[CentOS] Need help with gateways nd routing of 192.168.0.0/24 addresses

Fri Apr 19 14:06:48 UTC 2013
James B. Byrne <byrnejb at harte-lyne.ca>

Arch = x86_64
OS = CentOS-6.4

Problem:
What is the correct gateway to specify for private IP addresses that
may pass thorough NAT?

Background:
Our gateway is configured thus:

#/etc/sysconfig/network-scripts/ificfg-eth1
BOOTPROTO=none
BROADCAST=""
DEFROUTE=yes
DEVICE=eth1
DNS1=216.185.71.33
GATEWAY=216.185.64.53
IPADDR=216.185.71.1
IPV4_FAILURE_FATAL=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
MACADDR=""
MTU=""
NAME="LAN Link - eth1"
NETMASK=""
NETWORK=""
NM_CONTROLLED=no
ONBOOT=yes
PREFIX=24
TYPE=Ethernet
USERCTL=no

and

#/etc/sysconfig/network-scripts/ificfg-eth1:192006
NAME="eth1:192006 internal"
BOOTPROTO=none
MACADDR=""
IPV6INIT=no
DEVICE=eth1:192006
NETMASK=255.255.255.0
MTU=""
BROADCAST=192.168.6.255
ONPARENT=yes
IPADDR=192.168.6.1
NETWORK=192.168.6.0

On the gateway these are the routes present:

216.185.64.52/30 dev eth0  proto kernel  scope link  src 216.185.64.54
192.168.6.0/24 dev eth1  proto kernel  scope link  src 192.168.6.1
192.168.216.0/24 dev eth1  proto kernel  scope link  src 192.168.216.1
216.185.71.0/24 dev eth1  proto kernel  scope link  src 216.185.71.1
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth1  scope link  metric 1003
default via 216.185.64.53 dev eth0

Situation:
I have a device configured thus:

BOOTPROTO=none
BROADCAST=255.255.255.255
DEVICE=eth0
DNS1=216.185.71.33
GATEWAY=216.185.71.1
IPADDR=192.168.6.9
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
MACADDR=""
MTU=""
NAME="eth0"
NETMASK=255.255.255.0
NETWORK=192.168.6.0
NM_CONTROLLED=no
ONBOOT=yes
PREFIX=24
TYPE=Ethernet

When I try and ping this device I see this:

PING 192.168.6.9 (192.168.6.9) 56(84) bytes of data.
>From 216.185.71.1: icmp_seq=2 Redirect Host(New nexthop: 192.168.6.9)
>From 216.185.71.1: icmp_seq=3 Redirect Host(New nexthop: 192.168.6.9)
>From 216.185.71.1: icmp_seq=4 Redirect Host(New nexthop: 192.168.6.9)
>From 216.185.71.1: icmp_seq=5 Redirect Host(New nexthop: 192.168.6.9)

If I down eth1:192006 on the gateway then all ping packets are simply
lost:

PING 192.168.6.9 (192.168.6.9) 56(84) bytes of data.
^C
--- 192.168.6.9 ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 8277ms


However, if leave eth1:192006 on the gateway up and I change the
gateway on 192.168 device to 192.168.6.1 the problem goes away.

I can see what works.  My question is really is this the way things
are supposed to be set up when one has private IP4 hosts on the same
network segments as public IP4 hosts?  Is there any way to configure
the gateway so that it only requires one internal address
[216.185.71.1] and can still route 192.168.6.0 addresses so that they
stay on the LAN segment?

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3