Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a home network which consists of a router and and 4 computers connected to it. Lets for arguments sake call the 4 computers PC1 to PC4. I have also got a 5th computer (PC5) connected to PC1 using a crossover cable from PC5 to a second network card on PC1. This setup has been working fine for quite some time now but now i would like to allow PC5 to connect to all the other computers on the network. I thought this should be possible by forwarding everything from PC5 to the router through PC1 using iptables. After looking on numerous websites i did the following on PC1:
Code:
sysctl -w net.ipv4.ip_forward=1
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -o eth1 -j ACCEPT
Unfortunately this achieved nothing. I also tried clearing the iptables rules and doing the same again but i have no connection at all between PC5 and the rest of the network. Only between PC% and PC1.
Any help would be gratefully appreciated.
Thanks in advance, Adrian
It looks like you're tackling the question of how to enable PC1 to forward packets between PC5 and the router. You didn't mention how your IP addresses are assigned and what routes you've set up. This is central to whether packets from PC5 will even attempt to reach the router (and vice versa) regardless of whether such traversal of PC1 is permitted. The fact that you can't get past PC1 from PC5 is a good indication this isn't set up.
In your configuration the PC1 <--> PC5 connection is a complete subnet (locally addressable set of machines), say 192.168.1.0/24 with addresses 192.168.1.1 and 192.168.1.2 respectively. PCs 1-4 and the router are another complete subnet, say 192.168.2.0/24. What's left out (of your post at least) is how a packet gets from PC5 (192.168.1.2) to any PC other than PC1. PC5 has to be told that it can reach addresses outside of 192.168.1.0/24 by sending packets to PC1 (192.168.1.1) for forwarding. This will entail a route table entry on PC5, perhaps a gateway entry since ALL non-local traffic from PC5 will have to pass through PC1. Similarly, machines outside of subnet 192.168.1.0/24 (i.e. PCs 2-4 and the router) need to know about this subnet and how to address it (presuming they want to talk to it at all . . . ) The typical way would be to tell the router (i.e. add a route table entry on the router that says traffic for 192.168.1.0/24 should be sent to PC1. PCs 2-4 presumably already have the router as their default gateway, so setting the route on the router will suffice for these to reach 192.168.1.0/24 also.
You might have some routing set up, but since it's not mentioned in your post, this is the place to start.
The routing is confused. Particularly on PC1, which belongs to both subnets. Basically, PC1 can't tell where to send all possible packets in this configuration. From how the routes are set, you've evidently used a network mask of 255.255.255.0 in setting the IP addresses of both eth0 and eth1. This tells PC1 something inconsistent - that the subnet of IP addresses that look like 192.168.1.X is connected to eth0 and at the same time connected to eth1.
The cleanest fix would be to change the PC1 <--> PC5 subnet configuration, since it's the smaller of the two subnets involved. This fix causes PC1 to act as a router itself, routing packets between the subnets. Assign PC5's eth0 IP 192.168.2.2 (network mask 255.255.255.0) and PC1's eth1 IP 192.168.2.1 (network mask 255.255.255.0.) Here, I'm assuming based on the routes that it is PC1's eth1 that is physically connected to PC5's eth0. If not, switch around the interfaces such that the connected interfaces of PC1 and PC5 reside on the 192.168.2.0/24 subnet.
Once you've set up the IP addresses, you need to get routing set up. If you're using configuration files for IP addresses and netmasks, it's likely that PC1 and PC5 routes will come up just fine with the scripts that bring the interfaces up and down (make sure that 192.168.2.1 is set as PC5's default gateway.) However, there's one more step. You will need to let the router know where to send packets that need to reach PC5. If the router's a linux box that would be:
(i.e. for packets to addresses like 192.168.2.X, send them to PC1's eth0 and let PC1 deal from there)
If you can't change the router at all, then you need to look at one of two more advanced way to address this issue:
- have PC1 masquerade packets sent from PC5 so that they appear to other machines as coming from PC1. Replies will be sent to PC1 which will forward them accordingly. This isn't great if you want to initiate a connection to PC5 from any other machine (can be done but requires more work . . .)
- have PC1 serve as a bridge which effectively knits the two subnets into one by resending any packet hitting either interface on PC1 out the other interface. Then you do use all machines with 192.168.1.X addresses and all packets hit all interfaces, courtesy of PC1's efforts.
I guess the correct game plan would be to decide what to do based on your access to the router. If you can't add the necessary route to make the separate subnet approach work, it might be easier to jump to the bridge approach.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.