Skip to content
Advertisement

ip route add by specifying source address in the same network

I have 4 pc´s and another pc, call it proxy, all being in the same network: 172.16.96.0/20 . I can ping between each other. But, I want to separate them into 2. That is:

  • pc1 is directly connected to pc2
  • pc3 is directly connected to pc4

But, all traffic from pc1 or pc2 to pc3 or pc4 has to go through proxy and all traffic from pc3 or pc4 to pc1 or pc2 has to go through proxy

pc1          pc3
 |   -proxy-  |
pc2          pc4

pc1 IP: 172.16.97.24 
pc3 IP: 172.16.97.27
proxy IP: 172.16.97.2

To do that on pc1 I added:

ip route add 172.16.97.27 via 172.16.97.2

But, when I do traceroute 172.16.97.27, 172.16.97.2 does not appear as a hop..I am not sure if it should..

On proxy the routing table looks like:

default via 172.16.111.254 dev eth0 
172.16.96.0/20 dev eth0  proto kernel  scope link src 172.16.97.2

I think I should add another source that is pc1 172.16.97.24. And to be able to forward the traffic received from pc1 (172.16.97.24) to its destination(either pc3 or pc4), I used this:

ip route add 172.16.96.0/20 via 0.0.0.0 src 172.16.97.24

Error: RTNETLINK answers: No such device

ip route add 172.16.96.0/20 dev eth0:0 via 0.0.0.0 src 172.16.97.24

Error: RTNETLINK answers: Invalid argument

and:

ip route add 172.16.96.0/20 src 172.16.97.24

Error: RTNETLINK answers: No such device

I am not sure if I am going on the right path to do this configuration. Please tell me if not. Thank you!

Advertisement

Answer

I managed to solve the problem by adding on the proxy the following:

# sysctl net.ipv4.ip_forward=1 or add net.ipv4.ip_forward=1 in /etc/sysctl.conf (to keep it after you close the terminal)
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

-A POSTROUTING   Append a rule to the POSTROUTING chain
-o eth0          this rule is valid for packets that leave on the eth0 network interface (-o stands for "output")
-j MASQUERADE    the action that should take place is to 'masquerade' packets, i.e. replacing the sender's address by the router's address.

And I added on pc1,pc2,pc3,pc4:

ip route add pcDestIP via proxy

Where pcDest ip is pc3 and pc4 in case I am writing the rule on pc1.

More info : http://www.karlrupp.net/en/computer/nat_tutorial

and here: https://serverfault.com/questions/306024/how-to-route-network-traffic-of-a-host-via-another-host

Advertisement