How to combine two subnets?

almaric · Dec 1, 2013

Hi,

I´m setting up a single host vSphere home lab. The home network is a 192.168.1.0/24 subnet. I want my vSphere machine (with only one physical NIC) and the virtual machines in another subnet: 10.10.10.0/24. See the image below:

Now, from the 'Test VM' (which is connected to a vSwitch) i can ping the Sophos UTM firewall appliance (10.10.10.1 and 192.168.1.4) and ESXi01 (10.10.10.50), but there it stops. The Linksys which is physically connected to the ESXi host, has the DD-WRT firmware installed. This device functions as a client bridge to another router which provides the Internet.

How can i get this setup to work that both subnets can communicate with each other? My guess is to use static routing at the client bridge and the Sophos UTM? Is it possible for the client bridge device doing routing while functioning as a client bridge?

Thanks in advance!

bill001g · Dec 1, 2013

The client bridge is totally transparent it has no concept of IP other than its own management interface.

You will likely need to put a static route in the PC pointing the 10 network to 192.168.1.4

To allow traffic sourced with a 10. address to get to the internet you will need to put in a static route back to 192.168.1.4. The 192.168.1.1 router must support both static routes and the ability to nat a address that is outside its primary lan subnet. Some routers cannot do both these functions.

Really any other machine in the 192.168.1 network would be best setup to send 10. traffic directly to 192.168.1.1.4, it might be able to pass though the router but again some routers cannot do this. If you have loaded dd-wrt on the main linksys router also then it should support all this stuff.

almaric · Dec 2, 2013

I'm a little further. From the 10.10.10.0 subnet I can ping the whole 192.168.1.0 subnet. This by adding two firewall rules in the Sophos (10.10.10.0 -> 192.168.1.0 and vice versa, duh!).

Problem is that this doesn't work vice versa. So I cannot ping the 10.10.10.0 subnet from the 192.168.1.0 subnet. I tried adding a route to 10.10.10.0/24 via gateway 192.168.1.4 on the DD-WRT router. Doesn't work

bill001g · Dec 2, 2013

If you can ping from a->b and get responses but cannot ping b->a it is either a firewall rule or some form a NAT translation causing the problem. The routing is likely correct. The ip headers are identical for a ICMP-response packet and a ICMP echo request and one works but the other does not.

almaric · Dec 2, 2013

bill001g :

Actual Sophos config:
1. 192.168.1.0/24 -> Any -> 10.10.10.0/24
2. 10.10.10.0/24 -> Any -> 192.168.1.0/24
No specific NAT rule defined.

From the 10.10.10.10 I can ping the 192.168.1.1 but not my client laptop 192.168.1.143.. I'm a little confused right now.

bill001g · Dec 2, 2013

Try putting in a static route in your laptop pointing the 10 network to 192.168.1.4. You could also load wireshark on your laptop and see if gets the packet and the response is lost or it does not get the packet in the first place.

almaric · Dec 2, 2013

bill001g :

Thanks for your fast replies in the first way

Not working yet. Added the following route in my laptop: route add 10.10.10.0 mask 255.255.255.0 192.168.1.4. If I ping my laptop from the test VM (10.10.10.10) I see one ICMP request at Wireshark at my laptop.

bill001g · Dec 2, 2013

If the pc did not generate a reply then I would be looking at firewall rules in the PC...sometime wireshark will say it sent the packet even when the firewall deletes it....

If the PC send the reply packet make sure the mac address in the packet is for the correct device. At that point you must assume the device with that mac got it and go there to see what it thinks.

almaric · Dec 2, 2013

Ah ofcourse, Windows firewall was on :/

So the only thing left is access 10.10.10.0 from the 192.168.1.0 subnet. I've added a route on 192.168.1.2 and from this address I now can ping 10.10.10.1. This same thing won't work on the 192.168.1.1...

Search

How to combine two subnets?

almaric

Honorable

bill001g

Titan

almaric

Honorable

bill001g

Titan

almaric

Honorable

bill001g

Titan

almaric

Honorable

bill001g

Titan

almaric

Honorable

TRENDING THREADS

Latest posts

Moderators online

Share this page