In this article, I will guide you through setting up the above network architecture wherein system A will be able to connect to both system B and system C and vice versa. But system B and system C won’t be able to connect with each other. Note that these are in a private network and connected via a switch. And the challenge is not to use Firewalls/Security Groups instead, we’ll only be using routing tables. Before getting started let me give you a brief about routing tables.
Routing tables
A routing table is a set of rules, that is used to determine where the packets travelling over a network will be re-directed to. All the devices which have an IP from servers to routers and switches use routing tables. The rules basically consist of a destination/target network name, Network Interface Cards (NICs) which provide IP to the devices and a gateway. And these rules are applicable to all the packets sent from the system.
Context
🔹 So, all we need to do is in the system A we need to have a destination network name that includes both system B and system C . Whereas in system B we need to have the destination network name only for the system A and similarly for system C also, we need to only have the destination network name only for the system A.
🔹 To add the rules in the routing table we use the route command in Linux. You can learn more about it in the documentation but I’ll be using some selected commands. And to remove all the rules I’ll be using ip route command again for which you can check the documentation.
🔹 Note that I have tested this demo in RHEL 8 Linux VM on VMWare. First I’ll list down my network names of systems A, B and C for the ens256 interface below.
system A - 192.168.93.139/24
system B - 192.168.93.140/24
system C - 192.168.93.141/24Demo
🔹 Now from system A we first remove all the routes for the interface ens256 and then add the network name that includes both system B and system C say 192.168.93.0/24 .
route -nip route flush table mainroute -nroute add -net 192.168.93.0 netmask 255.255.255.0 ens256route -n
🔹 Then again we first remove all the routes for the interface ens256 in system Band then add the IP of system A which is 192.168.93.139/32 .
route -nip route flush table mainroute -nroute add -net 192.168.93.139 netmask 255.255.255.255 ens256route -n
🔹 We repeat the steps of system B here again for system C since both of them only need to connect to system A . We first remove all the routes for the interface ens256 in system Cand then add the IP of system A.
route -nip route flush table mainroute -nroute add -net 192.168.93.139 netmask 255.255.255.255 ens256route -n
Test the connectivity
🔹 system A should be able to connect to system B and system C . We check the connectivity through the ping command. And in the below picture we can clearly see that it is indeed able to connect to system B and system C !
🔹 And system B is also able to connect to system A but not system C just as we wanted.
🔹 Finally, system Cis also able to connect to system A but not system B!
With this we have achieved our goal of setting up a unique network topology, I hope you enjoyed it. 😇
Thank You for reading!
