Hi,
For a lab, i would like to get a centOS 7 act as a router between 4 different lan but without nating...
A schematic is in the attachments section.
the router in the center, AD1, AD2 and nagios are vm running on 2 esxi server with vcenter and distributed switch.
There is 4 lan:
10.1.21.0/24 -> management network
200.200.0.0/24 -> AD1 server
200.200.1.0/24 -> nagios server
200.200.2.0/24 -> AD2 server
I did activate ipv4 routing with:
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf && sysctl -p
Since each lan is directlly connected to the router i should be able to ping each lan no ? (on a cisco router yes)
*Each machine has his gw set to the interface his lan of the centos router.
I saw people telling that we need nat with this command:
iptables -t nat -A POSTROUTING -o <outgoingInt> -j MASQUERADE
but for my lab, i don't need/want nating, just simple routing between lan.
My goal is to be able to reach each lan by the ip of the machine so without nating and having a default gateway to 10.1.21.254 the gateway to have internet.
Thanks for your help and sorry for my english, french native speaker
centos as a router between lan no nat
-
- Posts: 1
- Joined: 2018/05/05 14:23:31
centos as a router between lan no nat
- Attachments
-
- schematic
- Screenshot from 2018-05-05 16-30-23.png (60.21 KiB) Viewed 1207 times
Re: centos as a router between lan no nat
The
The 10.1.21.0/24 is different. It has two members that act as routers: 10.1.21.254 and 10.1.21.151.
One of these routers is the gate to 200.200.[012]/24 networks.
The other router leads to everywhere else. That router (10.1.21.254) should be the default gateway for every member of the 10.1.21/24, including the "CentOS router" (10.1.21.151).
The CentOS router knows how to reach all four link-local networks. You have set it to route. Have you set the firewall to allow the routing?
What about the rest of 10.1.21/24? They, including the 10.1.21.254, have to be told that 10.1.21.254 is not the route to 200.200.[012]/24. If they had static routes (in addition to the default route), then they would know. That does not seem to be the task of the CentOS router. That router does not configure the members of 10.1.21/24. Somebody else does.
Your example has an additional oddity: 200.200.x.y are not private subnet ranges, are they? The 10.x.y.z is private. That makes no sense.
are practically identical and just like any "home LAN". The members of each of those LANs have just the default gateway (the router) for reaching anything but link-local network. Plain and simple, nothing special.200.200.0.0/24 -> AD1 server
200.200.1.0/24 -> nagios server
200.200.2.0/24 -> AD2 server
The 10.1.21.0/24 is different. It has two members that act as routers: 10.1.21.254 and 10.1.21.151.
One of these routers is the gate to 200.200.[012]/24 networks.
The other router leads to everywhere else. That router (10.1.21.254) should be the default gateway for every member of the 10.1.21/24, including the "CentOS router" (10.1.21.151).
The CentOS router knows how to reach all four link-local networks. You have set it to route. Have you set the firewall to allow the routing?
What about the rest of 10.1.21/24? They, including the 10.1.21.254, have to be told that 10.1.21.254 is not the route to 200.200.[012]/24. If they had static routes (in addition to the default route), then they would know. That does not seem to be the task of the CentOS router. That router does not configure the members of 10.1.21/24. Somebody else does.
Your example has an additional oddity: 200.200.x.y are not private subnet ranges, are they? The 10.x.y.z is private. That makes no sense.