VMware Cloud Community
pauliew1978
Enthusiast
Enthusiast
‎03-27-2007 09:19 AM
Jump to solution

routing problems

Hi there,

I have a routing prob I was hoping someone could help me with. I want to add a static route on my esx 3 server. On one nic it is on 128.1.0.0 network and the other nic is on 10.0.0.0 network. I want to be able to access the other side. I have set up my network inf so that i can ping the 10.0.0.0 network card on the esx from the 128.1.0.0 network but no further (I have set the esx server up as the "next hop" on my 128 gateway for 10.0.0.0 network traffic).

thanks,

Paul

0 Kudos
1 Solution

Accepted Solutions
mbrkic
Hot Shot
Hot Shot
‎03-28-2007 06:38 AM
Jump to solution

You can confirm that ip_forwarding is off by 'cat /proc/sys/net/ipv4/ip_forward'

This will return 0, indicating that ip_forwarding is off.

If you really want to route traffic through the SC you can do one of two things:

i) To enable ip forwarding until next reboot type:

echo 1 > /proc/sys/net/ipv4/ip_forward

ii) To permanently enable ip_forwarding add the following line to the /etc/sysonfig/network file:

FORWARD_IPV4 = YES

If you do the latter it will enable ip_forwarding on next reboot. To enable it right away do i) above as well, or restart the network.

View solution in original post

0 Kudos
7 Replies
sbeaver
Leadership
Leadership
‎03-27-2007 09:21 AM
Jump to solution

The command you want from the shell is "route add"

Usage: inet_route \[-vF] del \{-host|-net} Target[/prefix] \[gw Gw] \[metric M] [\[dev] If]

inet_route \[-vF] add \{-host|-net} Target[/prefix] \[gw Gw] \[metric M]

\[netmask N] \[mss Mss] \[window W] \[irtt I]

\[mod] \[dyn] \[reinstate] [\[dev] If]

inet_route \[-vF] add \{-host|-net} Target[/prefix] \[metric M] reject

inet_route \[-FC] flush NOT supported

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
0 Kudos
mbrkic
Hot Shot
Hot Shot
‎03-27-2007 11:09 AM
Jump to solution

To do this you would need to set up the ESX server as a router (i.e., it needs to forward IP). I would not recommend doing this, as the service console is really meant to be a management platform for ESX and the less you have running in there the better. In addition, you would have to get into managing the firewall rules on the ESX and create potential security issues.

You can use the 'route add' command to manage the routing table on your ESX, for its own connectivity. Note that if you do that you have to add that to startup scripts to survive a reboot.

0 Kudos
pauliew1978
Enthusiast
Enthusiast
‎03-28-2007 03:48 AM
Jump to solution

mmm, I am still having problems with this...

my set up is as follows....

I am on a 128.1.0.0 network and my default gateway on my pc is set to 128.1.x.x (a watchguard firewall). My esx server has 2 nic's. One is 128.1.x.x and the other is on 10.0.x.x. I have added a static route on the watchguard to point all 10.0.0.0 traffic to the 128.1.x.x nic on the esx server. This allows me to ping the 10.0.x.x nic on the esx server from my pc. ok great. However I cannot ping any other machines on the 10.0.0.0 network. If I go to the esx server I can ping 10.0.0.0 machines from the console.

Can someone help me out here. I can't figure out if I need to add a static route on the esx box or not. I did try it before ading the route and no luck and then tried it as follows..

route add -net 10.0.0.0/8 gw 10.0.X.X

however I was unsure If I needed to add this static route to the esx server.

I also turned off the firewall using esxcfg-firewall -r. I was also a bit unsure if in the route statement I set the gateway right (I put in the gateway as the ip address of the esx nic on the 10.0.0.0 network).

thnaks,

0 Kudos
mbrkic
Hot Shot
Hot Shot
‎03-28-2007 06:30 AM
Jump to solution

As I said in my last post, you would need to turn on IP forwarding in the ESX service console. This is not recommended (as per my previous post), and I would have to dig around to see if it is even allowed and possible on the ESX.

You really should have a separate router between those networks if you want other traffic to go between them. Either add another interface to your LAN router, if you can, or add another router device with two interfaces between those networks.

0 Kudos
mbrkic
Hot Shot
Hot Shot
‎03-28-2007 06:38 AM
Jump to solution

You can confirm that ip_forwarding is off by 'cat /proc/sys/net/ipv4/ip_forward'

This will return 0, indicating that ip_forwarding is off.

If you really want to route traffic through the SC you can do one of two things:

i) To enable ip forwarding until next reboot type:

echo 1 > /proc/sys/net/ipv4/ip_forward

ii) To permanently enable ip_forwarding add the following line to the /etc/sysonfig/network file:

FORWARD_IPV4 = YES

If you do the latter it will enable ip_forwarding on next reboot. To enable it right away do i) above as well, or restart the network.

0 Kudos
pauliew1978
Enthusiast
Enthusiast
‎03-28-2007 06:45 AM
Jump to solution

sorry about that. I misread your post. I thought your statement about ipforwarding was just a statement rather than a "turn on this feature". I will very rarely use the route itself (it is to get to the desktop of the san, it is a sanmelody server running on 2003 server). Normally I would sit down at the san directly, however this is for emergencies so I can vpn in from home.

thanks for all your help guys I really appreciate it.

0 Kudos
mbrkic
Hot Shot
Hot Shot
‎03-28-2007 07:02 AM
Jump to solution

No worry. As long as you are aware that turning it on and leaving it on has security implications and potential overhead in your SC.

Enjoy!

0 Kudos