LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-17-2011, 01:26 PM   #1
veeruk101
Member
 
Registered: Mar 2005
Distribution: Ubuntu 12.04 LTS
Posts: 249

Rep: Reputation: 16
Route between 2 subnets so device connected to Linux laptop can access Internet


I have a device connected to my laptop via a crossover cable, and I want that device to be able to access the internet through my laptop's internet connection. Let's say that device's IP address is 192.168.0.11, and my laptop's IP address for eth0 is 192.168.0.12 and for wlan0 is 192.168.1.12, both with subnet masks of 255.255.255.0. On my laptop, running the 'route' command currently gives the following:

Quote:
192.168.1.0 * 255.255.255.0 U 2 0 0 wlan0
192.168.0.0 * 255.255.255.0 U 1 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0
I've never done anything like this before, so I'm not sure what I should do in order to route between the 2 subnets. Could anyone please describe what I need to do? Also, once I've done that do I need to set the Gateway and DNS on the device to the IP address of the laptop's wlan0 interface (in this case, 192.168.1.12), or to something else? Thanks.
 
Old 10-17-2011, 01:37 PM   #2
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 332Reputation: 332Reputation: 332Reputation: 332
I think the only thing you need to do is enable packet forwarding on your laptop:
Code:
In /etc/sysctl.conf:
net.ipv4.ip_forward = 1

For immediate activation (as root):
echo 1 > /proc/sys/net/ipv4/ip_forward
 
Old 10-17-2011, 01:48 PM   #3
jlinkels
Senior Member
 
Registered: Oct 2003
Location: Bonaire
Distribution: Debian Wheezy/Jessie/Sid, Linux Mint DE
Posts: 4,493

Rep: Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636
You can solve this in two ways. First is to turn your laptop in a real router which means it has to know which IP your device is and set up route tables accordingly. That is not difficult, but it can be a bit overwhelming if you are not really familiar with the IP protocol. Have a look at this post: http://www.linuxquestions.org/questi...ml#post3877086
Take into account that your device is connected to the laptop and that in the diagram donald_pc plays the role of your internet modem. It means that you would have to set up a route in your modem which tells the modem the subnet 192.168.0.nnn must be reached thru 192.168.1.nnn. Most modems allow you to do that.

Alternatively, a quicker solution is to set up a NAT router inside your laptop, but you have to have iptables installed. Once it is installed, give these commands on the command line (as root):

Code:
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0  -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
Just enabling forwarding is not sufficient, packets from the modem back to the device don't know how to find the device. Therefor the masquerading, your modem will never know a device exists, it sends everything back to your laptop, and your laptop now knows how to handle it.

In your device you have to set the default gw to 192.168.0.12. DNS whatever you like, best is to use the same DNS as your laptop uses.

jlinkels
 
Old 10-17-2011, 02:32 PM   #4
veeruk101
Member
 
Registered: Mar 2005
Distribution: Ubuntu 12.04 LTS
Posts: 249

Original Poster
Rep: Reputation: 16
Thanks, the iptables solution did the trick. Couple of follow up questions just for my own curiosity and learning:

If I do 'echo 1 > /proc/sys/net/ipv4/ip_forward' do I also need to do 'net.ipv4.ip_forward = 1'? What's the difference between changing this setting in one place versus the other?

Regarding DNS servers, before I was setting the DNS server to be the IP address of the laptop. That's completely wrong (unlike for the gateway setting), isn't it? So I did a 'cat /etc/resolv.conf' on that laptop to find out which DNS servers it uses, and used those. I'm wondering, if you had done 'cat /etc/resolv.conf' on your computer and told me what DNS server you use, could I have also used that one? (So there's no 'security' around DNS servers? Anyone can use anyone's DNS?) Really basic question, I know... Thanks.
 
Old 10-17-2011, 03:01 PM   #5
jlinkels
Senior Member
 
Registered: Oct 2003
Location: Bonaire
Distribution: Debian Wheezy/Jessie/Sid, Linux Mint DE
Posts: 4,493

Rep: Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636
I haven't ever seen anything else than echo 1 > /proc/sys/net/ipv4/ip_forward
/proc/sys is a virtual file, used to tell the OS kernel something.
Where would you do net.ipv4.ip_forward = 1?

About DNS: yes, you could have used everyhting as DNS.
You made the error as to pointing to your laptop for DNS because most DSL modems contain a DNS server, and you won't see anything else than DNS the same as your default gateway, both your DSL modem. Quite understandable.

You could have used the DNS of your DSL modem if it contains one, the DNS of your ISP, my DSN or google, which is 8.8.8.8 or 8.8.4.4 IIRC. Google and "to find something" is pretty often used in one sentence...

jlinkels
 
Old 10-17-2011, 03:24 PM   #6
hen770
Member
 
Registered: Oct 2010
Distribution: Arch
Posts: 136

Rep: Reputation: 7
If you have the Ubuntu distro, you can change the device to a 'shared internet' which is where you set the DHCP etc.
 
