LinuxQuestions.org - how to route my lan ?

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - how to route my lan ? (https://www.linuxquestions.org/questions/linux-networking-3/how-to-route-my-lan-115112/)

how to route my lan ?

Hello everyboy
i have a lan with this config :
router-----firewall/gateway-----switch-----LAN
i have 2 NICs on my firewall/gateway
i did this steps :
1/ compil the kernel with the forwarding/netfilter options
2/ set ip_forward=yes
3/ set */ipv4/ip_forward to the 1 value
add my LANs machines name to /etc/hosts
i Set my 2 NICs addresse like this :
1 private IP 192.192.0.3 related to the router (because my lan is linked to an other lan and not to the internet )
1 private network 192.168.0.1 related to my private LAN
i set all machine gateway to 192.168.0.1 as default gateway

well all what i want to do is to be able to see my machines (LAN) from the other network (throught the wan) , and i want to know if all what i should do is to route
until now my network machines can ping my 2 firewall interfaces BUT CANT GO MORE AWAY !
i d like to know why
thanx

The IPs between router and gateway should be on a differnet subnet to your lan - thiswill make routing easier.

You will also have to add some masquerading rules to your iptables rules. There are plenty of examples on this site.

i dont wanna use masq cause i have to be able to see my machines from outside the network (it's 2 network in reality there is no access to the internet right now )
LAN2--Router=======router-----firewall/gateway-----switch-----LAN1
i have to be able to ping lan1 from lan 2 and the inverse !

Then you'll need to set up a VPN.

Take a look at this howto:
http://openvpn.sourceforge.net/bridge.html

isn't there an other way ?

>i have to be able to ping lan1 from lan 2 and the inverse !

This could be made to work. You may need to do some configuration on the other lan as well.

Are things currently configured so that if you connect the router directly to the switch the two LAN's are linked? I assume not.

I assume that the 192.168.0.x block of addresses is not being used on the other lan. If you have a netmask of 255.255.255.0 then your machines will assume that other 192.168.0.x machines are local and will try to talk to them directly. Packets address to machines outside of 192.168.0.x will be sent to the default gateway.

As David_Ross says it will be easier if you have the two interfaces on the firewallbox in different subnets.
You need the PC's gateway set to the ip of that side of the firewall/gateway.

To do this without NAT/MASQ you then need the other lan configured correctly. The machines on the other lan need to have a route to send replys back to your machines. How to achieve that depends on how the other lan handles routing. You might need a default route to 192.168.0-1.x set on all the machines or you might have to do stuff with a routing protocol.