LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-05-2015, 04:00 PM   #1
Dmitry_qt
LQ Newbie
 
Registered: Apr 2015
Posts: 4

Rep: Reputation: Disabled
Question Access a host from a different subnet in Linux


Hi all,

I have a host#1 with ip=192.168.3.100 and a host#2 with ip=192.168.2.100. Both hosts are connected to some linux device with 2 interfaces : eth0 with ip=192.168.2.1 and eth1 with ip=192.168.3.1.

So host#1 is connected to eth1 and host#2 to eth0. I would like to ping host#2 from host#1 and vice versa. How can I do that ?

I tried :
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

but it didn't work

PS
This is my first post here, so please don't be very strict to me
Looking forward to hearing from anybody as I'm out of ideas...

BR,
Dmitry
 
Old 04-05-2015, 04:45 PM   #2
millgates
Member
 
Registered: Feb 2009
Location: 192.168.x.x
Distribution: Slackware
Posts: 840

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Hello Dmitry,
what operating system is installed on host#1 and host#2?
Can you ping the linux device from host#1 or host#2?
Can you ping host#1 or host#2 from the linux device?
 
Old 04-05-2015, 04:59 PM   #3
vincix
Member
 
Registered: Feb 2011
Distribution: Centos 6.7, 7
Posts: 556

Rep: Reputation: 52
Also, what does iptables -vnL FORWARD command display?

Some new versions of linux don't use iptables by default (like Centos 7), so you'd have to install it manually and uninstall firewalld.

I am quite a newbie myself, so I'm asking this question to others who'll comment here:
Do you actually need NAT in this case? It's just a simple routing, right? I mean, you don't want host2/1 to think they're receiving the packets from the router, but from the hosts themselves, right?

Moreover, by default, on CentOS systems (and I bet on others too), the FORWARD chain has a reject rule. So if you add another rule to it, it is simply inserted AFTER the "reject-with icmp-host-prohibited". So if you haven't taken this into consideration, then you should try:
iptables -I FORWARD 1 -i eth1 -o eth0 -j ACCEPT (and the same for reverse traffic)

Last edited by vincix; 04-05-2015 at 05:09 PM.
 
Old 04-05-2015, 05:42 PM   #4
Dmitry_qt
LQ Newbie
 
Registered: Apr 2015
Posts: 4

Original Poster
Rep: Reputation: Disabled
Well, actually I tried different OSs : my current setup is host #1 is Ubuntu and host #2 is win7 but I also have 2 Ubuntu machines. Of course I can ping from host#1 to my Linux device and from host#2 also.
I have a zero route table at startup : can it somehow affect?
Also I have empty iptables which I fill with the commands from my original post.

To vincix : Yes, I need some simple routing, my Linux device should be transparent: host#1 should receive packets from host #2, nothing complex here.
 
Old 04-05-2015, 06:46 PM   #5
millgates
Member
 
Registered: Feb 2009
Location: 192.168.x.x
Distribution: Slackware
Posts: 840

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by Dmitry_qt View Post
Of course I can ping from host#1 to my Linux device and from host#2 also.
Ok, what about the other way?
Also, what exactly is happening? As far as I understand your original post, you can neither ping host#1 from host#2 nor host#2 from host#1, correct?
Does anything change if you omit the MASQUERADE rule?
 
Old 04-05-2015, 06:53 PM   #6
vincix
Member
 
Registered: Feb 2011
Distribution: Centos 6.7, 7
Posts: 556

Rep: Reputation: 52
Quote:
Originally Posted by Dmitry_qt View Post
Well, actually I tried different OSs : my current setup is host #1 is Ubuntu and host #2 is win7 but I also have 2 Ubuntu machines. Of course I can ping from host#1 to my Linux device and from host#2 also.
I have a zero route table at startup : can it somehow affect?
Also I have empty iptables which I fill with the commands from my original post.

To vincix : Yes, I need some simple routing, my Linux device should be transparent: host#1 should receive packets from host #2, nothing complex here.
You haven't told us what distribution of linux you're using on the router. Actually it doesn't matter much what OS the hosts are using, we're more interested in the router.

And you should definitely show us what iptables -vnL FORWARD lists (hiding any public ips or sensitive data, of course). I am not sure I, for one, can help you a lot without seeing exactly how your table looks. It would make things a little bit easier.

Wait a minute, are you actually using ONLY virtual machines for all that? 'Cause if you do, that's quite essential information. You have to set up all the machines to be part of the same network and so on. And, moreover, if you do, what are you using exactly? VMWare, Virtual Box? Don't forget about telling us what's the operating system of the machine you're trying to route through and what iptables -vNL FORWARD command says.

Last edited by vincix; 04-05-2015 at 06:55 PM.
 
Old 04-06-2015, 01:54 AM   #7
Dmitry_qt
LQ Newbie
 
Registered: Apr 2015
Posts: 4

Original Poster
Rep: Reputation: Disabled
So, here is my output for "iptables -vnL FORWARD" without MASQUERADE rule applied:

root@am335x-evm:~# iptables -vnL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0

"Ok, what about the other way?
Also, what exactly is happening? As far as I understand your original post, you can neither ping host#1 from host#2 nor host#2 from host#1, correct?
Does anything change if you omit the MASQUERADE rule?"
If I don't apply iptables commands, I can ping my router from both host#1 and host#2. But with iptables and without it I can neither ping host#1 from host#2 and vica versa. The output of ping is : "Destination host is Unreachable".

dmitry@Lambo:~$ ping 192.168.3.100
PING 192.168.3.100 (192.168.3.100) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable

MASQUERADE rule doesn't change anything in behaviour I see.

"You haven't told us what distribution of linux you're using on the router. Actually it doesn't matter much what OS the hosts are using, we're more interested in the router."
Well, this is a TI board AM335x with Linux from Arago project - smth "open-embedded" I guess.

"Wait a minute, are you actually using ONLY virtual machines for all that?"
No, no virtual machines, all involved PCs are real ones =). I have Ubuntu 14.10 at host#1 and Win7 at host#2.
 
Old 04-06-2015, 03:38 AM   #8
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 2,494
Blog Entries: 1

Rep: Reputation: 487Reputation: 487Reputation: 487Reputation: 487Reputation: 487
You should look at ebtables. What you're trying to do is called bridging. I recently did this to bridge ethernet to wifi since I had an asus rt-n16 with a capacitor that failed. A little soldering from a relic motherboard got a replacement part of mostly the same specs and it's working again. But since I'm still mostly configured for it, here's my setup. You do not need a crossover cable (MDI-X) since sometime between 2002-2008.

Machine A only has ethernet but the home network is mostly wifi.
Machine B has an ethernet port and a wifi card.

Network setup on Machine A (the one without wifi)
Code:
# ifconfig eth0 192.168.2.10 netmask 255.255.255.0 broadcast 192.168.2.255 mtu 1492 up
# route add default gw 192.168.2.1
(and that should be all that's needed on that machine setup wise, except for a firewall ofc)

Network setup on Machine B
Code:
# ifconfig eth0 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255 mtu 1492 up
# route add -net 192.168.2.0 netmask 255.255.255.0 eth0
(firewall and wireless credentials for the wireless NIC)
Code:
# dhclient -4 -v wlan0
(the wireless card must be on a different subnet like 192.168.1.*)

ebtables setup on Machine B
Code:
# the remote one that is ethernet
MACHINE_A_MAC="00:11:22:33:44:55"
# the local one that has wireless and is the wireless MAC address (ifconfig -a)
MACHINE_B_MAC="11:22:33:44:55:66"

# clear out old ebtables and set default policy
ebtables -P INPUT ACCEPT
ebtables -P OUTPUT ACCEPT
ebtables -P FORWARD ACCEPT
ebtables -F
ebtables -t nat -F

# pre and post for both NICS.
ebtables -t nat -A POSTROUTING -o wlan0 -s $MACHINE_A_MAC -j snat \
                               --to-source $MACHINE_B_MAC
ebtables -t nat -A PREROUTING  -i wlan0 -d $MACHINE_B_MAC -j dnat \
                          --to-destination $MACHINE_A_MAC
ebtables -t nat -A POSTROUTING -o eth0  -s $MACHINE_A_MAC -j snat \
                               --to-source $MACHINE_B_MAC
ebtables -t nat -A PREROUTING  -i eth0  -d $MACHINE_B_MAC -j dnat \
                          --to-destination $MACHINE_A_MAC
allow forwarding on machine B
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables setup on machine B
Code:
# MASQUERADING allows access beyond pinging the wifi NIC
iptables -t nat -I POSTROUTING -o wlan0 -j MASQUERADING
# -I if the firewall is already up so it goes in front of the other rules.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to get guest on same subnet as host irreverentryan Linux - Virtualization and Cloud 13 04-25-2013 02:01 PM
web access works from same subnet but not from different subnet linuxandtsm Linux - Newbie 2 11-27-2012 03:23 PM
[SOLVED] VDE and KVM -- guests and host all on same subnet kfritz Slackware 5 05-21-2012 11:18 PM
Can't Ping Linux KVM from Other Machines on Host Subnet newmanium2001 Linux - Networking 5 05-19-2009 09:01 AM
Possible? 1 public subnet/1 private; 1 host: traffic out the way it came in? JMCraig Linux - Networking 8 10-17-2005 09:12 PM


All times are GMT -5. The time now is 12:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration