Routing is the act of transferring packets from one host or subnet to another. Let's say that you have two LAN subnets, 10.0.0.0/24 and 10.0.1.0/24, and a Linux router machine with two Ethernet cards, one connected to each subnet. The router has two IP addresses: 10.0.0.1 for eth0 and 10.0.1.1 for eth1. Figure 5-4 shows the two networks; the router's routing table looks like this (obtained by running route -n):
Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
Furthermore, let's say that the hosts on each subnet have the router as their default gateway (10.0.0.1 for 10.0.0.0/24 and 10.0.1.1 for 10.0.0.0/24). Therefore, if 10.0.0.37 wanted to send a packet to anything outside of 10.0.0.0/24, it would pass the packet to 10.0.0.1. Now let's say that you want to send a packet from 10.0.0.37 to 10.0.1.23. The packet goes to 10.0.0.1 (the router) via its eth0 interface, and now you want it to go back out through the router's eth1 interface. To make the Linux kernel perform this basic routing function, the only thing you need to do is enable IP forwarding on the router with the following command:
echo 1 > /proc/sys/net/ipv4/ip_forward
This is easy enough, but what if you have another subnet, 10.0.2.0/24, connected to the host at 10.0.0.37 on that host's second network interface, as shown in Figure 5-5? After configuring 10.0.0.37's second Ethernet interface to 10.0.2.1, you now need to figure out how everything else in 10.0.0.0/24 and 10.0.1.0/24 can talk to 10.0.2.0/24. Let's start with the router that connects 10.0.0.0/24 and 10.0.1.0/24.
You can tell the router that 10.0.0.37 handles 10.0.2.0/24 with this command:
route add -net 10.0.2.0 netmask 255.255.255.0 gw 10.0.0.37
The routing table on the router now looks like this:
Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.2.0 10.1.2.37 255.255.255.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
As an added bonus, recall that all traffic from 10.0.1.0/24 initially goes to the router, because 10.0.1.1 is the default router on that subnet. Therefore, anything on 10.0.1.0/24 can now talk to 10.0.2.0/24, and vice versa (as long as you set the default route for the hosts on 10.0.2.0/24 to 10.0.2.1). But what about 10.0.0.0/24?
Technically, this also works now, because the packets go to 10.0.0.1 (eth0 on the router), then back out the same network interface to 10.0.0.37. This is inefficient and a bit slower, of course, because the packets to 10.0.2.0/24 must go across the same wire twice, with the router handling the packet between the transmissions. If you want to "fix" this, you must run a route command similar to the one above for each host on 10.0.0.0/24.
Say that the router has a connection to the Internet, and that this is the router's default gateway. Theoretically, there's no problem in sending packets out of your network to the rest of the Internet. Unfortunately, if your IP addresses are in private networks (as in this section) you run into the same problem described in Section 5.10.2 — you will never get anything back. Again, you need to run NAT (see Section 5.14) or do some other trick to get everything within the network talking to the outside world.