How to route specific network to a virtual machine?
up vote
0
down vote
favorite
I have the following configuration:
- Linux machine with ip 10.0.0.99
- bridge over a virtual interface with ip 192.168.0.1
- linux in a lxc container over the bridge with ip 192.168.0.2
- vpn on the container with ip 172.xx.x.xxx
- the machines behind the vpn are in the network 10.232.10.0/24
I want to reach from the Linux machine the ips from the vpn
Why I tried:
ip route add 192.168.0.0/24 via 192.168.0.1 dev bridge_lxc
ping/ssh works to 192.168.0.2
Tried to route the vpn network through 192.168.0.2:
ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc
RTNETLINK answers: Network is unreachable
how can I route all the vpn network through the virtual machine inside the container?
linux routing
add a comment |
up vote
0
down vote
favorite
I have the following configuration:
- Linux machine with ip 10.0.0.99
- bridge over a virtual interface with ip 192.168.0.1
- linux in a lxc container over the bridge with ip 192.168.0.2
- vpn on the container with ip 172.xx.x.xxx
- the machines behind the vpn are in the network 10.232.10.0/24
I want to reach from the Linux machine the ips from the vpn
Why I tried:
ip route add 192.168.0.0/24 via 192.168.0.1 dev bridge_lxc
ping/ssh works to 192.168.0.2
Tried to route the vpn network through 192.168.0.2:
ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc
RTNETLINK answers: Network is unreachable
how can I route all the vpn network through the virtual machine inside the container?
linux routing
So it looks like I need to do this: ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc onlink
– cristi
Jan 15 '13 at 10:33
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have the following configuration:
- Linux machine with ip 10.0.0.99
- bridge over a virtual interface with ip 192.168.0.1
- linux in a lxc container over the bridge with ip 192.168.0.2
- vpn on the container with ip 172.xx.x.xxx
- the machines behind the vpn are in the network 10.232.10.0/24
I want to reach from the Linux machine the ips from the vpn
Why I tried:
ip route add 192.168.0.0/24 via 192.168.0.1 dev bridge_lxc
ping/ssh works to 192.168.0.2
Tried to route the vpn network through 192.168.0.2:
ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc
RTNETLINK answers: Network is unreachable
how can I route all the vpn network through the virtual machine inside the container?
linux routing
I have the following configuration:
- Linux machine with ip 10.0.0.99
- bridge over a virtual interface with ip 192.168.0.1
- linux in a lxc container over the bridge with ip 192.168.0.2
- vpn on the container with ip 172.xx.x.xxx
- the machines behind the vpn are in the network 10.232.10.0/24
I want to reach from the Linux machine the ips from the vpn
Why I tried:
ip route add 192.168.0.0/24 via 192.168.0.1 dev bridge_lxc
ping/ssh works to 192.168.0.2
Tried to route the vpn network through 192.168.0.2:
ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc
RTNETLINK answers: Network is unreachable
how can I route all the vpn network through the virtual machine inside the container?
linux routing
linux routing
asked Jan 15 '13 at 10:06
cristi
398212
398212
So it looks like I need to do this: ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc onlink
– cristi
Jan 15 '13 at 10:33
add a comment |
So it looks like I need to do this: ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc onlink
– cristi
Jan 15 '13 at 10:33
So it looks like I need to do this: ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc onlink
– cristi
Jan 15 '13 at 10:33
So it looks like I need to do this: ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc onlink
– cristi
Jan 15 '13 at 10:33
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
The error message indicates that the host you are trying to add this route on doesn't know where 192.168.0.2 is. You will need to provide that route first.
In general: if you want the 172.x.x.x network range to be accessible from the 10.x.x.x network, you will somehow need to let the computers in the 10.x.x.x network know that your host is the router for the 172.x.x.x range.
You will also need to set up adequate routing on the host machine for that range:
ip route add 172.x.x.x/xx via 192.168.0.2
If you have a split-horizon VPN, you will also need to advertise the 10.x.x.x network ranges (and possibly the 192.x.x.x ranges) to your VPN clients.
In order to debug your network routing, I suggest you get acquainted with the ip route get
command. It displays you which interface a target address is seen through. Remember, routing needs to work both ways. The return packets must find their way back.
For me it worked after doing: ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc onlink. I don't have access to the machine anymore in order to test your sugestion
– cristi
May 15 '13 at 16:09
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f536456%2fhow-to-route-specific-network-to-a-virtual-machine%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
The error message indicates that the host you are trying to add this route on doesn't know where 192.168.0.2 is. You will need to provide that route first.
In general: if you want the 172.x.x.x network range to be accessible from the 10.x.x.x network, you will somehow need to let the computers in the 10.x.x.x network know that your host is the router for the 172.x.x.x range.
You will also need to set up adequate routing on the host machine for that range:
ip route add 172.x.x.x/xx via 192.168.0.2
If you have a split-horizon VPN, you will also need to advertise the 10.x.x.x network ranges (and possibly the 192.x.x.x ranges) to your VPN clients.
In order to debug your network routing, I suggest you get acquainted with the ip route get
command. It displays you which interface a target address is seen through. Remember, routing needs to work both ways. The return packets must find their way back.
For me it worked after doing: ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc onlink. I don't have access to the machine anymore in order to test your sugestion
– cristi
May 15 '13 at 16:09
add a comment |
up vote
0
down vote
The error message indicates that the host you are trying to add this route on doesn't know where 192.168.0.2 is. You will need to provide that route first.
In general: if you want the 172.x.x.x network range to be accessible from the 10.x.x.x network, you will somehow need to let the computers in the 10.x.x.x network know that your host is the router for the 172.x.x.x range.
You will also need to set up adequate routing on the host machine for that range:
ip route add 172.x.x.x/xx via 192.168.0.2
If you have a split-horizon VPN, you will also need to advertise the 10.x.x.x network ranges (and possibly the 192.x.x.x ranges) to your VPN clients.
In order to debug your network routing, I suggest you get acquainted with the ip route get
command. It displays you which interface a target address is seen through. Remember, routing needs to work both ways. The return packets must find their way back.
For me it worked after doing: ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc onlink. I don't have access to the machine anymore in order to test your sugestion
– cristi
May 15 '13 at 16:09
add a comment |
up vote
0
down vote
up vote
0
down vote
The error message indicates that the host you are trying to add this route on doesn't know where 192.168.0.2 is. You will need to provide that route first.
In general: if you want the 172.x.x.x network range to be accessible from the 10.x.x.x network, you will somehow need to let the computers in the 10.x.x.x network know that your host is the router for the 172.x.x.x range.
You will also need to set up adequate routing on the host machine for that range:
ip route add 172.x.x.x/xx via 192.168.0.2
If you have a split-horizon VPN, you will also need to advertise the 10.x.x.x network ranges (and possibly the 192.x.x.x ranges) to your VPN clients.
In order to debug your network routing, I suggest you get acquainted with the ip route get
command. It displays you which interface a target address is seen through. Remember, routing needs to work both ways. The return packets must find their way back.
The error message indicates that the host you are trying to add this route on doesn't know where 192.168.0.2 is. You will need to provide that route first.
In general: if you want the 172.x.x.x network range to be accessible from the 10.x.x.x network, you will somehow need to let the computers in the 10.x.x.x network know that your host is the router for the 172.x.x.x range.
You will also need to set up adequate routing on the host machine for that range:
ip route add 172.x.x.x/xx via 192.168.0.2
If you have a split-horizon VPN, you will also need to advertise the 10.x.x.x network ranges (and possibly the 192.x.x.x ranges) to your VPN clients.
In order to debug your network routing, I suggest you get acquainted with the ip route get
command. It displays you which interface a target address is seen through. Remember, routing needs to work both ways. The return packets must find their way back.
answered May 14 '13 at 17:14
Janos Pasztor
762412
762412
For me it worked after doing: ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc onlink. I don't have access to the machine anymore in order to test your sugestion
– cristi
May 15 '13 at 16:09
add a comment |
For me it worked after doing: ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc onlink. I don't have access to the machine anymore in order to test your sugestion
– cristi
May 15 '13 at 16:09
For me it worked after doing: ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc onlink. I don't have access to the machine anymore in order to test your sugestion
– cristi
May 15 '13 at 16:09
For me it worked after doing: ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc onlink. I don't have access to the machine anymore in order to test your sugestion
– cristi
May 15 '13 at 16:09
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f536456%2fhow-to-route-specific-network-to-a-virtual-machine%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
So it looks like I need to do this: ip route add 10.232.10.0/24 via 192.168.0.2 dev bridge_lxc onlink
– cristi
Jan 15 '13 at 10:33