PDA

View Full Version : Basic help on getting SLES to route



rough_diamond
04-Dec-2012, 09:26
Hi - I have seen various posts related to this topic but none really give a step by step guide so hopefully someone out there can fill in the blanks
We would like to set up a SLES 10.3 server to be able to route packets between different subnets
For example subnet 192.168.0.0 /24 will be able to route to 10.0.0.0 /8 - This server will not have any connections to the the internet.
eth0 = 192.168.0.1
eth1 = 10.0.0.1

I have enabled ip-forwarding on the SLES box and can ping from a separate device on the 192.168.0.0 network throught to eth1 on 10.0.0.1 but I cannot ping any devices beyond that interface on the 10.0.0.0 network.

From reading the board I suspect this may be firewall related but I am not sure how to resolve the issue.

Any help would be greatly appreciated!

bwisupport
04-Dec-2012, 12:40
Am 04.12.2012 09:34, schrieb rough diamond:
> I have enabled ip-forwarding on the SLES box and can ping from a
> separate device on the 192.168.0.0 network throught to eth1 on 10.0.0.1

AFAIR this would always work, the SLES routes internally to the second
NIC without further configuration.

> but I cannot ping any devices beyond that interface on the 10.0.0.0
> network.

You have to setup a route to the 10.0.0.0 net.

What is the output from?

# route

Tom

rough_diamond
04-Dec-2012, 14:04
Thanks for the reply Tom
In the meantime I managed to ping devices on 10.0.0.x from 192.168.0.x by editing the /etc/sysconfigSuSEfirewall2 - In the FW_FORWARD= section I added the two subnets
is this what you meant by add the route or were you refering to
adding a static route? I would be interested to know the answer. Doing a netstat -r shows a route to the 10.0.0.0 network as this is associated with the interface with the IP of 10.0.0.1
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 * 255.255.255.0 U 0 0 0 eth7

bwisupport
04-Dec-2012, 14:39
> is this what you meant by add the route or were you refering to
> adding a static route? I would be interested to know the answer. Doing

No, I meant 'route add net...'
But there's no need to because the route exists, as your ping after
adding the fw-rules shows

Tom

rough_diamond
04-Dec-2012, 14:47
Thanks Tom

Everything looks good now- thanks for the replies

KBOYLE
04-Dec-2012, 19:51
rough diamond wrote:

> Everything looks good now- thanks for the replies

I see you got this resolved. That's great.

When IP Forwarding is not enabled, devices on either subnet should be
able to access either interface on your server but none of the devices
on the other subnet. Once you enable IP Forwarding, you still have to
specify what traffic is to be forwarded. It's not a case of all or
nothing.

Just for reference, this discussion began here:
http://forums.suse.com/showthread.php?t=2097

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are using the web interface,
show your appreciation and click on the star below...