Wednesday, 16 November 2011

How to Add Persistent Route in Linux (Centos)

Ever met any situation that when you have two machines in 2 different Private Virtual LANs (VLAN), and you wish to allow them to communicate to each other?

We know we can always make these 2 machines communicate using Public IP Address, but we are not encourage to do so because it is not secure.

Instead of going through public connection, we would prefer them to communicate privately via Private network. Machines in different VLAN are usually not allow to communicate for security purposes. For example:



Therefore, there are some extra little works to let these 2 machines able to communicate.

Route Add. We add another route in 2 machines manually by using route add command in linux. (For route adding in Windows, please refer to How to Add Persistent Route in Windows )

Here is the scenario and steps:

Machine X in VLAN A with netmask 255.255.255.240, gateway 192.168.8.209
Machine Y in VLAN B with netmask 255.255.255.224, gateway 192.168.9.1

Machine X:
1) Open terminal and go to /etc/sysconfig/network-scripts
cd /etc/sysconfig/network-scripts
2) Edit file route-eth1 ( In this scenario, private vlan are using 2nd network card ), or create a new file name route-eth1 if the file is not exists.
nano route-eth1
3)  Type in your command with the following format:
Destination-Network/cidr via Source-Gateway dev Network-Card
     To calculate cidr value, refer to this online calculator:  http://www.subnet-calculator.com/cidr.php
   
      In this scenario it will be:
192.168.9.0/27 via 192.168.8.209 dev eth1
4) Save and exit the editor. Restart the network service by typing the following command:
service network restart
5) Type in route and you can see the route is already there!



6) Repeat same step in Machine Y but change the command to:
192.168.7.208/28 via 192.168.9.1 dev eth1
 7) Now Machine X can ping to Machine Y~


Guide written by Eddy@CRs

2 comments:

  1. You can also just add the route command via the terminal without adding it to the /etc/sysconfig/network-scripts/route-eth1 so it will not be persistent. That way if some reason you forget to remove it will not be enable once the system is restarted.

    route add -net IP_u_need_2_connect netmask your_netmask_here gw your_gateway_ip_here

    This is to delete the route after you are done:

    route delete -net IP_u_need_2_connect netmask your_netmask_here gw your_gateway_ip_here

    ReplyDelete
    Replies
    1. Hi Luis, yes you are right in the case when we don't want a persistent route :)

      In my case my machines in different VLAN have to communicate to each other internally that's why i need a persistent route.

      I used to type the command you provide in my servers, it works when I never restart my machines, so after several times of re-add works, I decided to find a way to add the persistent route.

      Thanks for the comment. It is useful for the others who needs a non persistent route :)

      Eddy

      Delete