The entire purpose of networking is to get traffic from point A to point B. When a computer requests information from another, packets are routed to the destination and then back. Sometimes, computers need a little guidance on how to get packets to the destination. This is known as routing. To assist with this, nodes utilize the concept of a routing table to help decide where packets should be sent given specific destinations. It would be very easy if every network in existence used the same IP scheme, but in truth, every network is completely different. To talk to a different network, your computer must know how to get to that network. Think of a routing table as a map of external destinations and the gateways to get to those destinations.
To better understand this, let's also talk about the concept of the default gateway. Typically, the default gateway is a router that understands how to talk to other networks. When you send a request for information over a network, packets traverse to the local default gateway and then onto other networks from there. In the case of a small office or home network, the default gateway is likely the router that sits in between your network and the rest of the world. In addition, it's also in between your local device and all other devices within your network. Without a default gateway, it's unlikely you'd be able to communicate over your network at all.
To view your default gateway, issue the ip route command and look for the line that reads default via.
Output of the ip route command
Without a default gateway (or with a default gateway that hasn't been properly configured), you're likely to find that you aren't able to communicate with other nodes on your network. In most cases, the default gateway is added to your routing table once you receive an address via DHCP. If you're using a static IP configuration, you can manually set the default gateway in Debian via /etc/network/interfaces, or the init script for your network card in CentOS (such as /etc/sysconfig/network-scripts/ifcfg-eno1). Here's a sample of these configuration files with the relevant line highlighted:
The /etc/network/interfaces file (Debian):
iface lo inet loopback allow-hotplug eth0 iface eth0 inet dhcp # The primary network interface allow-hotplug eth1 iface eth1 inet static address 10.10.96.1 netmask 255.255.252.0 gateway 10.10.96.1 broadcast 10.10.96.255 dns-search local.lan dns-nameservers 10.10.96.1
The /etc/sysconfig/network-scripts/ifcfg-eno1 file (CentOS):
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
NAME=eno1
UUID=8e6587dd-74ec-488f-8597-a04c4a4c5091
DEVICE=eno1
ONBOOT=yes
IPADDR="10.10.96.4"
NETMASK="255.255.252.0"
GATEWAY="10.10.96.1"
If you'd like to set your default gateway even more manually than that, you can also do so in your terminal via a shell command, as follows:
# route add default gw 10.10.10.1 eth0
Simple enough. We use the route command to add a new route; in this case, we're adding our default gateway (default gw). In this case, we're setting that gateway to 10.10.10.1 and binding it to interface eth0. It probably goes without saying, but once you reboot this machine or restart networking, this setting will likely be lost unless you make it permanent by updating the init script for your interface card, as we discussed earlier.
To view your routing table, simply execute the route -n command without any arguments. If the command isn't found, you may need to call out the path (such as /sbin/route) or run it as root. When you execute this command, you'll see the routing table. This will also show you your default gateway.
Output of the route -n command
First up for discussion in regards to this table is the IP address of 0.0.0.0. In terms of networking, this refers to everything. As you can see in the table shown in the previous example, the gateway for destination 0.0.0.0 on this network is 192.168.1.1. Therefore, any communication is sent to this IP (after all, it is the default gateway). There are also other networks shown in this table as well. In my case, they refer to instances of Docker running on this test machine as well as KVM virtualization, and each have their own independent virtual networking. Since they are all running on this same machine, their gateway is local: 0.0.0.0.
A Linux machine can easily act as a router itself, without the need for expensive networking equipment from companies such as Cisco. This flexibility makes Linux a very prominent choice for networking, and Linux-based hardware routers are becoming quite common. This is due, at least in part, to how easy it is to configure a Linux system to be a router. In a nutshell, all it takes to turn a Linux node into a router is multiple network interface cards. Each interface card can have its own default gateway, so you can actually configure routing the same way as how we've added a default gateway for eth0 earlier in this section. You would just do the same for eth1, eth2, or for whatever other interfaces you may have on the system.
However, there is one caveat. With most Linux distributions, routing between network interfaces is typically disabled by default. This has caused your author much grief and frustration until this became known early on in my career, so I'll save you the trouble and show you how to enable routing between interfaces on your Linux system.
First, see if this has already been done for you. While I've found that many distributions don't have forwarding enabled by default, some do. Checking this is easy:
cat /proc/sys/net/ipv4/ip_forward
What is the output of that command? Is it 1? If so, you're all set. If not, we'll need to change this. To do so, simply replace the value with 1 (as root):
echo 1 > /proc/sys/net/ipv4/ip_forward
That's it, you're done. You just enabled routing between interfaces (forwarding). That wasn't so hard. But, I suppose you'd prefer this to be a permanent change. Once you reboot your system, it's likely that this setting will just revert back to its default. To make this change permanent, edit /etc/sysctl.conf with your favorite text editor (as root) and add the following line to the end of the file:
net.ipv4.ip_forward = 1
Now, whenever you reboot your system, you will keep this setting. Of all the networking tweaks I've had you do thus far, this was definitely the easiest.
Finally, let's spend a little bit of time on Network Address Translation (NAT). The concept of NAT is to alter packets that are destined for one host and alter them so that their destination becomes something else. This alteration is actually done by altering the packets themselves, and it can be quite useful for managing network routing. The most common use for NAT is to conserve IP addresses, which is especially important given the shortage of IPv4 addresses these days. If you have a router in your home, you're likely familiar with this concept already. Your Internet Service Provider (ISP) gives you an IP, and that IP is what the rest of the world sees you as. But within your local network, you probably have a dozen or so devices connected and using the same Internet connection. Each of your internal devices have an IP address given to them by your local DHCP server, but that address is just local and is not routable to the outside world. In this case your router keeps track of the packets coming to and from each of your devices, and it alters the packets so that they don't get mixed up and end up at the right place.
For example, say you have a laptop and a desktop (on the same network), and you visit https://www.packtpub.com/ on your laptop. Your router sends the request out to the Internet, and delivers the result. Basically, your router makes that request on behalf of your laptop. When the return packets arrive from https://www.packtpub.com/, the destination address of the packets is changed from your public IP address, back to the IP address of the machine that requested the information. This way, you can be reasonably sure your laptop will get the reply, since it was the one that asked for it in the first place.
The concept of NAT is clever, and this isn't even the only use-case. You could even manually alter the destination address yourself as well, which could assist you with sending packets to other networks that your internal computers would otherwise have no idea how to route to. To alter NAT manually, we use the ip rule command. Utilizing this command is just a matter of altering the destination based on where the traffic is originating from. Consider the following example:
# ip rule add nat 10.10.10.1 from 192.168.1.134
This couldn't be simpler. Here, we're telling our system to look for any packets that are from 192.168.1.134, and rewrite them to flow to 10.10.10.1 instead. Repeat this for any other NATing you need to perform.