RoutingHowTo
Introduction
So, you have this radio network thing and after playing with it for a while you come to realize that you don't really want to bridge your home network to the rest of the Melbourne Wireless community. You need to set up a router. The router will do two things for you, it gives you the control to expose the right amount of your network and it allows you to establish a firewall between yourself and the general Melbourne Wireless network. This is exactly the same as you would have for your Internet connection.
The router may be an embedded device, a combination device (router/wireless access point), a dedicated Linux machine (old PC) or an existing machine you make dual homed by adding an additional NIC.
Regardless of the device you are using it needs to have more than one network interface, should be able to forward packets between the interfaces and should allow you to run firewall software and a routing daemon or two. It's probably a good idea to have a dedicated machine between you own stuff and the rest of the world, usual disclaimer here.
Configuring IP forwarding
Most PC based operating systems support ip forwarding but it is usually not turned on. When you have a PC that has more than one network interface and you want to enable routing, you may need to make some simple configuration changes to get the machine forwarding packets between interfaces.
Often you have the funny situation where the machine you want to act as a router can see other machines on both subnets but machines on one subnet cannot see machines on the other - you need to enable IP forwarding.
Linux
Most standard distributions support IP forwarding. you turn IP forwarding on by setting a flag in /proc. This can be done using the sysctl command or by simply echoing 1 to the file.
echo "1" > /proc/net/ipv4/ip_forward
Alternatively use sysctl
/sbin/sysctl -a will display all configured settings
/sbin/sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
/sbin/sysctl -w net.ipv4.ip_forward="1"
BSD variants (including MAC OSX)
Similar to Linux, use sysctl to set the ip forwarding flag. In this case the flag is net.inet.ip.forwarding.
/sbin/sysctl -w net.inet.ip.forwarding="1"
Windows
In windows routing is possible through a change to a registry parameter. Open regedit and go to the entry:
HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Find the entry IPEnableRouter and set to 1 (default is 0). Reboot and you should be forwarding packets.
Looking at the routing table
The routing table can be inspected using the route command.
[dna@koen dna]$ /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.3 * 255.255.255.255 UH 0 0 0 eth0
wailea * 255.255.255.255 UH 0 0 0 eth0
192.168.2.0 192.168.1.3 255.255.255.0 UG 0 0 0 eth0
192.168.2.0 wailea 255.255.255.0 UG 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default bgenki2 0.0.0.0 UG 0 0 0 eth0
You can see different types of routing entries. Some are for machines and others are for subnets. The machine entries are fully qualified addresses or a machine name (192.168.1.3 or wailea) while the subnets (in this case) are those that end in zero (192.168.2.0). Routes to subnets include the IP Address of the gateway that is used to send packets to the subnet. Typically you need to add a route to the gateway first, then add the route to the subnet using the previously defined gateway. There are exceptions to this, MAC OS X will add the gateway automatically and has a different command syntax.
Alternative commands can access the same information but most likely formatted differently. The raw routing data is maintained by the kernel and is accessed by these commands from /proc/net/route.
/sbin/ip route (or /sbin/ip r)
/bin/netstat -r
Default route
The default route is the route used for all packets that do not match an explicitly defined route. Each device can have only one default route. Each OS will have a slightly different command syntax for creating a route. The same command usually allows you to look at the routing table as well as set routes. This needs to be done as root or a user with the appropriate permissions.
Linux | route add -net default 192.168.1.1 netmask 255.255.255.0 |
| BSD | route add -net default 192.168.1.1 255.255.255.0 |
Links
Good description of routing concepts by Damian James at Brismesh
Version 5 (current) modified Mon, 26 Jul 2021 12:49:29 +0000 by graybeard [EditText] [Spelling] [Current] [Raw] [Code] [Diff] [Subscribe] [VersionHistory] [Revert] [Delete] [RecentChanges]
currently 0 users online
Node Statistics |
building | 132 |
gathering | 193 |
interested | 515 |
operational | 233 |
testing | 214 |
|