LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-15-2006, 06:15 AM   #1
dmdb
LQ Newbie
 
Registered: Mar 2006
Posts: 2

Rep: Reputation: 0
cannot route through the box!


Hello,

I'm new here and I hope i do i right.


I'm trying to make my box to route the traffic from internet to my local net. Make the box act like connection sharing router.

It's got 2 NICs:

wlan0: 192.168.1.X - the internet access with default gateway: 192.168.1.1

eth0: 10.0.0.X - the local network access connected to the switch with access to my internal network.


I've enabled the ip forwarding by editing the sysctl.conf - file, but when I restart the network service I get the Disabling the IP Forwarding message, does that mean that the forwarding is disabled?

what route command should i use?
what iptables tables shoud i use?


I've been strugling with this problmem for 2 weeks now, I hope some of you could lead me to the root of the problem...

Thanks in advance.

Fil.

Last edited by dmdb; 03-15-2006 at 06:18 AM.
 
Old 03-15-2006, 03:31 PM   #2
morgolis
LQ Newbie
 
Registered: Mar 2005
Posts: 11

Rep: Reputation: 0
Well first off, if you have IPtables running, remove it from the equation. Flush the IPTables out if there is a question about it. Next, check your IP Routes. Next try to ping the gateway of 192.168.1.1 from one of your 10.0.0.X machines to see if it's even routing past. If you can't ping 192.168.1.1 but you can ping 192.168.1.x (WLAN interface) then your gateway needs the IPRoute as it doesn't know the 10.0.0.X network exists and needs to know how to route traffic back.

So from my understanding your networking looks something like this:

192.168.1.1 (Gateway machine) ----- 192.168.1.x (WLAN Interface on different machine)---- 10.0.0.X (Same machine as WLAN interface)

Is this correct? Please tell us what you can ping from the 10.0.0.X network.
 
Old 03-15-2006, 06:07 PM   #3
camh
Member
 
Registered: Feb 2005
Distribution: Slack/Debian
Posts: 163
Blog Entries: 2

Rep: Reputation: 33
I have a similar setup at home that works flawlessly. Assuming network connectivity between your 10.0.0.x subnet is working:

Create an IPTables Firewall similar to below, and call it whatever you want. Make it executable:

Code:
#!/bin/bash

IPTABLES=/sbin/iptables
EXTIF=wlan0
INTIF=eth0

echo "1" > /proc/sys/net/ipv4/ip_forward

$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
Run the script.

Next, make sure that your default route is 192.168.1.1
Code:
route del default ; route add default gw 192.168.1.1
And add the line 'nameserver 192.168.1.1' to your /etc/resolv.conf if it isn't there already.

On all the computers that you want to use to access the internet through this linux box, you will also need to add a DNS entry (192.168.1.1 might work, however I prefer to hardcode my ISP's DNS server IP in). You should be able to access the internet from any 10.0.0.x machine.

Hope this helps.

EDIT: I forgot to add...all your 10.0.0.0 machines wishing to access the net will also have to have the 10.0.0.x IP of your eth0 device, set as their gateway.

Last edited by camh; 03-15-2006 at 06:16 PM.
 
Old 03-15-2006, 06:23 PM   #4
fr_laz
Member
 
Registered: Jan 2005
Location: Cork Ireland
Distribution: Debian
Posts: 384

Rep: Reputation: 32
Hi,

I assume your network is set up like this:
10.0.0.1-253 / 255.255.255.0 Clients
10.0.0.254 / 255.255.255.0 Eth0 of your Linux box
192.168.1.2 / 255.255.255.0 Wlan0 of your Linux box
192.168.1.1 / 255.255.255.0 WLan adapter of the modem/router

then your routing table must look like:
Code:
# route -n
Destination     Gateway      Genmask         Indic Metric Ref    Use Iface
10.0.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
0.0.0.0         192.168.1.1   0.0.0.0         UG    0      0        0 wlan0
to configure the default gateway, if it hasn't been already done, the command line is "route add default gw 192.168.1.1"
this command won't be kept after restarting the network (or the machine), you have to write that in some config file (depends on your distro...)

then you want to be able to forward packets from wlan0 to eth0 and vice versa... that's what you tried to do by editing sysctl.conf. As far as I'm concerned, i'm doing it manually (well in my iptables script) by doing "echo 1 > /proc/sys/net/ipv4/ipforward".

so to check if forwarding is enabled, you can always do a "cat /proc/sys/net/ipv4/ipforward". Whatever the method used to enable forwarding, the answer should be 1.
If the file doesn't exist, then you're missing some module i'd guess.

once this is done/checked, you've got 2 solutions, depending on whether you can reconfigre the modem/router or not. If you can, then the easiest (but unsecure) way to achieve what you want is, as morgolis said, to add the route info for the 10.0.0.0 network in your modem/router. Unfortunatly, I won't be able to help unless you tell us what kind of machine it is...

if you can't do that, then you'll need to NAT the 10.0.0.x machines. It means that all packets coming from 10.0.0.x will have their source IP address changed to the one of your Linux wlan adapter. This way the router/modem won't even know that there are some machines in the 10.0.0.0 network.
to make things simple, this is done by using the following iptable command:
iptables -t nat -A FORWARD -o wlan0 -j MASQUERADE

to do that, you need to have at least the CONFIG_IP_NF_TARGET_MASQUERADE module enabled in your kernel.

Note that NATing is not firewalling, if you want to add some security, you'll still need to filter which packets are allowed and which are not.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I am not able to add a new route to my route table using route command prashanth s j Linux - Networking 2 09-03-2005 05:34 AM
ADSL as a Alternate route or backup route bhagat2000 Linux - Networking 0 05-27-2004 04:17 PM
how do you set up your Linux box to route secure wifi? richard3403 Linux - Wireless Networking 0 11-15-2003 03:40 PM
Setting RH9 box up to route lathspel Linux - Networking 4 09-29-2003 02:05 PM
Why does 12.170.16.134 route to the wrong box?? registering Linux - Networking 3 09-24-2003 11:04 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration