wants it to be a linux box), stick another layer (in this case the linux box) in between his L2 switches and the routers. Plug the switches into the Linux box and create the linux box as a layer 3 switch. That'll be the gateway for each subnet. Then create multiple default routes for each VLAN that run to their respective routers upstream. He'd need to reconfigure the routers LAN ip's though...maybe doing some /30s for each small VLAN between the l3/linux box. BOTTOM LINE: Stick a layer 3 "switch" in between his /24's and the routers. – TheCleaner Oct 03 '13 at 14:12
  • If you setup a Layer 2 VPN between the two 'routers' that bridges the connections, that could work. If these to routers are linux-based you could do some magic with proxy-arp http://lartc.org/howto/lartc.bridging.html. – Zoredache Oct 03 '13 at 16:29
  • This question have been close because it should demonstrate "a minimum understanding of the problem beign solved" by @MDMarra, Dave M, pauska, Chris S... Guys, did you ever heard about proxy-arp ? Could you please consider reading my edit and reopen the question ? – bokan Oct 04 '13 at 07:59
  • 2
    This is a unbelievable kludge and _not_ how IP is intended to function. The reasoning on why you do it this way is just stupid; if you want your throughput, it can be done in a proper way. You will run into problems, just like you would when using a wrench as a hammer: it does work somehow, but don't expect your wrench to be useful for a prolonged time. – Roman Oct 04 '13 at 08:15
  • @Roman : Maybe, but this question demonstrate the minimum understanding of IP and ARP protocols. Could you please explain wich problems could occur from this network configuration ? – bokan Oct 04 '13 at 08:18
  • The disadvantages, listed in the wikipedia page that you found, are the primary reasons this would rarely be used in a professional environment. It's the wrong way to solve the problem you're having. – mfinni Oct 04 '13 at 12:48
  • Also, since you explicitly said this is for your own learning/tinkering, *that fact alone* makes it a bad question for this site, as per the "help" link at the top. – mfinni Oct 04 '13 at 12:49
  • @MDMarra : Please, take a look at this http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml – bokan Oct 04 '13 at 12:49
  • @bokan I understand what proxy arp is and how it works. Just because something works doesn't mean it's the right way to do it. I can probably drive my car to the grocery store using my feet and cruise control, but that doesn't make it a good idea. What you don't realize about proxy arp is how you're absolutely *abusing* it here. I'm done arguing with you about this. You've collected a decent number of downvotes and close votes, meaning that others clearly agree with me. I don't know what else I can do except ignore you from here on out. Good luck with this wild setup. – MDMarra Oct 04 '13 at 12:58

2 Answers2

6

You're doing it wrong. If you've got a single /23 as you describe, then you don't need to route between the two. If they're on physically separate subnets and you have two /23s with the same IP space, then you just created IP address space overlap and it will be a nightmare. Stick to /24s here (or other non-overlapping subnets).

If you really want to do this with a Linux box between the two, enable IP Forwarding and create routes between the two routers using the appropriate interfaces. It will probably look something like this

Subnet1 Router <-----> |eth0 (on subnet 1) LinuxRouter eth1(on subnet 2)| <-----> Subnet2 Router

Don't try and do this the way you're doing it. Use /24s (or other non-overlapping space) and have the routes in your routers for the other subnets point to the Linux router's interface for that subnet.

Edit: To actually answer your somewhat crazy question, no this will not work the way you're asking. If a computer is 192.168.0.2/23 and it wants to communicate to 192.168.1.2/23, it will assume that this is a computer on the local subnet (because you've told it that it is) and it will not send that traffic to a gateway to be routed, whether that gateway would be your router or a server that is doing routing. Again, don't do this.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • You're telling me to do it the usual way, passing trafic trough the routers. The question asks wether it is possible to do it another way. DHCP range ensure no IP off subnet 2 is lent on subnet 1. – bokan Oct 03 '13 at 13:19
  • What benefit would there be to doing it that way, other than having a complete mess that the next admin will hate you for? You can do something like have DHCP push routes to all of your clients, but you STILL shouldn't have overlapping IP space. There is no sane solution to what you're asking that involves having overlapping IP space. – MDMarra Oct 03 '13 at 13:20
  • It is stated in the question. The router could not handle Gigabit trafic and we have dozen of big 10Gb files to move everyday. – bokan Oct 03 '13 at 13:23
  • @bokan Then upgrade the router? – Nathan C Oct 03 '13 at 13:24
  • @bokan So then why do you have two routers? Why don't you have a single /23 so that the traffic never leaves the switch? If you can't afford a router that can keep up, that seems like a logical solution. Using a linux box in the middle will have a 1Gb bottleneck based on what you've described. Having a real single /23 with no routing involved will give you 1Gb end-to-end assuming your switches can keep up. – MDMarra Oct 03 '13 at 13:27
  • Because each LAN have their own DHCP. And users want to keep their internet connection. If I connect two networks directly together there will be some DHCP fight. Do you think it is possible to block DHCP trafic using cisco SF300-8 ? – bokan Oct 03 '13 at 13:29
  • 4
    @bokan It sounds like you really should consider hiring a network consultant or take some classes in this field. If this is for a workplace, you sound like you're about to make a complete mess out of it. Ask your supervisor for some more training, please. I'm not trying to be rude but you appear so far out of your element here that it can only end badly. – MDMarra Oct 03 '13 at 13:31
  • @MDMarra : sure I should, but you're completly off the question here. If you know why it could not work, please, tell me. – bokan Oct 03 '13 at 13:36
  • I did. Did you read my answer? `To actually answer your somewhat crazy question, no this will not work the way you're asking. If a computer is 192.168.0.2/23 and it wants to communicate to 192.168.1.2/23, it will assume that this is a computer on the local subnet (because you've told it that it is) and it will not send that traffic to a gateway to be routed, whether that gateway would be your router or a server that is doing routing. Again, don't do this.` – MDMarra Oct 03 '13 at 13:41
  • @MDMarra: I did not saw your edit. If computer on one side are beliving the IPs of the other LAN are local, and the linux box between LAN to have all those IP (255 IP) and transfer packets to the other side, it should work no ? – bokan Oct 03 '13 at 13:50
  • 2
    You seem to have completely lost your mind with this. You're going to assign 255 IPs to each interface of this linux box? I'm sorry. I can't help you any more, this is getting ridiculous. – MDMarra Oct 03 '13 at 13:54
  • 3
    PROXY ARP ALL THE THINGS. – mfinni Oct 03 '13 at 14:21
  • @MDMarra : I know it is ridiculous and I won't do it for any other purpose than testing. I thought about this and I just want to know if it is possible. Consider it as an exercise for learning network. – bokan Oct 03 '13 at 19:27
  • @mfinni : That's it !!! Thank you verymuch. I just enabled proxy ARP on the linux box and it works like a charm now. Just connected a synology NAS to both subnets, enabled ip_forwarding and proxy_arp, and I got a free gigabit pseudo-bridge between my two LAN. I really think this question should be reopened. And I'm considering using it on long term. – bokan Oct 04 '13 at 07:27
  • 4
    Under no circumstances will this be re-opened. This is the worst possible way you can accomplish this and anyone with a clue would not do this in a production environment. Server Fault is for professional networks, not tinkering. To open this would he telling people that this is a reasonable solution. It's not. Just because you can make something work doesn't mean that you should. – MDMarra Oct 04 '13 at 11:16
0

Besides all the reasons stated that you probably shouldn't do it, you can make it work. but you would need to add routes to each and every host on the subnets.

You would also have to Change to /24 subnet masks as opposed to the current /23 you are using or else it probably won't work as the the host computers will not make a routing decision since the other IPS would appear local.

So that being said assuming you change the masks to /24 and assuming your have your linux box with interfaces 192.168.0.2 and 192.168.1.2 with routing enabled between them.

Then on each host on the 192.168.0/24 subnet you would

route 192.168.1.0/24 to 192.168.0.2

and each host on the 192.168.1/24 subnet you would

route 192.198.0.0/24 to 192.168.1.2

now when the host makes a routing choice it will send it to the GW you specified as opposed to using the default.

Doon
  • 1,441
  • 9
  • 9
  • I want the other IP to appear local and the linux box to have them all (192.168.0.1-255 on one side 192.168.1.1-255 on the other) then forward packets to the other side. I can confirm that your suggestion of adding route to pcs works, I tested it already :) – bokan Oct 03 '13 at 13:46
  • well if you want to remove routing out of the way, you are going to have to do weird stuff with bridging, and the even then I not sure how you would do ti. – Doon Oct 03 '13 at 13:57