1

I have multiple computers with 3 interfaces in multiple subnet.

For example : (all /24)

RED (linux)
eth0 192.22.184.113
eth1 192.23.184.113
eth2 192.24.184.113

BLUE (windows)
nic1 192.22.184.28
nic2 192.23.184.28
nic3 192.24.184.28

CYAN (windows)
nic1 192.22.184.30
nic2 192.20.184.30

I had routing problems when I specified a simple gateway on windows machines: the ping to the interface having the gateway worked, but not to the other interfaces. So, I made that :

enter image description here

With that, each BLUE's nic can ping each CYAN's nic.

But Linux is a problem. When I define a gateway, only the interface with it answer to the ping.

When I try to do the same configuration as windows :

enter image description here

What can I do ?

--------------------- EDIT ------------------

This is the whole config without any route / gateway.

RED enter image description here

BLUE enter image description here

CYAN enter image description here

ROUTER (win serv) enter image description here

The core problem is the same after adding some gateway / routes : only the nic with the route / gateway anwser pings but Linux allow a route to a network only to one nic. If I specify "route to .20" to eth0, eth1 will never answer to my pings from a .20 machine.

Improve this question
4
  • If you have configured corrrectly the IP addresses and netmasks on the interfaces, I don't think you need any gateways at all in this setup. This applies both to Linux and Windows. Adding the gateways only messes up the routing table. Without any gateway, eth0 on RED should be able to access all 192.22.184.* hosts, eth1 all 192.23.184.* hosts etc. The same applies to nic1, nic2 etc. on BLUE. In short - delete all gateways. It should just work without them. If it doesn't, something's wrong with IP/netmask setup, so please post the FULL network config here.
    – raj
    Commented Aug 5, 2022 at 10:52
  • @raj First post edited with the whole config. I agree with you, but the main problem is from pings from another sub network, like 192.20.184.30 pinging 192.22.184.113. If a route / gateway is defined for the .22 nic, there will be an answer, but a ping to .23 will fail because only one nic can have a route to a specified network (.20). (and thx for your help)
    – Cassandra
    Commented Aug 8, 2022 at 10:06
  • The issue is that both all your computers and your router are connected to all three networks. Therefore your computer can communicate with the router on any interface, so I understand why do you have to define a default gateway on all networks. But with that, asymmetric routing is possible, ie. the request goes to the router via one network and returns on another. Linux by default rejects asymmetric routing; you have to change some kernel parameters. I will check which one.
    – raj
    Commented Aug 8, 2022 at 10:41
  • Thank you for your help ! I'm a beginner in linux and maybe I have another possibility with multiple routing tables. I am currently trying this. I can't wait to try your idea too !
    – Cassandra
    Commented Aug 8, 2022 at 10:46

1 Answer 1

Reset to default
0

All your machines (RED, BLUE and CYAN) are connected to each other and to the router on three different subnets. This is not a common configuration. Usually you design network in that way that between any pair of machines there is only a single subnet connecting them.

Because of machines being connected via multiple subnets, asymmetric routing can happen, eg. you send a request from machine BLUE to machine CYAN on subnet 192.22.184.* but it returns on subnet 192.23.184.*. Operating systems usually discard/reject such packets, so you get no response to ping.

It seems that you managed to overcome this problem on Windows by defining a default gateway on all three subnets, but it's not possible in Linux. You can have only one default gateway in Linux (well, actually you can have more than one, but they need to have different metrics in that case, which probably will not solve your problem).

You have to enable asymmetric routing on Linux, ie. make Linux accept reply packets that come on different interface than the requests were sent. How do you do it depends on your Linux distribution (you didn't specify which one do you have). Here I found explanation for RedHat and CentOS: https://openplatform.xyz/enable-asymmetric-routing.html . On other distributions it may be done differently, but it will always involve modification of the kernel parameters net.ipv4.conf.*.rp_filter in the appropriate configuration file.

Improve this answer
5
  • Very nice ! I applied this changes but : (from CYAN) |------> ping 192.22.184.131 -S 192.22.184.30 --> OK |------> ping 192.22.184.113 -S 192.20.184.30 --> FAIL I'm using RedhHat 6 (more exactly, I have not the choice) and I created a snapshot of all the VMs. I have roll back the machines before trying a new configuration. After enabling asymmetric routing on Linux, I think I have to create the route / gateway for all the interfaces, the asymmetric routing alone is not enough.
    – Cassandra
    Commented Aug 8, 2022 at 11:46
  • You can try to create the routes to any of the two other subnets on each of the interfaces (not default routes, just routes to particular subnets). But I guess without sniffing the traffic and determining which way actually the packets are going in your network, it's hard to say anything more... You have a very unusual network setup, as I already wrote...
    – raj
    Commented Aug 8, 2022 at 12:02
  • And also I wonder why do you insist on ping from all interfaces working to all interfaces? What you need to achieve is that ping from any machine to any interface works. Do not specify the source interface when pinging. It is the OS and routing table's job to select the proper interface the packet will be sent out, not yours. By forcing the source interface you are actually messing up with the routing functionality.
    – raj
    Commented Aug 8, 2022 at 12:10
  • The main problem is due to the absence of the router. I had to put a machine under Windows Server to replace a real router. The routes that existed in the system no longer allow you to ping all the interfaces. Some scripts do "presence tests" which ping all interfaces. Since I can't change IP addresses or masks, I can only change the routing parameters.
    – Cassandra
    Commented Aug 8, 2022 at 12:21
  • I think the problem comes from there because RED and BLUE are in the same networks and CYAN can ping everything at BLUE but not at RED, with the specification of 1 gateway per interface. Also, I didn't specify it in my original post, but I have the problem on my 8 Linux machines while all Windows have all their interfaces pingable with this solution. It's not just 1 machine.
    – Cassandra
    Commented Aug 8, 2022 at 12:40

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .