Accessing physical subnets with same address range via a single gateway

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

 

I need to access several equipments through a single gateway. These
equipments have the same address range (172.16.32.0/24) which cannot be
modified.

 

Here is a diagram worth a thousand words:

 

                     gateway

(general network:GN) - eth0

                       eth1  ---- (equipments A: subnet= 172.16.32.0/24)

                       eth2  ---- (equipments B: subnet= 172.16.32.0/24)

                       eth3  ---- (equipments C: subnet= 172.16.32.0/24)

 

My idea is to NAT all these subnets from the general network. Equipment
A would be accessible from GN using its nonNATed subnets (172.16.32.x
...) Equipment B would be accessible from GN using NATed adrresses
(172.20.32.x-> 172.16.32.x)

Equipment C would be accessible from GN using NATed adrresses
(172.24.32.x-> 172.16.32.x)

 

So I need to NAT each whole subnet toward a specific interface.

The problem here is twofold: routing and NATing to physical subnets that
have the same address range and attached to a single machine.

 

Before trying with several equipments, I tried to setup a single subnet
with only one server acting as equipment B having the range:
172.16.32.0/24.

On the gateway:

      ifconfig eth2 172.16.32.100/24 up

      ifconfig eth2:1 172.20.32.100/24 up

 

On the B equipment:

      Ifconfig eth0 172.16.32.10/24 up

 

So I get this:

                     gateway

(general network:GN) - eth0

                       eth2   (172.16.32.100) ---- (equipment B=
172.16.32.10)

                       eth2:1 (172.20.32.100)

 

ping 172.16.32.10 works.

ping 172.20.32.10 does not work (as expected!)

 

Now I tried to setup NAT on the gateway:

iptables -t nat -A POSTROUTING -d 172.20.32.0/24 -j NETMAP --to
172.16.32.0/24

 

I expected that pinging 172.20.32.10 from the gateway would route the
packets to eth1:1, NETMAP them as 172.16.32.10 and send them on the
wire. Unfortunately it does not work. A tcpdump from equipment B says
that 172.16.32.100 is broadcasting arp request: "who has 172.20.32.10?",
meaning that the POSTROUTING NAT didn't work.

 

Any clue?

 

Since I'm not a netfilter expert I'm begging for help.

I don't know if my solution correct or I'm doing something wrong.

May be this is not feasible with a single gateway?

May be I should use a combination with the ROUTE target?

 

Thank you for your comments.

 

The gateway runs a Linux Debian 2.6.7-1-386.

 

 

Best regards,

Gilles.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux