Cloud Services Appliance 4.2 - How To Add a Persistent Static Route

Version 16

    Description

    How to add a persistent static route to the Management Gateway.

     

    Cause

    When using a dual NIC environment, the default route (or default gateway) is ETH0 and should point to the internet. If any device the gateway might access (such as Core Server or Package Server) is on a different subnet than the one one which the Management Gateway resides, a separate static route is required. Essentially in some installations a route back to the core server may not be present and needs to be specified in order for the core and gateway to communicate.

     

    Resolution

     

    A static route must be added to the /etc/init.d/network startup script.  To do this, use the following steps:

     

     

    1. Log into the Management Gateway.

    Press Alt-F2 to switch to a different screen.

     

     

    Note:

    To switch back to the main screen press Alt-F1.  The windows manager that the Gateway uses is Fluxbox

    .

     

     

    Right-click anywhere on the desktop to get the Fluxbox menu to appear.  It will display some options as follows:

     

     

    • xterm  
    • Admin Console  
    • fluxbox menu    
      • Logout      
      • Reboot      
      • Shutdown    

    Choose xterm.  This opens an xterm command prompt with the bash shell.

     

     

    Backup /etc/init.d/network.

     

    sudo cp /etc/init.d/network /etc/init.d/network.bak

     

     

    Open /etc/init.d/network with vi

    .

     

    sudo vi /etc/init.d/network

     

     

    Note:

    A reference sheet for vi can be found by doing a web search for vi cheat sheet.  Such a reference sheet can be found here: http://www.viemu.com/vi-vim-cheat-sheet.gif

     

     

    Add a few lines above the semicolons ";;" that terminate the start) section.  The semicolons can be found under the case statement (around line 25), there is a section that begins with start) (around line 26).  The start) section ends with two semicolons ;; (around line 52) just before the stop) section begins (around line 54).

     

    The following is an example of a modified /etc/init.d/network file.  The modifications are colored.

    #!/bin/sh
    ########################################################################
    # Begin $rc_base/init.d/network
    #
    # Description : Network Control Script
    #
    # Authors     : Gerard Beekmans - gerard@linuxfromscratch.org
    #          Nathan Coulson - nathan@linuxfromscratch.org
    #          Kevin P. Fleming - kpfleming@linuxfromscratch.org
    #
    # Version     : 00.00
    #
    # Notes       :
    #
    ########################################################################
    
    . /etc/sysconfig/rc
    . ${rc_functions}
    . /etc/sysconfig/network
    [ -f /etc/sysconfig/bootparams ] && . /etc/sysconfig/bootparams
    
    # don't start the network up during an installation
    #  && exit 0
    
    case "${1}" in
         start)
              # Start all network interfaces
              for file in ${network_devices}/ifconfig.*
              do
                   interface=${file##*/ifconfig.}
    
                   # skip if $file is * (because nothing was found)
                   if 
                   then
                        continue
                   fi
    
                   # skip if $file ends with ~ (backup files)
                   if 
                   then
                        continue
                   fi
    
                   IN_BOOT=1 ${network_devices}/ifup ${interface}
              done
              if [ -e /usr/sbin/ipfirewall ]; then
                   /usr/sbin/ipfirewall start >/dev/null 2>&1
              fi
              # Manually added static routes           # Syntax           # ip route add [IP subnet/CIDR Mask] dev [interface] via [IP of next hop]
               #NOTE: [IP subnet/CIDR Mask] = The core server subnet 
               #NOTE: The first dev is the NIC being used to connect internally
               #NOTE: [IP of next hop] is the next router that will know how to get to the core subnet           ip route add 10.10.0.0/16 dev eth0 via 192.168.0.1           ip route add 192.168.100.0/24 dev eth0 via 192.168.0.1           ;;      stop)
              # Reverse list
              FILES=""
              for file in ${network_devices}/ifconfig.*
              do
                   FILES="${file} ${FILES}"
              done
    
              # Stop all network interfaces
              for file in ${FILES}
              do
                   interface=${file##*/ifconfig.}
    
                   # skip if $file is * (because nothing was found)
                   if 
                   then
                        continue
                   fi
    
                   # skip if $file ends with ~ (backup files)
                   if 
                   then
                        continue
                   fi
    
                   IN_BOOT=1 ${network_devices}/ifdown ${interface}
              done
              if [ -e /sbin/ipfirewall ]; then
                   /sbin/ipfirewall stop
              fi
              ;;
    
         restart)
              ${0} stop
              sleep 1
              ${0} start
              ;;
    
         *)
              echo "Usage: ${0} {start|stop|restart}"
              exit 1
              ;;
    esac
    
    # End /etc/rc.d/init.d/network
    

     

     

    Close and save the file.  To close, press ESC. Then hold down Shift and press :. Then type wq!

    .

    ESC then Shift + : then wq!

     

    EXAMPLES:

     

    GWDiagram1.jpg

     

     

    ip route add 10.10.100.0/8 via ETH0 192.168.100.2

     

    Notes: Single NIC scenario when Router1 doesn't know where the 10.10.100.0/8 network is. In this case we are adding a route to the core server subnet via the default gateway NIC (ETH0) and specifying the router (Router2) that WILL know where the 10.10.100.0/8 network is.

     

    GWDiagram2.jpg

     

     

    ip route add 192.168.0.0/16 via ETH1 172.20.10.2

     

    Notes: This is a dual NIC scenario. Router1 doesn't know how to reach the 192.168.0.0/16 subnet. A route for the Gateway is being added so that traffic will go out ETH1 instead of the default gateway NIC ETH0. Traffic will connect with Router2 that will know where the 192.168.0.0/16 subnet (core server subnet) is located.

     

    Final Note: As in the example above more "hops" can be added as needed. If a nearby router doesn't know where the core subnet is then it will need to be redirected to a router that is next in the network or that will know where the subnet is located. Also, JUST the coreserver IP can be specified instead of the core's subnet.

     

    Other resources


    Cloud Services Appliance 4.3 - How To Add a Persistent Static Route