Two subnets communicating

H

hac3ru

Okay. I have a FreeBSD server which "generates" two subnets: 172.23.0.0/21 and 172.23.8.0/23. I want these two subnets to be able to communicate. I need the workstations on the second subnet (.8.0/23) to communicate with the apache server on the first subnet. I'm kind of lost.

Any help would be greatly appreciated.
 
Turn on routing and make sure routing is setup correctly.
 
Could you give me more details please?

Need to mention: I already have some routing done. The defaultrouter is 193.236.7.219 and I have some routing from 172.22.0.0/21 and from 172.24.0.0/21.
 
Unless you have another interface in that machine your default gateway is out of range of any of the other subnets.

To turn on routing, add to /etc/rc.conf:
Code: 
gateway_enable="YES"
 
It's on.

I have two cards: bge1 which is LAN and em1 which is another server (the one providing internet) 193.236.7.219.

At the same time, this server is connected with others and all of them go into the Internet server. Now, I have two local subnets, as I said before, and I want the 172.23.0.0/23 to be able to communicate with 172.23.0.1.
 
Please post an image or a clear description of your network topology. Currently it looks like 172.23.0.0/23 is directly connected and thus should be accessible.
 
Okay.

One fiber optic cable comming from the 193.236.7.219 which is the Internet server. I have three NICs: em0 and bge1 (which are in use) and one bge0 which will be used in a couple of weeks to link the other 172.22.0.0 and the 172.24.0.0/21 networks.

I have done the routing from 172.22 and 172.24 using as default router 193.236.7.x (can't check it now). It works this way so there's no problem with this.

I have done two subnets: 172.23.0.0/21 and 172.23.8.0/23. In the 172.23.0.0/21 I have an internet connection. In 172.23.8.0/23 I don't have an internet connection, I don't need an internet connection, I only need to communicate with 172.23.0.1 which is the LAN server of 172.23.0.0/21.

Does it make any sense or I'd better make a drawing? :)
 
A drawing would be nice because I still have no idea how 172.23.0.0/21 and 172.23.8.0/23 are connected to the FreeBSD machine.
 
dhcpd.conf:

Code: 
global variables

shared-network subnets {
subnet 172.23.0.0 netmask 255.255.248.0 {
options router 172.23.0.1
option broadcast-address 172.23.7.255

range 172.23.0.2 172.23.6.3
}
subnet 172.23.8.0 netmask 255.255.254.0
option router 172.23.8.1
option broadcast-address 172.23.9.255
range 172.23.8.2 172.23.9.254
}

So the subnets are created by the FreeBSD machine. Both of them.
 
That still doesn't tell me how they are connected. Physically.
 
They are not. They're on the same interface: bge0. I divided my LAN into two subnets if I may call them like that.

1 server, 2 network interfaces: the em0 which is the internet interface and bge0 which is subnet 172.23.0.0/21 and 172.23.8.0/23. Both of them on the same interface.
 
Ah, that wasn't quite clear.

In that case, simply turn on routing and you're done. Both networks are directly connected.
 
hac3ru said:
Do I need to set up a route or something?
Click to expand...
Routes to 172.23.0.0/21 and 172.23.8.0/23 are implied because they are directly connected.

Do you have any experience with routing? If not, I suggest brushing up on your knowledge.
 
The interface bge1 needs to have an address in both subnets. Looking at your DHCP configuration it should be 172.23.8.1 and 172.23.0.1.

It's also possible the switch is configured with VLANs to seperate those two subnets. In that case you'd need to create a VLAN trunk and assign those two VLANs to bge1.

Or, if it's a layer 3 switch, it's possible the actual routing is done by the switch's routing module. In that case you'll need to reconfigure your switch.

If you don't understand any of this I suggest hiring someone that can take care of it for you.
 
Now that's a drawing. A+
What you have is called router-on-a-stick, that is, a router trunked into switch. You want to look at vlan(4).
Also, that dhcpd.conf you posted has nothing to do with interface setup and routing.
 
SirDice said:
The interface bge1 needs to have an address in both subnets. Looking at your DHCP configuration it should be 172.23.8.1 and 172.23.0.1.

It's also possible the switch is configured with VLANs to seperate those two subnets. In that case you'd need to create a VLAN trunk and assign those two VLANs to bge1.

Or, if it's a layer 3 switch, it's possible the actual routing is done by the switch's routing module. In that case you'll need to reconfigure your switch.

If you don't understand any of this I suggest hiring someone that can take care of it for you.
Click to expand...

Oww damn. Could you tell me how to configure the subnet / the interface so it'll have an address in both subnets?

I don`t want to do the management using the switches. I just don`t.

Got it. I assigned an alias IP address to bge1.
Thank you for your time and patience.

Got another tiny problem: I could ping the 172.23.8.1 (bge1 alias) for about 2 minutes. After that, SILENCE! Any ideas why? The firewall is passing anything coming from 172.23.8.0/23 to any.
 
We're not mindreaders, how do you expect us to know what's wrong when you didn't show what has been done?
Show what you did so far, including switch configuration for trunk.
And be more careful about how you format your messages, I see DD already pulling his hair out.
 
Well... I only added an alias in rc.conf:

Code: 
ifconfig_bge1_alias0="inet 172.23.8.1 netmask 255.255.254.0"
That's all. As I said, I don't like working with this switches. I can ping 172.23.8.1 for about 5 minutes after I restart the FreeBSD server. After that, silence.

How I format my messages? What's not right?
I admit, I skipped the rules.
 
Well, then it's about time you stopped doing that, because you're causing me extra work. The comments under your posts should clue you in.
 
Ok. I am sorry.
I still need an answer if it is possible. I have an alias for bge0, which is 172.23.8.1, and I posted my dhcpd.conf before.

Code: 
shared-network subnets {
subnet 172.23.0.0 netmask 255.255.248.0 {
options router 172.23.0.1
option broadcast-address 172.23.7.255

range 172.23.0.2 172.23.6.3
}
subnet 172.23.8.0 netmask 255.255.254.0
option router 172.23.8.1
option broadcast-address 172.23.9.255
range 172.23.8.2 172.23.9.254
}
Here it is again. My problem is that, even with
Code: 
enable_gateway="YES"
in rc.conf, workstations in the seconds subnet, 172.23.8.0/23 can not access 172.23.0.1. Anyone have any ideas?

I can ping 172.23.8.1 for five minutes after I restart the server and it doesn't respond after that.
 
I have a feeling you didn't check vlan(4)

You need something like this:
Code: 
ifconfig vlan0 create
ifconfig vlan0 vlan 100 vlandev bge0

That's one 802.1q tagged subnet.
 
hac3ru said:
My problem is that, even with enable_gateway="YES" in rc.conf, workstations in the seconds subnet, 172.23.8.0/23 can not access 172.23.0.1.
Click to expand...
That's because it's gateway_enable, not enable_gateway.
 
You must log in or register to reply here.
Back
Top