Two different Gateways in one subnet, Client only has a standard gateway

gatewaynetworkingroutingsubnet

following situation:

Subnet A: 192.168.0.0/24
Subnet B: 10.1.1.0/24
Standard GW (Router) in Subnet A: 192.168.0.254
GW leading to subnet 10.1.1.0/24: 192.168.0.100

I want to send traffic from a device in subnet A to a device in subnet B. But the router which is forwarding traffic to subnet B is not my default gw. My actual default GW has a static route to subnet B with gw 192.168.0.100 configured. So I have two gateways in one subnet.

What is best practice for this situation?

Do I send traffic to my default gw, which sends the traffic back out the port where the traffic was received, to forward data to my other router? Are the any potential security features on routers which prevent this from happening?
Do I have to add a static route to all my hosts in subnet A to lead traffic to subnet B via my secondary router directly – so without contacting my default gw first?

I hope my question is clear. Thanks in advance. My Network

Best Answer

Although a router is technically a gateway, the clients only have one Default Gateway.

You have one router that is connected to the 192.168.0.0/24 network and to your ISP. This router is the default gateway for the 192.168.0.0/24 network.

You have another router which is connected to the 192.168.0.0/24 network that is also connected to the 10.1.1.0/24 network. This router is the router/gateway from the 192.168.0.0/24 network to the 10.1.1.0/24 network, but it is not the default gateway for the 192.168.0.0/24 network.

The clients on 192.168.0.0/24 network don't need to explicitly know about the 10.1.1.0/24 network and they don't need an explicit route to the 10.1.1.0/24 network. Your clients will all use the default gateway on the 192.168.0.0/24 network to reach the 10.1.1.0/24 network.

The default gateway on the 192.168.0.0/24 network has a route to the 10.1.1.0/24 network via the other router on the 192.168.0.0/24 network. The default gateway router on the 192.168.0.0/24 network will happily send an ICMP redirect to clients trying to reach the 10.1.1.0/24 network and instruct them to use the other router on the 192.168.0.0/24 network to reach it.

Related Solutions

Linux – two subnets, one interface, one gateway – NAT the additional subnet

This is telling:

16:58:37.189758 IP 192.168.0.2 > 74.125.128.106: ICMP echo request, id 1, seq 2, length 40
16:58:37.189805 IP 10.0.0.1 > 74.125.128.106: ICMP echo request, id 1, seq 2, length 40
16:58:37.194607 IP 74.125.128.106 > 10.0.0.1: ICMP echo reply, id 1, seq 2, length 40

The upstream router (10.0.0.254) is sending the reply back to Host1, so your routing and SNAT is working. The problem is that Host1 is not passing that reply back to the 192.168.0.0/24 network.

Have you got the appropriate connection tracking kernel modules loaded?

Make sure the traffic is going into the connection tracking table:

grep src=192.168.0.2 /proc/1/net/nf_conntrack

I saw a similar issue with TCP packets just the other day which turned out to be due to rp_filter in the kernel. I can't see how that would be the issue here, but it's very similar. Can you post the route table (ip route show) from Host1 and check your rp_filter setting? (cat /proc/sys/net/ipv4/conf/default/rp_filter)

Server with two default gateways won’t listen on the second gateway

It isn't that the incoming connection isn't coming it, it's that the routing table thinks that the return trip should go through the default gateway.

You should really consider splitting this off into 2 different subnets for the LANs between each WAN device and the server's NICs. That would be the proper way to handle this, and if it is a direct connection between the server NIC and a port on the "gateway" then something as simple as a /30 would work for each "route".

Use 2 different NICs in the Windows Server, each on their respective subnets and respective default gateways to each of these WAN devices. But you'd still have to manually fail over the gateway in the routing (disable one nic for instance during normal operation, and then enable it and disable the other during failover. It would all be manual).

I don't know if RRAS and dead gateway detection might work here...never used it myself, but you may look into it too.

Best Answer

Related Solutions

Linux – two subnets, one interface, one gateway – NAT the additional subnet

Server with two default gateways won’t listen on the second gateway

Related Topic