Debian router with 3 interfaces

h0n0r · 06-24-2016, 11:32 AM

Hi!

I'm running a debian system as a router which is working perfectly fine.

My current setup is the following:

eth0 is the interface towards the internet, it's plugged with a cable from my fiber output in to the router.

eth1 is the interface that forwards everything, this one is connected to a switch and then all the computers in the switch.

I run a DHCP server on the router, it's working perfectly fine.

My iptables looks like this:

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables --table nat --append POSTROUTING --out interface eth0 -j MASQUERADE

iptables --append FORWARD --in-interface eth1 -j ACCEPT

Now I want to add a third network card (eth2)that I will connect to a wireless router (It's connected to the switch now and in bridge mode, works perfect.) and give the wireless clients a different subnet.

I know how to make that happen in my DHCP (dnsmasq) but I don't know how to make the appropriate iptable rules.

Is it even possible? Because eth0 needs to send the data to two different interfaces depending on what computer is communicating.

Thanks in advance.

h0n0r · 06-24-2016, 07:54 PM

I made some progress:

I use this as my IP-tables:

Code:

#Enable internal interfaces to communication between each other
#

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i eth0 -o eth2 -m state --state ESTABLISHED,RELATED \-j ACCEPT
iptables -A FORWARD -i eth1 -o eth2 -m state --state ESTABLISHED,RELATED \-j ACCEPT
iptables -A FORWARD -i eth2 -o eth1 -m state --state ESTABLISHED,RELATED \-j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to MY.EXTERNAL.IP.ADRESS

And this in my router /etc/network/interfaces:

Code:

#WAN port to get IP via DHCP

auto eth0
iface eth0 inet dhcp

#Configure LAN port

auto eth1
iface eth1 inet static
address 10.10.10.1
netmask 255.255.255.0

#Configure second LAN port

auto eth2
iface eth2 inet static
address 192.168.1.1
netmask 255.255.255.0

This enables me to ping and connect to the router via 192.168.1.1 adress.

But when I plug in a computer, I get nothing.

I have enabled dnsmasq to listen to eth1 and eth2 and my DHCP-ranges looks like tis:

Code:

dhcp-range=eth1,10.10.10.2,10.10.10.250,12h
dhcp-range=eth2,192.168.1.10,192.168.1.250,12h

I also tried using netmask 255.255.255.255 for the eth2 interface. Same thing there. I can ping 192.168.1.1 from any other computer, but I cannot get any connection.

I also tried to make a static IP-adress while connecting to eth2 on the laptop plugged into the network card that runs eth2, but no dice.

Any ideas what I'm doing wrong?

jefro · 06-25-2016, 05:33 PM

Might look at this too. http://www.fwbuilder.org/