You have a single shared Internet connection, and your LAN is divided into a number of subnets. You want your subnets to be able to communicate with each other. What do you have to do to make this magic occur?
Not much. All it takes is a single router, and all of your subnets connected to it. Suppose you have these three subnets:
You router needs to have three network interfaces with one address on each network segment:
eth0 = 10.25.0.10
eth1 = 172.32.12.100
eth2 = 192.168.254.31
Each subnet has its own switch, which is connected to your router, like Figure 6-2.
Then, turn on IP forwarding on your router. You can do this from the command line:
# echo 1 > /proc/sys/net/ipv4/ip_forwardThis does not survive a reboot, so you can set it permanently in /etc/sysctl.conf, and then start it immediately:
##/etc/sysctl.conf
net.ipv4.ip_forward = 1
# sysctl -pNext, assign these three addresses as the default gateways for the hosts on each network. All computers in the 10.25.0.0/16 will use 10.25.0.10 as their default gateway, and I think you can extrapolate what the other two networks will use for their default gateways.
Once this is done, your three networks will be able to pass TCP/IP traffic back and forth with ease.
You don't have to use addressing from completely different private address ranges like the ones used in this recipe. I used those to make it easier to see the different networks. You can use any nonconflicting addressing scheme, such as in these examples:
| 10.25.0.0/16 |
| 10.26.0.0/16 |
| 10.27.0.0/16 |
or:
| 172.16.1.0/24 |
| 172.16.2.0/24 |
| 172.16.3.0/24 |
You must not have duplicate addresses anywhere. Don't be shy about using ipcalc— it's a lifesaver.
When you turn on IP forwarding on the router, it automatically forwards packets between between all of its interfaces. This works fine for two types of networks:
It does not work when you want to share an Internet connection with networks using private addressing because the private address ranges are not routable over the Internet. You need Network Address Translation (NAT) to make this work. Suppose your multihomed router is attached to two local networks using private addresses, and has one public routable IP address on an Internet-connected interface. Your private networks will see each other just fine, but they won't have Internet access until you configure NAT.
Strictly speaking, the private address ranges are routable, as you can see on your local networks, but most ISPs filter out any that find their way on to the Internet and won't forward them. Because, obviously, we can't have random hordes of duplicate private addresses gumming up the Internet.
See Recipe 6.4 to learn a simple way to use NAT to share an Internet connection.
man 8 sysctlRecipe 3.2 and Recipe 3.3 to learn how to configure network interfaces