Hi there,
I have a routing prob I was hoping someone could help me with. I want to add a static route on my esx 3 server. On one nic it is on 128.1.0.0 network and the other nic is on 10.0.0.0 network. I want to be able to access the other side. I have set up my network inf so that i can ping the 10.0.0.0 network card on the esx from the 128.1.0.0 network but no further (I have set the esx server up as the "next hop" on my 128 gateway for 10.0.0.0 network traffic).
thanks,
Paul
You can confirm that ip_forwarding is off by 'cat /proc/sys/net/ipv4/ip_forward'
This will return 0, indicating that ip_forwarding is off.
If you really want to route traffic through the SC you can do one of two things:
i) To enable ip forwarding until next reboot type:
echo 1 > /proc/sys/net/ipv4/ip_forward
ii) To permanently enable ip_forwarding add the following line to the /etc/sysonfig/network file:
FORWARD_IPV4 = YES
If you do the latter it will enable ip_forwarding on next reboot. To enable it right away do i) above as well, or restart the network.
The command you want from the shell is "route add"
Usage: inet_route \[-vF] del \{-host|-net} Target[/prefix] \[gw Gw] \[metric M] [\[dev] If]
inet_route \[-vF] add \{-host|-net} Target[/prefix] \[gw Gw] \[metric M]
\[netmask N] \[mss Mss] \[window W] \[irtt I]
\[mod] \[dyn] \[reinstate] [\[dev] If]
inet_route \[-vF] add \{-host|-net} Target[/prefix] \[metric M] reject
inet_route \[-FC] flush NOT supported
To do this you would need to set up the ESX server as a router (i.e., it needs to forward IP). I would not recommend doing this, as the service console is really meant to be a management platform for ESX and the less you have running in there the better. In addition, you would have to get into managing the firewall rules on the ESX and create potential security issues.
You can use the 'route add' command to manage the routing table on your ESX, for its own connectivity. Note that if you do that you have to add that to startup scripts to survive a reboot.
mmm, I am still having problems with this...
my set up is as follows....
I am on a 128.1.0.0 network and my default gateway on my pc is set to 128.1.x.x (a watchguard firewall). My esx server has 2 nic's. One is 128.1.x.x and the other is on 10.0.x.x. I have added a static route on the watchguard to point all 10.0.0.0 traffic to the 128.1.x.x nic on the esx server. This allows me to ping the 10.0.x.x nic on the esx server from my pc. ok great. However I cannot ping any other machines on the 10.0.0.0 network. If I go to the esx server I can ping 10.0.0.0 machines from the console.
Can someone help me out here. I can't figure out if I need to add a static route on the esx box or not. I did try it before ading the route and no luck and then tried it as follows..
route add -net 10.0.0.0/8 gw 10.0.X.X
however I was unsure If I needed to add this static route to the esx server.
I also turned off the firewall using esxcfg-firewall -r. I was also a bit unsure if in the route statement I set the gateway right (I put in the gateway as the ip address of the esx nic on the 10.0.0.0 network).
thnaks,
As I said in my last post, you would need to turn on IP forwarding in the ESX service console. This is not recommended (as per my previous post), and I would have to dig around to see if it is even allowed and possible on the ESX.
You really should have a separate router between those networks if you want other traffic to go between them. Either add another interface to your LAN router, if you can, or add another router device with two interfaces between those networks.
You can confirm that ip_forwarding is off by 'cat /proc/sys/net/ipv4/ip_forward'
This will return 0, indicating that ip_forwarding is off.
If you really want to route traffic through the SC you can do one of two things:
i) To enable ip forwarding until next reboot type:
echo 1 > /proc/sys/net/ipv4/ip_forward
ii) To permanently enable ip_forwarding add the following line to the /etc/sysonfig/network file:
FORWARD_IPV4 = YES
If you do the latter it will enable ip_forwarding on next reboot. To enable it right away do i) above as well, or restart the network.
sorry about that. I misread your post. I thought your statement about ipforwarding was just a statement rather than a "turn on this feature". I will very rarely use the route itself (it is to get to the desktop of the san, it is a sanmelody server running on 2003 server). Normally I would sit down at the san directly, however this is for emergencies so I can vpn in from home.
thanks for all your help guys I really appreciate it.
No worry. As long as you are aware that turning it on and leaving it on has security implications and potential overhead in your SC.
Enjoy!