[NCLUG] Question about IP forwarding

Bob Proulx bob at proulx.com
Mon Apr 26 17:52:17 MDT 2010 

Marcio Luis Teixeira wrote:
> Given the fact that the above works, I know that *one* solution is
> to create a VLAN on my switch, give it 192.168.2.x addresses, and

Switch?  Or router?  Switches are layer 2 meaning ethernet address
based meaning no IP addresses.  Which would lead me to believe that no
configuration there is needed.  Routers and layer 3 switches that
route use IP addresses.  But I think of those as routers not layer 3
switches that route addresses.  :-)

> place the cluster in it as the only host. The Cisco can use 802.1Q
> to tag VLAN packets, so that would be an officially supported
> solution.
> 
> The only reason I dislike doing this is that I would have to
> configure VLANs on my switch (never done that, rather not have to)
> and, worse, the cluster would now only work on a specific port,
> which I know will trip someone up in the future (likely me).

Can you just run a second subnet on your network, just as you did
before?  It is basically a vlan.  But without the dot1q tagging and
the high fallut'n names.

> So, here's an actual linux question: is there a way to configure the
> Linux box with an 192.168.2.x address, leave my switch as it (no
> VLANs configured), but instruct the Linux box to only respond and

Just add another IP address to your machines.  Traffic to that address
will be responded to normally.  I do this on one of my networks.  It
is a server so it has a static address.  In my
/etc/network/interfaces file I have all of the expected address and
netmask lines and additionally I have:

  up ip addr add 192.168.240.2/24 brd 192.168.240.255 dev eth0 label eth0:0
  down ip addr del 192.168.240.2/24 dev eth0 label eth0:0

That brings up an additional IP address when the interface is brought
up and brings it down when it is brought down.  All ports are
available since it is a different and separate address.  This creates
an additional route entry in the local routing table.  Assign it a dns
entry and you can connect to it by name.  (But I will let you
contemplate the issues of BIND split dns views to provide the right
address to the right network and so forth.  Left as an exercise to the
reader... :-)

For machines configured with an additional IP address and subnet this
means that packets destined for an address on that subnet route
automatically to the local network device.  If all of your machines
were on the local network then I don't think your cisco needs to know
about it.  They would send the packets between them as local traffic.

Bob

More information about the NCLUG mailing list