Ticket Options
Question Profile
| DATE | Feb 12, 2007 |
| TICKET | #333227 |
| STATUS | Closed |
| SUBJECT | Routing 3 subnets in panther server |
| CAT | Home/Business Network and/or Internet Connection |
| TYPE | Servers |
| DESC | |
| DESC | |
| PLATFORM | Apple Macintosh (PowerPC G3,G4,G5) |
| MODEL | XServe g5 |
| PROC | Dual 2.3ghz |
| RAM | 2gb |
| DRIVE | 80gb |
| NAME | Stephen |
| USERNAME | SpiralOcean |
| TECHNICAL | Lots of Experience |
| ISSUE | Lots of Troubleshooting |
Question Details
TICKET ARCHIVE -> Routing 3 subnets in panther server
SpiralOcean - Feb 12, 2007 - 7:24 pm
I have a panther server with three nic cards or en ethernet cards, each one connected to a different network.
xx.xx.1.101 = private intranet used for storing video files.
xx.xx.2.88 = company intranet used for internet access
xx.xx.3.10 = editors intranet
I have a NAT set up to forward network activity from the 2.88 to the 3.10.
But the editors (3.10) also need to access 1.101.
Is there a way to connect the .3 to the .1 network through the server?
Any help would be greatly appreciated.
Here's a picture to show what I'm trying to say.
http://www.kbdiondemand.org/client_files/routing.pdf
I did find this article which was helpful.
http://www.mactech.com/articles/mact...ter/index.html
Here's a picture of the routing table:
http://www.kbdiondemand.org/client_f...utingTable.png
Can't figure out why the 192.168.3 subnet is not entered. Whenever I enter
route add -net 192.168.3/24 192.168.1.101
I get the message:
route: writing to router socket: file exists
I have NAT enabled on the server to share my xx.xx.2.88 connection.
I have the mac os firewall running in order to enable the NAT.
Here is the article I used to create the NAT.
http://www.oreillynet.com/pub/a/wire...t_panther.html
At this point, I have disabled the NAT & firewall from running on the server. I have been deleting routing entries and flushed the routing table. I'm just trying to IP forward between the three subnets.
Here is what my routing table looks like now:
http://www.kbdiondemand.org/client_f...ingTables2.png
But when I go to a computer on the xx.xx.3 net, I cannot ping a computer on the xx.xx.1 net.
Question #2:
route add -net 192.168.3/24 192.168.1.101
is this the correct way to do this?
Or should I be entering the ip address of the en card that is addressed to the subdomain. Example:
route add -net 192.168.3/24 192.168.3.10
I haven't been able to find any good, specific help on routing tables for mac os x. I know the concepts are the same in differnt OS, but it would be nice to have something that walks me through it. If you know of any resources I could try, I would appreciate it.
My ultimate goal in this is to have a NAT set up on the .2 subdomain, and the .3 & .1 subdomains talking to each other. And to have a computer outside the NAT, be able to punch into a computer on the .3 subdomain.
Thank you for your help.
xx.xx.1.101 = private intranet used for storing video files.
xx.xx.2.88 = company intranet used for internet access
xx.xx.3.10 = editors intranet
I have a NAT set up to forward network activity from the 2.88 to the 3.10.
But the editors (3.10) also need to access 1.101.
Is there a way to connect the .3 to the .1 network through the server?
Any help would be greatly appreciated.
Here's a picture to show what I'm trying to say.
http://www.kbdiondemand.org/client_files/routing.pdf
I did find this article which was helpful.
http://www.mactech.com/articles/mact...ter/index.html
Here's a picture of the routing table:
http://www.kbdiondemand.org/client_f...utingTable.png
Can't figure out why the 192.168.3 subnet is not entered. Whenever I enter
route add -net 192.168.3/24 192.168.1.101
I get the message:
route: writing to router socket: file exists
I have NAT enabled on the server to share my xx.xx.2.88 connection.
I have the mac os firewall running in order to enable the NAT.
Here is the article I used to create the NAT.
http://www.oreillynet.com/pub/a/wire...t_panther.html
At this point, I have disabled the NAT & firewall from running on the server. I have been deleting routing entries and flushed the routing table. I'm just trying to IP forward between the three subnets.
