Can't set default gateway to different subnet

redss · 02-03-2011, 06:37 PM

What am I doing wrong here?
This is slackware 12. I'm trying to share my internet connection (on eth0) with a computer connected to eth1.

eth0 is 192.168.0.101, eth1 is 192.168.1.100 (different subnets).

But when I try to make eth1's default gateway the same as eth0's, see the error I get:

Code:

# route add default gw 192.168.0.1 dev eth1
SIOCADDRT: No such process

This is supposed to work, per http://lindesk.com/2007/04/internet-...sing-iptables/

more informational output follows....

Code:

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:07:E9:5C:77:81  
          inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1

eth1      Link encap:Ethernet  HWaddr 00:08:C7:E6:F2:04  
          inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
default         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

marco18 · 02-03-2011, 07:25 PM

As far as I am concerned, you won't be able to share your internet connection by setting that default gateway on the same machine that is directly connected to the internet. You have to set a proxy to redirect everything that comes from eth1 to eth0.

Some time ago, I used the following script. Give it execution permissions and change the extension if you like. It is configured with eth0 as the directly connected to internet interface and eth1 as the internal interface.

Just execute it and then see if the host machine nats correctly. Don't forget to set ip addresses as this script won't do anything about it.

Hope it helps!

redss · 02-03-2011, 10:37 PM

That script did the trick. Thanks!

redss · 02-04-2011, 05:05 AM

Question: Would it be possible for the script to be modified to share the internet connection on eth0 with the TWO ports I have? (eth1 and eth2)

Thanks!

marco18 · 02-04-2011, 12:22 PM

Quote:

Originally Posted by redss

Question: Would it be possible for the script to be modified to share the internet connection on eth0 with the TWO ports I have? (eth1 and eth2)

Thanks!

I've made some modifications to the script. Defined new variable INIF2=eth2 and then replicated iptables redirection sentences with that interface. I am unable to test it since I'm running windows now, so try it and review the script in case I made a mistake.

redss · 02-04-2011, 09:09 PM

Thanks! I will test it when I have a chance...hopefully over the next few days,,,

redss · 02-08-2011, 02:45 PM

I tested the script for 2 ports and it works like a charm!

One question: say for example the PC on the nat'd LAN port (eth1) has an telnet service running on port 21 that I want to hit from the server (on the other side of the firewall)

What would be the iptables syntax to expose port 21?

marco18 · 02-09-2011, 06:52 AM

Quote:

Originally Posted by redss

I tested the script for 2 ports and it works like a charm!

One question: say for example the PC on the nat'd LAN port (eth1) has an telnet service running on port 21 that I want to hit from the server (on the other side of the firewall)

What would be the iptables syntax to expose port 21?

If you take a look at the script, you'll see at the beginning that there are two variables "puertosTCP" and "puertosUDP". Uncomment them and set there the ports you need (separated with spaces). Then, again in the script, there is the following coding:

Code:

for puerto in $puertosTCP
do
iptables -A FORWARD -i $EXIF -o $INIF -p tcp --dport $puerto -j ACCEPT || fail=1
iptables -t nat -A PREROUTING -i $EXIF -p tcp --dport $puerto -j DNAT --to $pc2:$puerto || fail=1
done

for puerto in $puertosUDP
do
iptables -A FORWARD -i $EXIF -o $INIF -p udp --dport $puerto -j ACCEPT || fail=1
iptables -t nat -A PREROUTING -i $EXIF -p udp --dport $puerto -j DNAT --to $pc2:$puerto || fail=1
done

$INIF is your internal interface (server) and EXIF is the one connected to the internet. Just change the values of the variables and you are good to go =)