We've seen how TCP/IP addresses combined with netmasks determine networks. For example, 192.168.200.83 and 192.168.201.35 are on separate networks if the netmask is 255.255.255.0 (a class C netmask).
If this concept isn't completely clear to you, go back and review.
See Networks 101 and Advanced TCP and CIDR
So, let's say that 192.168.200.83 is our server, and 192.168.201.35 is a Windows machine. Again, it's a class C netmask (255.255.255.0), so there is going to have to be a router in the network. That router is going to have to have one port on the 192.168.200 network, and one on the 192.168.201 network.
How that happens depends on the router, but usually these things get configured initially by connecting to a serial port, and typing commands to set addresses and protocols on the other network ports. For the purposes of this article, we'll assume that the router has one port addressed at 192.168.200.1 and another at 192.168.201.1 (it's very common for routers to use the "1" address).
Starting at the Win machine, it needs to have a route so that it can get off its network (192.168.201) to the server's network (192.168.200). You'd do this in Settings->Control Panel ->Networks. Under the Properties for TCP/IP, you'd find a tab for Gateway. Here you'd enter the address of the router port on your network. That's 192.168.201.1 because the Win machine is on the 192.168.201 network.
If you dropped out to DOS and typed "ping 192.168.200.83" (that's the server address) before setting that gateway, you'd get "Destination host unreachable" (from a Unix machine you would get "No route to host"). After making this setting (and rebooting the machine, you'll get "Request timed out" instead.
See Why "no route to host" when it can be pinged? also.
The problem is that the Win machine knows how to get to the server through the router, but the server doesn't know how to get back. The server needs a route to get to the 192.168.200 network.
So we need to do it there, also. If the server were a SCO Unix machine, we might type "route add default 192.168.200.1" (on older SCO you'd do "route add 192.168.201.0 192.168.200.1 0".
Note that we are saying our route goes to 192.168.201.0, not to a specific address: the .0 says we're giving a route to the whole network. If this were a class A network (255.0.0.0 netmask) we'd use route add 10.0.0.0, etc.
Linux is similar, but you need "gw" in there: "route add default gw 192.168.200.1"
NT is similar to Win, though in both cases you can also issue "route add" commands at the command prompt. With NT and (I think) , doing this adds the routing information to the registry, so it sticks through a reboot. On SCO, that's not the case. You'll need to add the commands to a start-up file (/etc/rc2.d/S99route, for example: it doesn't exist, but you can create it) or modify the /etc/gateways file (see 'man routed'for the syntax of that file). The disadvantage of /etc/gateways is that it is used by routed, so if you are not running routed, that won't work.
You could also modify /etc/tcp and add your routes after it sets up its default routes. That has the disadvantage of modifying a system file: an upgrade will overwrite that.
SCO 5.0.4 adds a /etc/rc2.d/S90iproute script that reads /usr/internet/etc/sco_ip/routes. It's the Internet Manager that can add info to that file, but there's no reason you can't do it manually. The format is simple:
# comments are ok # simple form net default 10.1.1.3 # it's smart enough to delete the previous default net default 192.168.1.2 # routes to specific hosts host 192.168.1.8 10.1.1.7 # netmasks optional net 192.168.1.0 10.1.1.3 255.255.255.0 # if field 1 isn't host or net, it's ignored happiness 172.16.80.10 10.1.1.1 sanjose 172.16.80.10 10.1.1.1
Another advantage of this script is that when called with "stop" (/etc/rc2.d/S90iproute stop), it will delete the routes listed in the file.
Beginning with 5.0.6, you can add the default route in /etc/default/tcp. Just modify the GATEWAY= line, and /etc/tcp will read that. DON'T DO THIS ON PRIOR RELEASES; /etc/tcp doesn't look for that until 5.0.6
So how does the OS know where to send a packet when you have more than one card in your machine such as when you have DS internet access and an internal network? You may not have realized this, but that's routing.
The OS "knows" by the addresseses and netmask you have put on the cards.
Lets say you have two cards: your internal network card which is 192.168.2.10 with a mask of 255.255.255.0, and your external card which gets a DHCP address that's real, but let's pretend that right this minute it's 64.xyz,xyz.12 again with a 255.255.255.0 mask.
If you "ping 192.168.2.27" (some other machine on your internal network, the only place that packet will be sent to is your 192.168.2.10 card.
If you ping something on the network of the other card, that's where those packets will go.
So what if you ping something else like "132.xyz.xyz.89" ? That's where your default route comes into play. It might, for example, be 64.xyz,xyz.1. It *has* to be something on one of the networks defined by your cards. It could not be "144.xyz.xyz.1" for instance because you have no such network. So, if it were 64.xyz.xyz.1, the packets would go out your 64. interface and find their way to that router, which presumably can get them to the 132 address, either directly or by sending them along somewhere else.
You can see this stuff in action by using "traceroute"
Here's a traceroute from my machine to world.std.com
1 65.96.8.1 (65.96.8.1) 12.640 ms 23.976 ms 12.765 ms 2 65.96.8.1 (65.96.8.1) 12.103 ms 13.057 ms 12.767 ms 3 24.128.9.177 (24.128.9.177) 12.732 ms 12.472 ms 12.177 ms 4 SRP2-0-NDHMMA1-RTR01.necore.mediaone.net (24.91.0.55) 13.177 ms 22.586 ms 11.567 ms 5 12.125.33.21 (12.125.33.21) 16.168 ms 14.617 ms 16.164 ms 6 gbr1-p60.cb1ma.ip.att.net (12.123.40.138) 15.968 ms 21.932 ms 19.366 ms 7 gbr3-p70.cb1ma.ip.att.net (12.122.5.53) 14.354 ms 16.152 ms 20.548 ms 8 gbr4-p10.n54ny.ip.att.net (12.122.2.13) 40.957 ms 25.775 ms 19.749 ms 9 ggr1-p370.n54ny.ip.att.net (12.123.1.125) 22.161 ms 20.915 ms 18.146 ms 10 att-gw.ny.uu.net (192.205.32.178) 49.996 ms 21.813 ms 20.946 ms 11 0.so-5-2-0.XL1.NYC8.ALTER.NET (152.63.19.54) 20.369 ms 21.435 ms 19.783 ms 12 0.so-3-0-0.XR1.NYC8.ALTER.NET (152.63.19.30) 20.199 ms 20.250 ms 20.146 ms 13 283.ATM7-0.XR1.BOS1.ALTER.NET (152.63.16.181) 30.349 ms 30.457 ms 29.981 ms 14 191.ATM7-0.GW3.BOS1.ALTER.NET (146.188.177.209) 35.961 ms 26.439 ms 40.353 ms 15 Boston-STD.std.com (192.74.137.80) 43.999 ms 61.854 ms 50.184 ms 16 world.std.com (192.74.137.5) 63.528 ms 81.948 ms 84.958 ms
It's important to understand that this message doesn't necessarily come from the system that tried to get somewhere. It comes from the machine doesn't know how to get to the next stop. If your own routing table is incorrect, then it's you. If you can get to at least the next hop (as seen in a traceroute), then the "no route" message comes from them, not you. That could mean you have the wrong gateway route, but it could also mean that they do. See Telnet: route to host for a detailed explanation.
See also :
Got something to add? Send me email.
More Articles by Tony Lawrence © 2013-08-17 Tony Lawrence
Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth. (Arthur Conan Doyle)
To keep things saved after a reboot for NT/2K, you must specify:
route add -p 192.168.2.1 mask 255.255.255.0 192.168.1.1
The -p should save the route in the registry.
- Bruce Garlock
Tue Apr 5 18:03:07 2011: 9431 Martin
Thanks for this overview.
I was hoping that I could set up routing from my XP machine so that when I am connected to a VPN, I could still access my email on the internet by routing packets through the default interface connection, but this does not seem to work. Your comment about the server not knowing how to get back made me think that maybe that is the reason, but then how am I able to access my email if not connected to the VPN?
Tue Apr 5 20:19:52 2011: 9432 TonyLawrence
Most vpn's that I have used offer a choice of leaving the gateway alone or sending through the VPN. Are you sure you didn't just miss that in the set up?
Thu May 26 09:41:09 2011: 9513 anonymous
I have the same problem (wish :-)).
I am sure there is no way to enable it in client. So, is there any way to do it using routing?
Thu May 26 11:02:47 2011: 9514 TonyLawrence
You can set your route to anything you want. However, it's still up to that machine whether or not it will route your packets and return the results to you.
Sat Apr 27 13:54:45 2013: 12048 Bell
Hello everyone!!
I have Within my network some users that have need to access to another LAN in order to access that LAN INTRANET for work purposes.
Thats how my LAN design is: ROUTER»»ASA»»TMG»»LOCAL LAN.
SO My local LAN uses a DHCP server for distribuiting IP ADD on 192.168.1.0/24.
These user normally goes to that specific INTRANET www6.minfin.gv.ao through internet.
The thing is, i want those users to still get access to the www6.minfin.gv.ao even if there´s no internet connection, so they can access minfin intranet and keep there job going.
So we got a Router, that is connected to a dedicated telefone line, that connect to the Minfin like a frame relay. in that router two interface i have the following configuration that where done by the Minfin:
So this is what is configured on the Fa to Minfin
172.30.4.34 www6.minfin.gv.ao
172.30.4.33 www7.minfin.gv.ao
192.168.251.142 www12.minfin.gv.ao
And on ther Fa is 192.168.1.25. thats the interface that connects to my LAN.
On the other side, we have to configure manually a static route in the ROUTE PRINT
Verificar e adicionar rotas estáticas.
Route print
Caso não haja rotas estáticas, adicionar manualmente
Route add -p 172.30.4.34 mask 255.255.255.255 192.168.1.25
Route add -p 172.30.4.33 mask 255.255.255.255 192.168.1.25
Route add -p 192.168.251.142 mask 255.255.255.255 192.168.1.25
So the thing is, i use DHPC to address LAN ip addressing,
How can my internal PCs still access the www6.minfin.gv.ao INTRANET even is theres no internet?
What other configuration i must do and where?
Please help
Bell
Sat Apr 27 14:05:39 2013: 12049 TonyLawrence
Don't have them use the public IP. Set www6.minfin.gv.ao in /etc/hosts with its internal LAN address.
------------------------
Printer Friendly Version
Routing Basics Copyright © January 1997 Tony Lawrence
Have you tried Searching this site?
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version