LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Trying to use my Linux machine as an internal router to segment my lan (http://www.linuxquestions.org/questions/linux-networking-3/trying-to-use-my-linux-machine-as-an-internal-router-to-segment-my-lan-947996/)

MonctonJohn 06-01-2012 11:35 AM

Trying to use my Linux machine as an internal router to segment my lan
 
Here is a picture I did that represents my LANs (it was quick and dirty):
http://i.imgur.com/MqqIA.png

I would like all the clients in the 10.25.1.0 network to be able to access the Linux router for SMB and mysql (XBMC)

Also I would like all the 10.25.1.0 clients to be able to access the printer at 11.25.1.24.

Now for the 2nd LAN (11.25.1.0) I would like these clients to only be able to access each other and the internet, but not access anything in the 10.25.1.0 network and printer access is not necessary.

I'm using webmin to try to achieve this but I'm having some issues.

I have a static route set in the internet connected router to forward all requests for 11.25.1.0 to gateway 10.25.1.120.

iptables -L:
Code:

Chain INPUT (policy ACCEPT)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    all  --  10.25.1.0/24        anywhere           
ACCEPT    all  --  anywhere            anywhere           
ACCEPT    all  --  anywhere            anywhere           

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination       
ACCEPT    all  --  10.25.1.0/24        BRN001BA96D3C8B.local
ACCEPT    all  --  BRN001BA96D3C8B.local  10.25.1.0/24       
ACCEPT    all  --  anywhere            anywhere           
ACCEPT    all  --  anywhere            anywhere           

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination

iptables -t nat -L:
Code:

Chain PREROUTING (policy ACCEPT)
target    prot opt source              destination       
DNAT      all  --  10.25.1.0/24        BRN001BA96D3C8B.local to:11.25.1.24
          all  --  BRN001BA96D3C8B.local  10.25.1.0/24       

Chain INPUT (policy ACCEPT)
target    prot opt source              destination       
SNAT      all  --  10.25.1.0/24        BRN001BA96D3C8B.local to:10.25.1.100-10.25.1.254
SNAT      all  --  BRN001BA96D3C8B.local  10.25.1.0/24        to:11.25.1.24

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination       
DNAT      all  --  10.25.1.0/24        BRN001BA96D3C8B.local to:11.25.1.24
DNAT      all  --  BRN001BA96D3C8B.local  10.25.1.0/24        to:10.25.1.100-10.25.1.254

Chain POSTROUTING (policy ACCEPT)
target    prot opt source              destination

So far I can ping from 10.25.1.145 to 10.25.1.120 but nothing else (no SMB which was working before). At the moment I don't have the 11.25.1.100 router connected as I'm just concerned with getting basic file sharing and printing working for the 10.25.1.0 network.

My question then is what's missing from this configuration to make it work?

MonctonJohn 06-01-2012 04:17 PM

Ok, so I changed the value from 0 to 1 in cd /proc/sys/net/ipv4/ip_forward and now I can ping from the 10.25.1.145 machine to the 11.25.1.24 printer :)

But I'm still stuck on getting services (SMB, mysql, printer discovery) to work from the 10.25.1.0 network.

MonctonJohn 06-01-2012 05:31 PM

Restarted smb and now I get shares :)

But still can't get from the windows machine to the printer to print, but I can ping it.

MonctonJohn 06-01-2012 08:48 PM

Finally, I had to Masquerade any traffic from 10.25.1.0 destined to the printer.

iptables -t nat -L:
Code:

Chain PREROUTING (policy ACCEPT)
target    prot opt source              destination       

Chain INPUT (policy ACCEPT)
target    prot opt source              destination       

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination       

Chain POSTROUTING (policy ACCEPT)
target    prot opt source              destination       
MASQUERADE  all  --  10.25.1.0/24        11.25.1.24



All times are GMT -5. The time now is 11:03 PM.