RHEL Routing with 3 nics

Question

I am trying to get my routing to work on my RHEL 7 with 3 nics and 3 subnets.

I have the followig nics

DEVICE=eth0
BOOTPROTO=sttic
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPADDR=10.241.78.5
NETMASK=255.255.254.0
IPV6INIT=no


DEVICE=eth1
BOOTPROTO=static
IPADDR=10.241.74.5
NETMASK=255.255.254.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no

DEVICE=eth2
BOOTPROTO=static
IPADDR=10.241.76.5
NETMASK=255.255.254.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=yes
PEERDNS=yes
IPV6INIT=no


ip route show
10.241.74.0/23 dev eth1  proto kernel  scope link  src 10.241.74.5
10.241.78.0/23 dev eth0  proto kernel  scope link  src 10.241.78.5
10.241.76.0/23 dev eth2  proto kernel  scope link  src 10.241.76.5
default via 10.241.78.1 dev eth0

I have a system 10.241.74.7 behind eth1 and 10.241.76.7 behind eth2

I also have sysctl.conf setup with the following

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

The issue I am having is that system behind eth1 cannot reach eth2 and vice versa.

also when i initiate a ping from the .5 system

ping 10.241.74.7 -I eth2
PING 10.241.74.7 (10.241.74.7) from 10.241.76.5 eth2: 56(84) bytes of data.
From 10.241.76.5 icmp_seq=2 Destination Host Unreachable
From 10.241.76.5 icmp_seq=3 Destination Host Unreachable
From 10.241.76.5 icmp_seq=4 Destination Host Unreachable


ping 10.241.76.7 -I eth1
PING 10.241.76.7 (10.241.76.7) from 10.241.74.5 eth1: 56(84) bytes of data.
From 10.241.74.5 icmp_seq=2 Destination Host Unreachable
From 10.241.74.5 icmp_seq=3 Destination Host Unreachable
From 10.241.74.5 icmp_seq=4 Destination Host Unreachable

However, when I ping both networks from eth0 it works:

ping 10.241.76.7 -I eth0
PING 10.241.76.7 (10.241.76.7) from 10.241.78.5 eth0: 56(84) bytes of data.
64 bytes from 10.241.76.7: icmp_seq=1 ttl=64 time=0.450 ms
64 bytes from 10.241.76.7: icmp_seq=2 ttl=64 time=0.483 ms

ping 10.241.74.7 -I eth0
PING 10.241.74.7 (10.241.74.7) from 10.241.78.5 eth0: 56(84) bytes of data.
64 bytes from 10.241.74.7: icmp_seq=1 ttl=64 time=0.461 ms
64 bytes from 10.241.74.7: icmp_seq=2 ttl=64 time=0.399 ms

iptables has been flushed, so I am not sure why traffic is not passing between both networks ... there may be a routing issue?

netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.241.74.0     0.0.0.0         255.255.254.0   U         0 0          0 eth1
10.241.78.0     0.0.0.0         255.255.254.0   U         0 0          0 eth0
10.241.76.0     0.0.0.0         255.255.254.0   U         0 0          0 eth2
0.0.0.0         10.241.78.1     0.0.0.0         UG        0 0          0 eth0

Can anyone help?

Answer 1

For Linux to forward packets between interfaces you need to set net.ipv4.ip_forward=1 in /etc/sysctl.conf and either reboot the system for the changes to take effect or run sysctl -p

Regarding your ping results, if I remember correctly, by specifying -I ethX on the ping command, you are forcing the packets to actually leave from the specified interface (regardless of subnet configuration and routing on that interface).

What you need to do is try to ping with the source address you want to check (eg instead of ping -I eth0 10.241.74.7 try ping -I 10.241.78.5 10.241.74.7).

This way the packets will leave with the source address 10.241.78.5 but from the proper interface where 10.241.78.0/23 subnet is actually configured on.