internet sharing on an existing network

SPF · 03-07-2008, 07:05 PM

Hi,

I'm trying to add a new subnet to my network and enable internet sharing for that subnet.
I read a lot of guides and now it works halfway. I can send packets to the outside world, but I cannot receive anything back because my subnet isn't known in my primary router.

I think it has something to do with nat. But I haven't been able to find the correct guide to enable it.

My network topology:

Code:

    ++++++++++++++++++
    + internet cloud +
    ++++++++++++++++++
             |
             |-------------------------  83.14.15.0/?
             |
++++++++++++++++++++++++++++++
+ Speedtouch modem/router    +
+ dhcp-server = on           +
+ ip1 = 83.14.15.16          +
+ ip2 = 10.0.0.138           +
+ ip2mac = 00:90:d0:1c:xx:1b +
++++++++++++++++++++++++++++++
             |
             |
 --------------------------------------   10.0.0.0/24
     |                           |
     |                           |
     |                           |
+++++++++++++++++       ++++++++++++++++++++++++++++++++
+ pc 1          +       + linux pc 2                   +
+ ip = 10.0.0.2 +       + ipforwarding = on            +
+++++++++++++++++       + dhcp3-server = on            +
                        + dnsmasq = on                 +
                        + eth1 = 10.0.0.7              +
                        + eth0 = 192.168.0.1           +
                        + eth1_mac = 00:02:1e:f1:xx:51 +
                        + eth0_mac = 00:48:54:7A:xx:70 +
                        ++++++++++++++++++++++++++++++++
                                 |
                                 |
                         --------------   192.168.0.0/24
                           |
                           |
                           |
             ++++++++++++++++++++++++++++++
             + pc3                        +
             + ip = 192.168.0.5           +
             + ip_mac = 00:C0:9F:0E:xx:84 +
             ++++++++++++++++++++++++++++++

It seems that dns is working, but I think that's because I installed dnsmasq on the linux pc.

Now why ping doesn't work:

Quote:

trace on eth0:
Ethernet II, Src: QuantaCo_0e:xx:84 (00:c0:9f:0e:xx:84), Dst: DigitalS_7a:xx:70 (00:48:54:7a:xx:70)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.0.1 (192.168.0.1)

trace on eth1:
Ethernet II, Src: SimtelSR_f1:xx:51 (00:02:1e:f1:xx:51), Dst: ThomsonT_1c:xx:1b (00:90:d0:1c:xx:1b)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 216.239.59.104 (216.239.59.104)

You can see that the ip address 192.168.0.5 is being used towards the primary router. When the primary router wants to respond, I think it causes an address unreachable because 192.168.0.5 is not in the subnet 10.0.0.0/24.

If I do a ping from my linux pc:

Quote:

Ethernet II, Src: SimtelSR_f1:xx:51 (00:02:1e:f1:xx:51), Dst: ThomsonT_1c:xx:1b (00:90:d0:1c:xx:1b)
Internet Protocol, Src: 10.0.0.7 (10.0.0.7), Dst: 216.239.59.104 (216.239.59.104)

I get the following reply:

Quote:

Ethernet II, Src: ThomsonT_1c:xx:1b (00:90:d0:1c:xx:1b), Dst: SimtelSR_f1:xx:51 (00:02:1e:f1:xx:51)
Internet Protocol, Src: 216.239.59.104 (216.239.59.104), Dst: 10.0.0.7 (10.0.0.7)

I'm not able to add routing tables on my speedtouch router.

jschiwal · 03-07-2008, 10:23 PM

You are adding another network rather than a subnet. The easiest way would be to subnet the 10.0.0.0 address space. If you did that, then you could use forwarding alone to share the internet. You could have one subnet at 10.0.0.0 and another ( for pc3 ) at 10.0.1.0 for example. Another option is to use NAT on linux pc 2 to translate pc3's address.

I think you are right in that, because the router is in NAT mode rather than in routing mode, and this constrains you to use 10.x.x.x for the lan. The router has no way of knowing whether to forward 192.168.0.X traffic to pc1 or pc2.

One thing to double check is whether the "nf_conntrack" module is loaded. I once subnetted my 192.168.0.X home network to use my laptop to forward traffic between my desktop and my wireless router. I used two subnets: 192.168.1.0/25 and 192.168.1.128/25. This didn't work until I modprobed the ip_conntrack module. ( Note, that this was what this module was called in the kernel I had at the time. ) I though that this module was just used for masquerading, but I guess not.

sundialsvcs · 03-08-2008, 11:33 AM

You really don't want to have anything with a "192.168.x.x" address on a network that's "10.x.x.x" unless that second ethernet-adapter points to an entirely separate network ... causing this computer to be, in effect, a bridge between the two.

Each ethernet adapter has its own routing table which specifies how packets are to move from their source to their destination. Your "eth1" adapter faces to 10.x.x.x and therefore is the target for any traffic bound there. Your "eth2" adapter faces "192.168.x.x" and is the target only for traffic bound to that subnet. Finally, your "gateway" to the outside world is at "10.0.0.138," which means that it is your only gateway; "eth2" should not have a gateway address because it cannot reach the outside. Packets destined for Antarctica won't go anywhere from here if they go out through that pipe, and you don't want to give your computer the mistaken impression that it can choose between two routes.

Other computers, on the subnet to which your "eth2" adapter is facing, would use the "192.168.0.1" address of that adapter as their gateway, since as far as they are concerned that's what it is. Your computer will then reflect those packets back out through its "eth1" on its way to the hardware-router and thence the Internet.