Here is what my routing table looks like now:
http://www.kbdiondemand.org/client_f...ingTables2.png
But when I go to a computer on the xx.xx.3 net, I cannot ping a computer on the xx.xx.1 net.
Question #2:
route add -net 192.168.3/24 192.168.1.101
is this the correct way to do this?
Or should I be entering the ip address of the en card that is addressed to the subdomain. Example:
route add -net 192.168.3/24 192.168.3.10
I haven't been able to find any good, specific help on routing tables for mac os x. I know the concepts are the same in differnt OS, but it would be nice to have something that walks me through it. If you know of any resources I could try, I would appreciate it.
My ultimate goal in this is to have a NAT set up on the .2 subdomain, and the .3 & .1 subdomains talking to each other. And to have a computer outside the NAT, be able to punch into a computer on the .3 subdomain.
Thank you for your help.
SpiralOcean - Feb 13, 2007 - 6:02 pm
Hmm... when the NAT is set up, it adds a divert rule to the ipfw that forwards data to the NAT service.
I wonder if I need to create some divert rules in the firewall to forward from the .3 to .1 subnets?
I wonder if I need to create some divert rules in the firewall to forward from the .3 to .1 subnets?
SpiralOcean - Feb 13, 2007 - 6:08 pm
Here is my newest routing table.
I cleared everything, then started from scratch. I have NAT working, without the private address that the article talked about adding.
http://www.kbdiondemand.org/client_files/routing3.png
I cleared everything, then started from scratch. I have NAT working, without the private address that the article talked about adding.
http://www.kbdiondemand.org/client_files/routing3.png
SpiralOcean - Feb 15, 2007 - 2:39 pm
Still having problems creating a divert rule:
Here is the rule I am trying to add to the firewall:
sudo ipfw add 100 divert ip from 192.168.3.10/24 to 192.168.1.101/24 out recv en1 xmit en2
The error message I get is:
ipfw: error: illegal divert port
I have seen mention about an ipdivert option in the kernal? Or that I need to create a divert port to a socket? Unsure how to proceed.
Here is the rule I am trying to add to the firewall:
sudo ipfw add 100 divert ip from 192.168.3.10/24 to 192.168.1.101/24 out recv en1 xmit en2
The error message I get is:
ipfw: error: illegal divert port
I have seen mention about an ipdivert option in the kernal? Or that I need to create a divert port to a socket? Unsure how to proceed.
TechSupport - Feb 18, 2007 - 2:40 pm
TechSupport - Feb 20, 2007 - 2:00 pm
SpiralOcean - Mar 23, 2007 - 9:36 am
Re: Server 10.3.9 - Three NIC cards - Route between Three subnets
Posted: Mar 19, 2007 12:09 PM in response to: StephenZcat
Reply Email
Okay... so this is what I did to solve this problem.
1. Set all NIC cards on the server to static ip addresses joined to each subdomain.
192.168.1.101
192.168.3.10
192.168.2.88
2. Make sure IP forwarding is set to on.
3. Enter routing commands into the Mac server routing table:
route add 192.168.1.0/24 -net 192.168.1.101
route add 192.168.3.0/24 -net 192.168.3.10
route add 192.168.2.0/24 -net 192.168.2.88
The second IP address is the IP address that is on the network card on the Mac.
This tells the routing on the server to send all IP packets that match the ip address of 192.168.1.xxx to be sent out the 192.168.1.101 network card.
Then on the 192.168.1 subdomain, I found the computer that was acting as the router. 192.168.1.1.
This is a windows 2000 professional server that was running vDHCP software to act as a DHCP server and all the other computers on that subdomain were pointed to it as the router.
However, this computer did not have IP forwarding turned on.
To turn on IP forwarding on a windows 2000 computer:
http://www.windowsnetworking.com/art.../w2kprout.html
Then I needed to add a route to the routing table that sends all 192.168.3.xxx traffic back to the mac server, which is connected to the 192.168.1.xxx subdomain with the IP address of 192.168.1.101.
