centos as a router between lan no nat

Issues related to configuring your network
Post Reply
fromageNana
Posts: 1
Joined: 2018/05/05 14:23:31

centos as a router between lan no nat

Post by fromageNana » 2018/05/05 15:12:12

Hi,

For a lab, i would like to get a centOS 7 act as a router between 4 different lan but without nating...
A schematic is in the attachments section.

the router in the center, AD1, AD2 and nagios are vm running on 2 esxi server with vcenter and distributed switch.
There is 4 lan:
10.1.21.0/24 -> management network
200.200.0.0/24 -> AD1 server
200.200.1.0/24 -> nagios server
200.200.2.0/24 -> AD2 server

I did activate ipv4 routing with:
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf && sysctl -p

Since each lan is directlly connected to the router i should be able to ping each lan no ? (on a cisco router yes)
*Each machine has his gw set to the interface his lan of the centos router.

I saw people telling that we need nat with this command:
iptables -t nat -A POSTROUTING -o <outgoingInt> -j MASQUERADE
but for my lab, i don't need/want nating, just simple routing between lan.

My goal is to be able to reach each lan by the ip of the machine so without nating and having a default gateway to 10.1.21.254 the gateway to have internet.

Thanks for your help and sorry for my english, french native speaker :D
Attachments
Screenshot from 2018-05-05 16-30-23.png
schematic
Screenshot from 2018-05-05 16-30-23.png (60.21 KiB) Viewed 149 times

User avatar
jlehtone
Posts: 1959
Joined: 2007/12/11 08:17:33
Location: Finland

Re: centos as a router between lan no nat

Post by jlehtone » 2018/05/05 20:43:50

The
200.200.0.0/24 -> AD1 server
200.200.1.0/24 -> nagios server
200.200.2.0/24 -> AD2 server
are practically identical and just like any "home LAN". The members of each of those LANs have just the default gateway (the router) for reaching anything but link-local network. Plain and simple, nothing special.

The 10.1.21.0/24 is different. It has two members that act as routers: 10.1.21.254 and 10.1.21.151.
One of these routers is the gate to 200.200.[012]/24 networks.
The other router leads to everywhere else. That router (10.1.21.254) should be the default gateway for every member of the 10.1.21/24, including the "CentOS router" (10.1.21.151).

The CentOS router knows how to reach all four link-local networks. You have set it to route. Have you set the firewall to allow the routing?

What about the rest of 10.1.21/24? They, including the 10.1.21.254, have to be told that 10.1.21.254 is not the route to 200.200.[012]/24. If they had static routes (in addition to the default route), then they would know. That does not seem to be the task of the CentOS router. That router does not configure the members of 10.1.21/24. Somebody else does.


Your example has an additional oddity: 200.200.x.y are not private subnet ranges, are they? The 10.x.y.z is private. That makes no sense.

Post Reply