Arch = x86_64 OS = CentOS-6.4
Problem: What is the correct gateway to specify for private IP addresses that may pass thorough NAT?
Background: Our gateway is configured thus:
#/etc/sysconfig/network-scripts/ificfg-eth1 BOOTPROTO=none BROADCAST="" DEFROUTE=yes DEVICE=eth1 DNS1=216.185.71.33 GATEWAY=216.185.64.53 IPADDR=216.185.71.1 IPV4_FAILURE_FATAL=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6INIT=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes MACADDR="" MTU="" NAME="LAN Link - eth1" NETMASK="" NETWORK="" NM_CONTROLLED=no ONBOOT=yes PREFIX=24 TYPE=Ethernet USERCTL=no
and
#/etc/sysconfig/network-scripts/ificfg-eth1:192006 NAME="eth1:192006 internal" BOOTPROTO=none MACADDR="" IPV6INIT=no DEVICE=eth1:192006 NETMASK=255.255.255.0 MTU="" BROADCAST=192.168.6.255 ONPARENT=yes IPADDR=192.168.6.1 NETWORK=192.168.6.0
On the gateway these are the routes present:
216.185.64.52/30 dev eth0 proto kernel scope link src 216.185.64.54 192.168.6.0/24 dev eth1 proto kernel scope link src 192.168.6.1 192.168.216.0/24 dev eth1 proto kernel scope link src 192.168.216.1 216.185.71.0/24 dev eth1 proto kernel scope link src 216.185.71.1 169.254.0.0/16 dev eth0 scope link metric 1002 169.254.0.0/16 dev eth1 scope link metric 1003 default via 216.185.64.53 dev eth0
Situation: I have a device configured thus:
BOOTPROTO=none BROADCAST=255.255.255.255 DEVICE=eth0 DNS1=216.185.71.33 GATEWAY=216.185.71.1 IPADDR=192.168.6.9 IPV4_FAILURE_FATAL=yes IPV6INIT=no MACADDR="" MTU="" NAME="eth0" NETMASK=255.255.255.0 NETWORK=192.168.6.0 NM_CONTROLLED=no ONBOOT=yes PREFIX=24 TYPE=Ethernet
When I try and ping this device I see this:
PING 192.168.6.9 (192.168.6.9) 56(84) bytes of data.
From 216.185.71.1: icmp_seq=2 Redirect Host(New nexthop: 192.168.6.9) From 216.185.71.1: icmp_seq=3 Redirect Host(New nexthop: 192.168.6.9) From 216.185.71.1: icmp_seq=4 Redirect Host(New nexthop: 192.168.6.9) From 216.185.71.1: icmp_seq=5 Redirect Host(New nexthop: 192.168.6.9)
If I down eth1:192006 on the gateway then all ping packets are simply lost:
PING 192.168.6.9 (192.168.6.9) 56(84) bytes of data. ^C --- 192.168.6.9 ping statistics --- 9 packets transmitted, 0 received, 100% packet loss, time 8277ms
However, if leave eth1:192006 on the gateway up and I change the gateway on 192.168 device to 192.168.6.1 the problem goes away.
I can see what works. My question is really is this the way things are supposed to be set up when one has private IP4 hosts on the same network segments as public IP4 hosts? Is there any way to configure the gateway so that it only requires one internal address [216.185.71.1] and can still route 192.168.6.0 addresses so that they stay on the LAN segment?
-
James B. Byrne