Linux routing problem
I'm having a problem using Linux (CentOS 6.3) as a router that I've tried to outline below. Goal is that computers on LAN2 should be able to access the internet with the Linux server inline acting as the router between LAN2 & LAN1. I don't want to NAT LAN2 to a pool of addresses in LAN1, I just want to route through the Linux box and have the cable modem perform NAT through its outside interface.
Any help is appreciated as I've been banging my head on this for a while now.
192.168.201.0/24 via 172.20.101.254
default via 220.127.116.11
Routing table for Linux Router (multiple tables):
172.20.101.0/24 dev outside proto kernel scope link src 172.20.101.254
192.168.201.0/24 dev inside proto kernel scope link src 192.168.201.254
default via 172.20.101.1 dev outside
172.20.101.0/24 dev outside scope link
192.168.201.0/24 dev inside scope link
default via 192.168.201.254 dev inside
Rules for Linux Router:
0: from all lookup local
32765: from 192.168.201.0/24 lookup 201
32766: from all lookup main
32767: from all lookup default
Routing table on ComputerA:
default via 192.168.201.254
ComputerA cannot access the internet.
ComputerA can ping as follows:
What am I missing? Why can't ComputerA access the internet and/or ping an internet host that is known to respond to icmp (Google DNS)?
Is the cable modem performing NAT translation for the 192.168.201.0/24 network, or merely routing traffic which it won't do on it's WAN interface since it's in a reserved private only address. In other words, does it only perform NAT translation for the network its LAN switch is on?
If that is the case, maybe treating the 192.168.201.0/24 network as a the DMZ could trick the modem. to provide NAT if it allows a DMZ port configured on a separate private network.
You could configure the Linux router to masquarade addresses when the source is from a 192.168.201.0/24 address and the destination isn't a local address. So you would only be doing, what you want to avoid doing, if the destination is on the Internet. You could NAT to a single address. This would be using double-nattng for the hosts on the 192.168.201.0/24 network.
Another option could be to subnet the 172.20.101 network with the host addresses changed from the 192.168.220 network to the top subnet. The router's LAN interface would still have /24 scope encompassing both /25 subnets.
That makes sense. I'll check out the DMZ idea you suggested, but I'm betting that will fail as well. I'll need to see if our provider can give us a simple modem/bridge rather than a modem/gateway and then perform all the translation on the server.
Thank you. I'll reply regarding whether-or-not the DMZ idea works after I test.
|All times are GMT -5. The time now is 11:25 PM.|