On the 192.168.1.1 Server this is the route I added:
route add 192.168.3.0 mask 255.255.255.0 192.168.1.101
Now the .1.xxx & .3.xxx subdomains are connected and traffic can be passed back and forth between the two.
--------------
Example:
On client computer 192.168.3.12, ping 192.168.1.8.
The ip packet first looks for information on the routing table found on 192.168.3.12, it doesn't find any matching routes for the ip address, but it does match the default router (0.0.0.0) and sends the IP packet to the default router which is the mac server: 192.168.3.10
The routing table on the server matches 192.168.1.8 to the route 192.168.1.0/24 and sends the packet out the 192.168.1.101 network card.
From the 192.168.1.101 network card, the computer 192.168.1.8 can be seen and the IP packet is sent to 192.168.1.8.
Once it reaches 1.8, it looks at the return address on the IP packet. (192.168.3.12). It searches for a match on the local routing table. It doesn't find a match but the default router is 192.168.1.1. It sends the IP packet to 192.168.1.1.
The routing table on 192.168.1.1 has a route to send packets that match 192.168.3.0/24 to the ip address of 192.168.1.101. (mac os x server)
Once the packet reaches the mac server, it finds a route to send packets that match 192.168.3.0/24 to the network card with the address of 192.168.3.10.
Once the IP packet reaches the card, it can see the ip address: 192.168.3.12 and gets sent to that computer.
Posted: Mar 19, 2007 12:09 PM in response to: StephenZcat
Reply Email
Okay... so this is what I did to solve this problem.
1. Set all NIC cards on the server to static ip addresses joined to each subdomain.
192.168.1.101
192.168.3.10
192.168.2.88
2. Make sure IP forwarding is set to on.
3. Enter routing commands into the Mac server routing table:
route add 192.168.1.0/24 -net 192.168.1.101
route add 192.168.3.0/24 -net 192.168.3.10
route add 192.168.2.0/24 -net 192.168.2.88
The second IP address is the IP address that is on the network card on the Mac.
This tells the routing on the server to send all IP packets that match the ip address of 192.168.1.xxx to be sent out the 192.168.1.101 network card.
Then on the 192.168.1 subdomain, I found the computer that was acting as the router. 192.168.1.1.
This is a windows 2000 professional server that was running vDHCP software to act as a DHCP server and all the other computers on that subdomain were pointed to it as the router.
However, this computer did not have IP forwarding turned on.
To turn on IP forwarding on a windows 2000 computer:
http://www.windowsnetworking.com/art.../w2kprout.html
Then I needed to add a route to the routing table that sends all 192.168.3.xxx traffic back to the mac server, which is connected to the 192.168.1.xxx subdomain with the IP address of 192.168.1.101.
On the 192.168.1.1 Server this is the route I added:
route add 192.168.3.0 mask 255.255.255.0 192.168.1.101
Now the .1.xxx & .3.xxx subdomains are connected and traffic can be passed back and forth between the two.
--------------
Example:
On client computer 192.168.3.12, ping 192.168.1.8.
The ip packet first looks for information on the routing table found on 192.168.3.12, it doesn't find any matching routes for the ip address, but it does match the default router (0.0.0.0) and sends the IP packet to the default router which is the mac server: 192.168.3.10
The routing table on the server matches 192.168.1.8 to the route 192.168.1.0/24 and sends the packet out the 192.168.1.101 network card.
From the 192.168.1.101 network card, the computer 192.168.1.8 can be seen and the IP packet is sent to 192.168.1.8.
Once it reaches 1.8, it looks at the return address on the IP packet. (192.168.3.12). It searches for a match on the local routing table. It doesn't find a match but the default router is 192.168.1.1. It sends the IP packet to 192.168.1.1.
The routing table on 192.168.1.1 has a route to send packets that match 192.168.3.0/24 to the ip address of 192.168.1.101. (mac os x server)
Once the packet reaches the mac server, it finds a route to send packets that match 192.168.3.0/24 to the network card with the address of 192.168.3.10.
Once the IP packet reaches the card, it can see the ip address: 192.168.3.12 and gets sent to that computer.
IF THIS IS YOUR QUESTION AND YOU WISH TO RESPOND, LOGIN HERE FIRST.
