LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-01-2012, 11:35 AM   #1
MonctonJohn
Member
 
Registered: Aug 2007
Location: Canada
Distribution: Mint
Posts: 112

Rep: Reputation: 15
Trying to use my Linux machine as an internal router to segment my lan


Here is a picture I did that represents my LANs (it was quick and dirty):
http://i.imgur.com/MqqIA.png

I would like all the clients in the 10.25.1.0 network to be able to access the Linux router for SMB and mysql (XBMC)

Also I would like all the 10.25.1.0 clients to be able to access the printer at 11.25.1.24.

Now for the 2nd LAN (11.25.1.0) I would like these clients to only be able to access each other and the internet, but not access anything in the 10.25.1.0 network and printer access is not necessary.

I'm using webmin to try to achieve this but I'm having some issues.

I have a static route set in the internet connected router to forward all requests for 11.25.1.0 to gateway 10.25.1.120.

iptables -L:
Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     all  --  10.25.1.0/24         anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  10.25.1.0/24         BRN001BA96D3C8B.local 
ACCEPT     all  --  BRN001BA96D3C8B.local  10.25.1.0/24        
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
iptables -t nat -L:
Code:
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       all  --  10.25.1.0/24         BRN001BA96D3C8B.local to:11.25.1.24 
           all  --  BRN001BA96D3C8B.local  10.25.1.0/24        

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  10.25.1.0/24         BRN001BA96D3C8B.local to:10.25.1.100-10.25.1.254 
SNAT       all  --  BRN001BA96D3C8B.local  10.25.1.0/24        to:11.25.1.24 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DNAT       all  --  10.25.1.0/24         BRN001BA96D3C8B.local to:11.25.1.24 
DNAT       all  --  BRN001BA96D3C8B.local  10.25.1.0/24        to:10.25.1.100-10.25.1.254 

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
So far I can ping from 10.25.1.145 to 10.25.1.120 but nothing else (no SMB which was working before). At the moment I don't have the 11.25.1.100 router connected as I'm just concerned with getting basic file sharing and printing working for the 10.25.1.0 network.

My question then is what's missing from this configuration to make it work?
 
Old 06-01-2012, 04:17 PM   #2
MonctonJohn
Member
 
Registered: Aug 2007
Location: Canada
Distribution: Mint
Posts: 112

Original Poster
Rep: Reputation: 15
Ok, so I changed the value from 0 to 1 in cd /proc/sys/net/ipv4/ip_forward and now I can ping from the 10.25.1.145 machine to the 11.25.1.24 printer

But I'm still stuck on getting services (SMB, mysql, printer discovery) to work from the 10.25.1.0 network.

Last edited by MonctonJohn; 06-01-2012 at 04:19 PM.
 
Old 06-01-2012, 05:31 PM   #3
MonctonJohn
Member
 
Registered: Aug 2007
Location: Canada
Distribution: Mint
Posts: 112

Original Poster
Rep: Reputation: 15
Restarted smb and now I get shares

But still can't get from the windows machine to the printer to print, but I can ping it.
 
Old 06-01-2012, 08:48 PM   #4
MonctonJohn
Member
 
Registered: Aug 2007
Location: Canada
Distribution: Mint
Posts: 112

Original Poster
Rep: Reputation: 15
Finally, I had to Masquerade any traffic from 10.25.1.0 destined to the printer.

iptables -t nat -L:
Code:
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  10.25.1.0/24         11.25.1.24
 
  


Reply

Tags
router


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
RedHat Linux 9 as a internal Router shaqa Linux - Networking 2 02-09-2009 11:03 PM
lan connection between linux machine and windows machine arunsan842004 Linux - Laptop and Netbook 1 11-25-2008 05:44 AM
Unable to access internal LAN from outside Belkin wireless router tedthened Linux - Wireless Networking 3 01-31-2008 02:54 PM
ADSL Router + Linux Router + LAN = HELP!!! linuxlois Linux - General 2 09-16-2003 08:24 AM
HELP, A Internal Netowrk through a ROUTER (setting up linux to see the net) MaaDcow Linux - Newbie 0 08-06-2002 09:55 PM


All times are GMT -5. The time now is 02:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration