LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 08-16-2005, 05:45 PM   #1
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Rep: Reputation: 15
Routing on my internal network.


OK. I posted this once before, and really couldn't get an answer... Hopefully I can explain myself clearly enough for someone to understand and help .

I have a network at home. I have a Linux PC connected directly to the internet running IP masquerading. The Linux PC runs DHCP and all is well. I have a wireless router that I hooked up to the same switch that the Linux PC is hooked up to. For the sake of argument lets say that I want my Linux network to be SUBNET1, and the network connected to the wireless router to be SUBNET2. From SUBNET2 I can ping EVERYTHING on SUBNET1 without an issue, however SUBNET1 cannot see ANYTHING on SUBNET2. The only way that I can get the network on SUBNET1 to see anything on SUBNET2, is to add a static route from each PC to the other subnet.

I hope that makes sense so far.

I considered my Linux PC to be acting as a router (very similar role to the one that is running SUBNET2). So I thought if I added the static route to the routing table of my Linux PC, it would pass that on to any PC that accesses that Linux PC for the default gateway (essentially any PC on SUBNET1), however it doesn't.

So, in closing I am trying to tell all PC's on SUBNET1 that if they want to access any resources on SUBNET2, that they need to go through this IP address (the WAN side IP address of the wireless router). I want to accomplish this without manually adding static routes on every PC of SUBNET1. I thought since my Linux PC is essentially acting as a router, this should be do-able.

You tell me
 
Old 08-17-2005, 10:46 AM   #2
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
Ok, several views but no responses. Does this not make sense, or is it simply not do-able with IP-MASQUERADING.
 
Old 08-17-2005, 04:17 PM   #3
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
It looks like what you are describing is a network with 2 gateways..
One for the internet..
and one for Subnet 2..

It would be possible to set a static route in the Linux box to point to subnet 2, but replies would also have to come back from the linux box rather than from subnet 2 directly..
Add a masquerading rule, to snat everything going to subnet 2 from subnet 1, to give the source address of the linux box..
 
Old 08-17-2005, 04:52 PM   #4
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
Thank you for the response Peter. What you state sounds like what I want to do, however, I am not really good with firewall rules. Can you post what you think I should use as a rule(s) to perform what you suggest? Using the following variables

SUBNET1=SUBNET1
SUBNET2=SUBNET2
LINUXGW= Linux PC IP address (on internal network LAN card)
LINKSYS= IP Address of the Linksys side of the wireless router.

Thanks!
 
Old 08-17-2005, 05:13 PM   #5
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
SNAT and MASQUERADE use interface names.. Add them in place of ethx..
Replace the names with ip numbers or correct numeric subnet definitions
eg
iptables -t nat -A POSTROUTING -o ethx -s SUBNET1 -d SUBNET2 -j SNAT --to-source LINUXGW

You have already done the static route, but to be sure..
route add -net 192.168.2.0 netmask 255.255.255.0 gw LYNKSYS
 
Old 08-17-2005, 07:48 PM   #6
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
Thanks so much for the response Peter. Here is what I did, but I still do not get the desired response. I am going to detail my network, and see if that helps this make more sense.

Linux GW = 192.168.0.1 (eth0) -- subnet 255.255.255.0
Wireless router LAN SIDE= 192.168.1.1 -- subnet 255.255.255.128
Wireless router WAN side = 192.168.0.90 -- subnet 255.255.255.0
PC (on Linux network) = 192.168.0.50
Laptop (on wireless network) = 192.168.1.5

I added the following rule to my firewall file:

iptables -t nat -A POSTROUTING -o eth0 -s 255.255.255.0 -d 255.255.255.128 -j SNAT --to-source 192.168.0.1


AND I added the following static route to my LINUX machine ONLY:

Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 192.168.0.92 255.255.255.128 UG 0 0 0 eth0



It still isn't working. I thought that maybe the last part of the iptables rule was wrong, and the address should have been the IP address of the LINKSYS (the WAN side), however that didn't seem to work either. I know this isn't a LINKSYS problem because again, I created a static route on my PC (see legend above), and was able to access the other network perfect. I removed the static route on my PC, and it couldn't talk to that other network.

Again, thanks for your help, and hopefully you can help me fix this mess the right way .
 
Old 08-18-2005, 04:24 AM   #7
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
The source address and destination address need to be corrected to specify the subnet address..

192.168.0.x is the LAN on eth0
192.168.0.1 is the GW
192.168.0.50 is a workstation
192.168.0.90 is the wireless router

192.168.1.x is the wireless net..
192.168.1.5 is a wireless workstation

There's a problem with a netmask tho'..
Make all the netmasks 255.255.255.0 (=/24)

Then the routes in GW will show..
Code:
192.168.1.0     192.168.0.90    255.255.255.0   UG    0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
With this you may not need the SNAT rule..
If you do, it will be coz another setting is interfering, so use
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -d 192.168.1.0/24 -j SNAT --to-source 192.168.0.1

Last edited by peter_robb; 08-18-2005 at 04:43 AM.
 
Old 08-18-2005, 07:22 AM   #8
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
Peter:

I made the following changes (as per your suggestion):

192.168.0.x is the LAN on eth0 (netmask = 255.255.255.0)
192.168.0.1 is the GW
192.168.0.50 is a workstation
192.168.0.90 is the wireless router

192.168.1.x is the wireless net.. (netmask = 255.255.255.0)
192.168.1.5 is a wireless workstation

My routing table shows:

Code:
Destination     Gateway            Genmask            Flags Metric Ref    Use Iface
192.168.1.0     192.168.0.90    255.255.255.0      UG    0      0        0     eth0
also used your line in my firewall rules
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -d 192.168.1.0/24 -j SNAT --to-source 192.168.0.1



Same exact results as I have been getting, which are:

192.168.0.1 can ping 192.168.1.5 with no problems
192.168.1.5 can ping 192.168.0.50 with no problems
192.168.0.50 CANNOT ping 192.168.1.5 (HOWEVER if I add a static route into 192.168.0.50 to the 192.168.1.0 network I have no problems)


Due to the fact that I can add a static route in my 192.168.0.50 machine and it works fine, I KNOW that the problem is with the 192.168.0.1 machine. I just don't know why we can't make it forward the static routes... Again, thanks for all of your efforts with this.
 
Old 08-18-2005, 07:38 AM   #9
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Probably need a static route in the wireless router..
 
Old 08-18-2005, 07:43 AM   #10
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
I can put in a static route, but what should it point to? A router (by definition) should know about the network directly attached to it, AND the network it is attached to. I also didn't think it was a wireless router problem, because it seemed to work with no problems if I put the static route in the workstation on the 192.168.0.0 network.

But hey - you guys are the experts, I am just a . With that being said, what kind of static route do you want me to put in the wireless router?
 
Old 08-18-2005, 08:27 AM   #11
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Quite right..
I am thinking of several different configurations at the same time :-/
 
Old 09-02-2005, 02:30 PM   #12
Milkman00
Member
 
Registered: Jul 2002
Location: Tampa Bay area of FLORIDA!
Distribution: Slackware 8.1
Posts: 76

Original Poster
Rep: Reputation: 15
I am bumping this for hopes that someone else may want to take a stab at it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Routing between internal subnets teamchachi Linux - Networking 2 05-11-2005 07:21 AM
Internal routing of traffic within LAN jme Linux - Networking 1 04-23-2005 02:29 PM
Internal Routing eth1 to eth0 Dataforce Linux - Networking 3 04-02-2004 09:41 AM
SuSEFirewall and Internal Port Routing activematrix Linux - Security 2 10-09-2003 06:59 PM
Internal Routing Saris Linux - Newbie 12 06-24-2003 11:30 PM


All times are GMT -5. The time now is 01:23 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration