LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 02-06-2013, 05:27 PM   #1
sanctanox
LQ Newbie
 
Registered: Feb 2013
Posts: 2

Rep: Reputation: Disabled
Linux routing problem



I'm having a problem using Linux (CentOS 6.3) as a router that I've tried to outline below. Goal is that computers on LAN2 should be able to access the internet with the Linux server inline acting as the router between LAN2 & LAN1. I don't want to NAT LAN2 to a pool of addresses in LAN1, I just want to route through the Linux box and have the cable modem perform NAT through its outside interface.

Any help is appreciated as I've been banging my head on this for a while now.

Code:
Internet
    |
    |
    24.24.24.24
Cable Modem     (default gw = 24.24.24.1)
    172.20.101.1
    |
    |
    | LAN1 = 172.20.101.0/24
    |
    |
    172.20.101.254
Linux Router    (default gw = 172.20.101.1) (forwarding enabled via sysctl)
    192.168.201.254
    |
    |
    | LAN2 = 192.168.201.0/24
    |
    |
    192.168.201.111    
ComputerA       (default gw = 192.168.201.254)
Routing table for Cable Modem:
192.168.201.0/24 via 172.20.101.254
default via 24.24.24.24

Routing table for Linux Router (multiple tables):
(Main)
172.20.101.0/24 dev outside proto kernel scope link src 172.20.101.254
192.168.201.0/24 dev inside proto kernel scope link src 192.168.201.254
default via 172.20.101.1 dev outside

(201)
172.20.101.0/24 dev outside scope link
192.168.201.0/24 dev inside scope link
default via 192.168.201.254 dev inside

Rules for Linux Router:
0: from all lookup local
32765: from 192.168.201.0/24 lookup 201
32766: from all lookup main
32767: from all lookup default

Routing table on ComputerA:
default via 192.168.201.254

Problem:
ComputerA cannot access the internet.
ComputerA can ping as follows:
192.168.201.254 yes
172.20.101.254 yes
172.20.101.1 yes
8.8.8.8 no

What am I missing? Why can't ComputerA access the internet and/or ping an internet host that is known to respond to icmp (Google DNS)?

 
Old 02-06-2013, 07:40 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Is the cable modem performing NAT translation for the 192.168.201.0/24 network, or merely routing traffic which it won't do on it's WAN interface since it's in a reserved private only address. In other words, does it only perform NAT translation for the network its LAN switch is on?
If that is the case, maybe treating the 192.168.201.0/24 network as a the DMZ could trick the modem. to provide NAT if it allows a DMZ port configured on a separate private network.

You could configure the Linux router to masquarade addresses when the source is from a 192.168.201.0/24 address and the destination isn't a local address. So you would only be doing, what you want to avoid doing, if the destination is on the Internet. You could NAT to a single address. This would be using double-nattng for the hosts on the 192.168.201.0/24 network.

Another option could be to subnet the 172.20.101 network with the host addresses changed from the 192.168.220 network to the top subnet. The router's LAN interface would still have /24 scope encompassing both /25 subnets.

Good Luck.
 
1 members found this post helpful.
Old 02-08-2013, 05:34 PM   #3
sanctanox
LQ Newbie
 
Registered: Feb 2013
Posts: 2

Original Poster
Rep: Reputation: Disabled
Makes sense

That makes sense. I'll check out the DMZ idea you suggested, but I'm betting that will fail as well. I'll need to see if our provider can give us a simple modem/bridge rather than a modem/gateway and then perform all the translation on the server.

Thank you. I'll reply regarding whether-or-not the DMZ idea works after I test.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
linux source routing problem seth3k Linux - Networking 2 07-09-2011 06:34 AM
ftp routing problem on linux server dont_stop_me Linux - Networking 5 02-01-2009 02:41 PM
help please :) Problem routing through Linux box jrd426 Linux - Newbie 22 03-11-2006 06:26 PM
A routing Linux to win system problem jarethfox Linux - Networking 2 08-03-2003 09:08 PM


All times are GMT -5. The time now is 11:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration