Some time ago, I decided to get a linux box to have it handle my network, because the router I have crashes often (overload and, most likely, not-so-great firmware). It has three NIC's and is the only linux-based system in the network. Here's the list of PC's that I need connected:

Linux (Desktop w/OpenSuSE 10.1)
Kom1 (Desktop w/ XP)
Pentium3 (Desktop w/ XP)
Gateway (Laptop, w/ wireless capability, but on wired)
Gateway2 (Laptop, w/ wireless capability, switching between wired and wireless)

Networking hardware: I have a cheap Linksys 5-port switch and the aforementioned wireless router (Linksys WRT54G - 4 ports LAN, 1 WAN). The internet connection goes through a Speedstream DSL dialing through PPPoE.

Requirements: Kom1 and Pentium3 need the quickest route connecting between them and they need a reliable connection to the internet. All computers must see each other on the network and be able to access the internet.

Here's the layout of the idea I have (which I tried to execute, but failed):


I tried subnetting, where eth1 has the address of 192.168.0.1 for the 192.168.0.x subnet and eth2 has the address of 192.168.1.1 for the 192.168.1.x network, but the best I got was the 192.168.0.x subnet connected to the internet and seeing each other while not the 192.168.1.x subnet. The 192.168.1.x subnet computers could not see the 192.168.0.x subnet nor access the internet. I did configure IP forwarding and played around with settings for subnets but nothing produced the desired effect. I am relatively new to linux, so please be gentle

Thanks in advance, any help will be appreciated!

can you show us the iptables configuration on the box? are you natting on the lnux box, or just routing? i'd probably recommend routing properly, and just adding a route for 192.168.0.0/23 on the actual router to point back to the linux router for those sources.

Sorry for the double posting - I thought the first one didn't go through, as it didn't show up in the list of threads. This was my first post here! So, hello!

As far as the configuration goes, I changed it after I lost hope of making the linux box a router for my network - I asked in a different forum without an answer to this day. I am currently using it as mere network storage. I can try and recreate this setup once I have a little more time (unfortunately I got caught here at a bad time - finals at school right now - once they're over I'll be available every day to play around with this; to be honest, I wasn't expecting this quick a response!) and tell you more exactly of everything. For now I can tell you more or less what I remember doing - for the most part, I used the networking module provided with YaST to enable IP forwarding and play around with putting in routes. I admit I do not know well what I was doing, though. I set up (now that I remember) the eth0 to be decided by DHCP, tried putting in the DNS server addresses that the router took on when connecting to the internet for the box as well as client computers with little success; I also added static routes to both the router and the linux box and changed modes of the router between router and "gateway" (I'm assuming that means functioning as a switch). As far as the linux box goes, I remember trying 192.168.0.0/8 w/ default gateway of 192.168.0.1 or 192.168.1.0/8 w/ default gateway of 192.168.1.1 (I actually did go to the lengths of fiddling around with Konsole just to get something working). I tried switching the default gateways between the interfaces, changing the default gateway (for the whole computer itself?) in the YaST setup tool, but the best effect I ever got to have was just like I described.

I realize this is probably not much info here, but I simply don't remember much more beyond this point, and I'll have to play around with the settings again later this week to tell you exactly what happened. Either Tuesday (less than 48 hrs) or on Friday (after finals, and it's my day off work so I'll have plenty time then) I will be able to give you just about any piece of information you want to ask for.

As far as your question with NAT goes, I'll need port forwarding for Kom1, Pentium3 and Gateway2 as I need the ability to accept incoming connections for some services these run (HTTP server and chat server; I also do VNC from work sometimes). Once I figure out (and/or you help me figure it out) the routing trouble, I should have no problem with the port forwarding, though - there are tutorials for those, and YaST has a ready package for firewall/port forwarding settings anyway. It's just this apparently non-standard setup I am trying to achieve that is getting me stuck in a rut (and no not-too-simple and not-overkill-technical readings available).

I avoided fiddling with the config files too much as I don't want to shoot myself in the foot with making a mistake there unwittingly.

A quick question - I tried connecting using both the wan port and just the regular lan ports for the router. Does it make a difference? I've also read somewhere that crossover cable must be used in some cases; does that even apply here? (and if you ask, yes, I've had a networking class, but long ago and long forgotten most of it)

So again, if this does not give enough info to guess what could be missing, I'll come up with more exact specifics on Tuesday or Friday. Again, I apologize that I do not have them ready, but I was pleasantly surprised with this forum. Thanks for the quick response; I'll give you the info you requested as soon as I can!

wow, lots of words... too early in the morning for all that..!

looking at what yo're after, again i'd advise routing, not portforwarding on the linux box. if you're port forwarding on there, then you're bouncing these tcp connectinos around and it'll get messy, as of course you're already going to be portforwarding on the internet router any way. if your linux box is configured to route... nothign fancy, just bog standard routing, then you won't need to port forwarding anythign on it at all, just so long as the real router is told where to go for the networks behind the linux box.

incidentally, 192.168.0.0/8 is an illegal network. only 192.168.0.0/16 is private, the rest is still real public address space... could get nasty for you!

and the double posting thing wasn't your fault at all. we have spam filter issues atm...

Argh, silly me, I meant 192.168.0.0/24 there! I'm more used to the old notation (255.255.255.0) and counted the wrong way around lol.

I think we're misunderstanding each other here - perhaps I'm confusing you a little - so let me clear it up. I have one static public IP coming from the ISP through the DSL box and the linux box will be the one to have it on eth0 (DHCP, since the connection is PPPoE). From there, I will need to perform port forwarding to eth1 and eth2 so that the computers on the private network will be able to accept incoming connections for certain services. That's the port forwarding part. I need the linux box to route packets between the private subnets (and across the interfaces in the linux box, obviously) so that, for example, pinging from Gateway2 to Kom1 and back should be possible.

192.168.0.0/16 should be ok here, too, right? (even if a bit overkill). Now another question - shouldn't the route on the WRT54G be 192.168.1.0/24? What I mean is that if the route added is 192.168.0.0/23 or 192.168.0.0/16 routing to the linux box, won't the packets bound for 192.168.0.x from the other subnet be bounced back to the linux box? (or does it not matter since the subnet's computers are directly connected to the WRT54G?)

Pardon my lengthiness - I like to be thorough in my explanations.
I'll give this network setup another go in a few days, and I'll let you know how that went.

if it's a WRT54G on the net connection, then surely that's what's holding the public ip? unless you're doing somethign weird like bridging across it... and if you are bridging across it, then there would be no routes on it anyway.

well, currently it is on the net connection, but that's the problem - I don't want it so because it's crashing. So yeah, I guess I'm doing something weird like that
Look again at the diagram I made - the linux box is to be the one with the public IP and the router is between the linux box and the two laptops (I think another misleading thing here is that they're both Gateway laptops, I just realized that lol!)
I want the linux box to handle the net instead for the sake of reliability, that's all, and while at it, make sure the heavy load *isn't* on the WRT54G.

Looks like I'm getting closer to explaining exactly what I need XD

ok, well you ca't just give that ip to another box, what you could do is configure the router to use the box as a dmz though, assuming that router will allow that. this way it'll just chuck ALL traffic hitting it to a certain internal address.

ok, now you lost me. Why can't I let the linux box handle it?
Let me draw the diagrams of how it is right now and how I want it to be and label more clearly, including ports plugged in and all.

With the above setup, all the computers have 192.168.0.10 as the default gateway and it's all in the 192.168.0.0/24 subnet. All is fine, except the WRT54G dies within 2-3 days (sometimes 2-3 times a day) with the heavy number of connections and bandwidth use for all the port forwarding it's doing. (and I suspect the firmware isn't doing its job, as the router mainly crashes when the wireless is in use). And thus my connection is unreliable.
So this is what I wanted:

Two questions that also cropped up as I did this second diagram are: Does the private IP of WRT54G even matter here? Should the WRT54G be connected to the linux box using the WAN port instead?

In any case, from testing I did, it turned out that the 192.168.1.x subnet was isolated from the rest of the network - pinging was successful only up until the linux box whether from that subnet or the 192.168.0.x subnet.

Oh, and regarding the internet - the DSL is just a bridge (afaik) between the ISP and any device I connect on my side - so that's why I'm confused as to why I couldn't switch the WRT54G with the linux box.

Whew, again a lot of words ^_^;