Join Log in
Score:0
Wulf avatar Server

Windows Client Gateway on other Subnet

in flag
Wulf

I have two subnets.

192.168.232.0/28
192.168.232.16/28

The Cloudprovider(Hetzner) gives me a gateway 192.168.232.17 for the subnet 192.168.232.16/28. I have a windows client 192.168.232.19 in this subnet. I have a Mikrotik/Firewall/Gateway on 192.168.232.2 in subnet 192.168.232.0/28.

If i use on 192.168.232.19 the default gateway 192.168.232.17 I can ping 192.168.232.2 and the other way around.

But I want 192.168.232.2 to be the default gateway.

I tried these routes on the windows client:

192.168.232.0/24 via 192.168.232.17
0.0.0.0/0 via 192.168.232.2

ROUTES

But its not working. What am I missing?

33
0 + 0
cn flag
Greg Askew
If the traffic is not going to 192.168.232.2, what destination is it attempting?
0
Reply
Wulf avatar
in flag
Wulf
@GregAskew With routes added in the image: `ping 8.8.8.8` ends with `192.168.232.19 host not reached`
0
Reply
cn flag
Greg Askew
That's what I would expect. The interface 192.168.232.19 is on a different subnet than 192.168.232.2. That isn't a valid next hop for a router.
0
Reply
Wulf avatar
in flag
Wulf
@GregAskew So I have no possibility to use `192.168.232.2` as Default Gateway, because I have no direct interface in that subnet?
0
Reply
Zac67 avatar
ru flag
Zac67
@Wulf You cannot use a gateway that is in another subnet. Either you use the gateway in your subnet or you move over to the other subnet.
1
Reply
Wulf avatar
in flag
Wulf
@Zac67 1. Can you sent some resources that I could grasp that? 2. I'm connecting a dedicated server and cloudserver from Hetzner. I can't move the client into an other subnet, because the provide me the gateway in that network...
0
Reply
Zac67 avatar
ru flag
Zac67
Network 101. A gateway forwards packets from your subnet to another. How do you expect to send packets to a gateway when it is in another subnet? https://networkengineering.stackexchange.com/questions/50352/network-gateways-vs-interfaces should explain it in more detail.
0
Reply
Wulf avatar
in flag
Wulf
@Zac67 That's fine. I get that point. My thought was like: I could say the OS "You can reach gateway 192.168.232.2 via gateway 192.168.232.17 but that seems not possible...
0
Reply
Score:1
Zac67 avatar Server
ru flag
Zac67

A gateway can only be used when it is located in the same subnet as the sender. IP routing works by sending an IP packet to the gateway and the gateway forwarding it on.

On MAC-based networks like Ethernet that is done by addressing the encapsulating Ethernet frame to the gateway's MAC address. The MAC address is determined by an ARP request for the gateway IP address. ARP uses Ethernet broadcast to send the request to all nodes in the broadcast domain. Accordingly, a gateway MUST be located within the sender's broadcast domain.

Usually, the sender only attempts to ARP the gateway address when it is part of its own subnet. You could trick this part by forcing an address to be "on-link" (similar to what you've tried) but you can't trick the broadcast domain.

Forcing a gateway that your local gateway should use was initially an IP option called source routing. It didn't gain wide adoption and is today generally deprecated for severe security issues. The option is either ignored or the whole packet is dropped.

As mentioned in the comment: you need to use your local gateway or move the host to the other subnet.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.