1

My question seems to be quite simple, yet I can't just wrap my head around it. My setup is like this:

Server running RHEL 6.4. It has two network interfaces:

ib0: infiniband network (plz don't ask why :) 192.168.1.0/24, most of the servers are here. IP: 192.168.1.51

eth0: ethernet network 192.168.3.0/24, end-users are here (and a few servers). IP: 192.168.3.51.

This server serves as a gateway between servers and users. It has a standard ip forwarding enabled:

net.ipv4.ip_forward = 1

...and nothing else. It is working just fine, no complaints here.

So now I need to do the following: both users from 192.168.3.0 network and servers from 192.168.1.0 network need to access an external network 1.0.0.0/16. This network is managed by another department - they've deployed a router on their side and provided me with a physical link. Their router has an ip 192.168.3.250.

So, I set up a static route on my gateway server like this:

ip route add 1.0.0.0/16 via 192.168.3.250

...and my end-users from 192.168.3.0 network are able to access 1.0.0.0. However, servers from 192.168.1.0 network are unable to reach it.

I am not really great with routing and networking in general, so I suspect I should have NAT enabled for my 192.168.1.0 network (??), but my head starts to ache really bad when I am reading iptables manual... Also, the thing is, that this server should continue to act as a gateway between infiniband and ethernet networks, preferably, with as little overhead as possible.

So the question is: how do i do it?

Tigran Baluyan
  • 61
  • 5
  • 1
    Simple question, does the router at 192.168.3.250 know the network 192.168.1.0/24 ?, thus a route back – yagmoth555 May 06 '15 at 13:05
  • Nope, the router doesn't know about 192.168.1.0. So I guess, I need to do some NATing? – Tigran Baluyan May 06 '15 at 13:13
  • 2
    No, please add a route to 192.168.1.0 in the router. I would not NAT, that can bring you other problem. – yagmoth555 May 06 '15 at 13:17
  • Unfortunately, I can't do that - the router is not managed by me, and I do not have any access to it. – Tigran Baluyan May 06 '15 at 13:23
  • Call the one that manage it ? :) or change the main router to add the route over that router. as that router talk to it's default route, and a ICMP Redirect will send him back to you. – yagmoth555 May 06 '15 at 13:23

1 Answers1

0

Ok, so, through countless errors managed to get it working using iptables NAT.

Here are the config lines in my /etc/sysconfig/iptables:

-A POSTROUTING -s 192.168.1.0/24 -d 1.0.0.0/16 -p tcp -o eth0 -j SNAT --to-source 192.168.3.51 
-A POSTROUTING -s 192.168.1.0/24 -d 1.0.0.0/16 -p udp -o eth0 -j SNAT --to-source 192.168.3.51

That did the trick. Hope that it will help someone.

Tigran Baluyan
  • 61
  • 5