This has been bothering me for a couple of days,
I have two subnets:
192.168.1.0/24 : This is the subnet used by my ISP/router. The gateway to the WAN is 192.168.1.1
192.168.2.0/24 : This is a subnet that I've created on my ESXi 5 virtual machine.
The physical machine that ESXi 5 is running on has two NIC's one NIC is connected to my ISP/router and the other is connected to another router with the DHCP server disabled. I'm using this second router just to keep the NIC status 'UP' from a vmware perspective.
I have a virtual Ubuntu 10.04 LTS running with two NIC's connected to it. The idea is that this will server as a router between the two subnets. I have DHCP running on the Ubuntu router that is dishing out IPs to my virtual machines using the 192.168.2.0 LAN.
The problem I'm having is that I can't seem to get the Ubuntu router to forward packets from one subnet to another. I should note I have tried every possible combination of configuration settings I can think of. My current set up is as follows:
I have run the command echo 1 > /proc/sys/net/ipv4/ip_forward to enable packet forwarding.
My firewall looks like this:
root@gRouter:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
My '/etc/network/interfaces' looks like this:
root@gRouter:~# cat /etc/network/interfaces
auto lo eth0 eth1
iface lo inet loopback
iface eth0 inet static
address 192.168.1.105
network 192.168.1.0
netmask 255.255.255.0
up ip route add 192.168.2.0/24 via 192.168.1.105
iface eth1 inet static
address 192.168.2.2
network 192.168.2.0
netmask 255.255.255.0
up ip route add 192.168.1.0/24 via 192.168.2.2
From this dual NIC router to be, I can ping between virtual machines within the 192.168.2.0 subnet and I can ping between virtual machines and physical machines on the 192.168.1.0 subnet. But I cannot ping from one subnet to another.
My routes table looks like this:
root@gRouter:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
My arp currently looks like this:
root@gRouter:~# arp -v
Address HWtype HWaddress Flags Mask Iface
192.168.2.13 ether 00:0c:29:30:f4:d9 C eth1
192.168.2.10 ether 00:0c:29:bf:60:a3 C eth1
192.168.1.64 ether 38:59:f9:e7:a0:f5 C eth0
Entries: 3 Skipped: 0 Found: 3
When I try to ping from a machine in subnet 192.168.2.0 to a machine in 192.168.1.0 subnet, I immediately get the error message 'connect: Network is unreachable'
When I try to ping from a machine in subnet 192.168.1.0 to a machine in 192.168.2.0 subnet, the first ping is initiated but it just hangs indefinately.
Sorry for the long post, I hope I have given enough information. Really grateful for any help.
Thanks in advance.
Best Answer
You have no way to get the packets to the machine doing the routing. Machines on each network need to know that the router's interface on their network is their gateway to the other network.
The simplest way to do this is to add a static route to the default gateway on each network. For example, if the router is 192.168.1.10/24 and 192.168.2.20/24, and the default gateways for the two networks are 192.168.1.1 and 192.168.2.1, then you need to add the following two static routes:
1) On 192.168.1.1, you need a route to 192.168.2.0/24 with a gateway of 192.168.1.10
2) On 192.168.2.1, you need a route to 192.168.1.0/24 with a gateway of 192.168.2.20
That way, when machines on either network send packets for the other network to their default gateway, the default gateway will know to send the packets to the router that connects the two networks.