Old 10-17-2011, 03:42 PM   #7
veeruk101
Member
 
Registered: Mar 2005
Distribution: Ubuntu 12.04 LTS
Posts: 249

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by jlinkels View Post
I haven't ever seen anything else than echo 1 > /proc/sys/net/ipv4/ip_forward
/proc/sys is a virtual file, used to tell the OS kernel something.
Where would you do net.ipv4.ip_forward = 1?
You'd set that in /etc/sysctl.conf as suggested to me by a previous poster in this thread. It's currently set to 0. I figured it might be analogous to setting a computer's hostname. If you just run the command 'hostname mycomputer' it will take effect immediately but the changes won't persist into the next reboot. In order to have it persist, you must change a file: by adding 'HOSTNAME=mycomputer' to /etc/sysconfig/network.

So I figured it's analogous - running 'echo 1 > /proc/sys/net/ipv4/ip_forward' would take effect immediately but not be persistent, but changing the /etc/sysctl.conf file would do the opposite? After running the echo command I did a 'grep ip_forward /etc/sysctl.conf' and the value is still 0. So if you don't change the file, then when you reboot isn't your computer being informed of the value '0' from the file but the value '1' from the command you ran? It's working for me but I'm curious to know more about the configuration just for my own learning. Thanks.
 
Old 10-17-2011, 03:51 PM   #8
jlinkels
Senior Member
 
Registered: Oct 2003
Location: Bonaire
Distribution: Debian Wheezy/Jessie/Sid, Linux Mint DE
Posts: 4,493

Rep: Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636
Ah, RHEL. Yes, they could do that thru /etc/sysctl.conf.

The command echo 1 > /proc/sys/net/ipv4/ip_forward had to be given after a reboot. I guess some script does just that when it processes sysctl.conf. And because this is executed at boot time such settings do survive reboots by design. It is just not smart to require a reboot to change such settings.

My own preference is to put all those iptables commands in a script file (including the echo to /proc) and run this file automatically at boot time. When such a file is available I can edit it at will, and run it to execute the changes I made.

It is important to start such a file with disabling forwarding, flush all iptables settings, build them again and enable forwarding.

But that is typically Debian-and-derivatives style. RHEL and associates use a different policy with which am not really familiar.

jlinkels
 
Old 10-24-2011, 03:54 PM   #9
veeruk101
Member
 
Registered: Mar 2005
Distribution: Ubuntu 12.04 LTS
Posts: 249

Original Poster
Rep: Reputation: 16
Quote:
My own preference is to put all those iptables commands in a script file (including the echo to /proc) and run this file automatically at boot time. When such a file is available I can edit it at will, and run it to execute the changes I made.
I'm going to do it this way - where exactly did you put this script file, and how is it called? Is there a place I can ADD rather than EDIT a file? Meaning rather than editing /etc/rc.local for example, a place where if I put it the script will be called. Such as adding a script to /etc/profile.d/ which will get called when a user logs in (but that wouldn't be the right place to add scripts related to iptables, because you don't want those run every time someone logs in).

Quote:
It is important to start such a file with disabling forwarding, flush all iptables settings, build them again and enable forwarding.
Out of curiosity, why is it important to first disable forwarding before re-enabling them at the very end?
 
Old 10-24-2011, 04:11 PM   #10
jlinkels
Senior Member
 
Registered: Oct 2003
Location: Bonaire
Distribution: Debian Wheezy/Jessie/Sid, Linux Mint DE
Posts: 4,493

Rep: Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636
Quote:
Originally Posted by veeruk101 View Post
I'm going to do it this way - where exactly did you put this script file, and how is it called? Is there a place I can ADD rather than EDIT a file? Meaning rather than editing /etc/rc.local for example, a place where if I put it the script will be called. Such as adding a script to /etc/profile.d/ which will get called when a user logs in (but that wouldn't be the right place to add scripts related to iptables, because you don't want those run every time someone logs in).
I have a directory called /etc/ipmasq/. In this directory I have the script file with names like ip_vas_gw. It is an ordinary bash script file almost written from scratch. Then in /etc/init.d I have created file called firewall.sh which takes start, stop and restart parameters, the usual stuff. It was copied and adapted from a suitable file in /etc/init.d. At start it runs the file from /etc/ipmasq, at stop it flushes the tables and disables forwarding. It think during boot it is called from rcS.d. You should follow the usual policy for your distro when you decide where to put it. The scripts are the same, but the location differ.

The huge advantage is that you have an independent script which you can run at will. Every time when you change something you run the script, which in turn flushes all iptables settings and you start clean with the rules. During running this script connections are not interrupted. I happily do this on a live system.

Quote:
Originally Posted by veeruk101 View Post
Out of curiosity, why is it important to first disable forwarding before re-enabling them at the very end?
That is good custom. You don't want to mess around with iptables while forwarding is enabled.

jlinkels

Last edited by jlinkels; 10-24-2011 at 06:15 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Two subnets connected through one linux box to the internet site_ml Linux - Networking 8 05-15-2007 05:11 PM
Two subnets connected through one linux box to the internet site_ml Linux - Networking 1 05-13-2007 01:17 PM
What route to access daisy chained 2d router 192.168.1.1 after 192.168.0.1 (subnets?) Emmanuel_uk Linux - Networking 6 05-05-2006 02:47 AM
access web on a laptop connected to a web-connected desktop bluesmanu Linux - Networking 2 04-16-2006 01:38 PM
DSL: confiuring internet access from 2 subnets kosie Linux - Networking 2 10-05-2004 12:12 PM


All times are GMT -5. The time now is 05:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration