OK. I posted this once before, and really couldn't get an answer... Hopefully I can explain myself clearly enough for someone to understand and help .

I have a network at home. I have a Linux PC connected directly to the internet running IP masquerading. The Linux PC runs DHCP and all is well. I have a wireless router that I hooked up to the same switch that the Linux PC is hooked up to. For the sake of argument lets say that I want my Linux network to be SUBNET1, and the network connected to the wireless router to be SUBNET2. From SUBNET2 I can ping EVERYTHING on SUBNET1 without an issue, however SUBNET1 cannot see ANYTHING on SUBNET2. The only way that I can get the network on SUBNET1 to see anything on SUBNET2, is to add a static route from each PC to the other subnet.

I hope that makes sense so far.

I considered my Linux PC to be acting as a router (very similar role to the one that is running SUBNET2). So I thought if I added the static route to the routing table of my Linux PC, it would pass that on to any PC that accesses that Linux PC for the default gateway (essentially any PC on SUBNET1), however it doesn't.

So, in closing I am trying to tell all PC's on SUBNET1 that if they want to access any resources on SUBNET2, that they need to go through this IP address (the WAN side IP address of the wireless router). I want to accomplish this without manually adding static routes on every PC of SUBNET1. I thought since my Linux PC is essentially acting as a router, this should be do-able.

You tell me

Ok, several views but no responses. Does this not make sense, or is it simply not do-able with IP-MASQUERADING.

It looks like what you are describing is a network with 2 gateways..
One for the internet..
and one for Subnet 2..

It would be possible to set a static route in the Linux box to point to subnet 2, but replies would also have to come back from the linux box rather than from subnet 2 directly..
Add a masquerading rule, to snat everything going to subnet 2 from subnet 1, to give the source address of the linux box..

Thank you for the response Peter. What you state sounds like what I want to do, however, I am not really good with firewall rules. Can you post what you think I should use as a rule(s) to perform what you suggest? Using the following variables

SUBNET1=SUBNET1
SUBNET2=SUBNET2
LINUXGW= Linux PC IP address (on internal network LAN card)
LINKSYS= IP Address of the Linksys side of the wireless router.

Thanks!

SNAT and MASQUERADE use interface names.. Add them in place of ethx..
Replace the names with ip numbers or correct numeric subnet definitions
eg
iptables -t nat -A POSTROUTING -o ethx -s SUBNET1 -d SUBNET2 -j SNAT --to-source LINUXGW

You have already done the static route, but to be sure..
route add -net 192.168.2.0 netmask 255.255.255.0 gw LYNKSYS

Thanks so much for the response Peter. Here is what I did, but I still do not get the desired response. I am going to detail my network, and see if that helps this make more sense.

Linux GW = 192.168.0.1 (eth0) -- subnet 255.255.255.0
Wireless router LAN SIDE= 192.168.1.1 -- subnet 255.255.255.128
Wireless router WAN side = 192.168.0.90 -- subnet 255.255.255.0
PC (on Linux network) = 192.168.0.50
Laptop (on wireless network) = 192.168.1.5

I added the following rule to my firewall file:

iptables -t nat -A POSTROUTING -o eth0 -s 255.255.255.0 -d 255.255.255.128 -j SNAT --to-source 192.168.0.1


AND I added the following static route to my LINUX machine ONLY:

Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 192.168.0.92 255.255.255.128 UG 0 0 0 eth0



It still isn't working. I thought that maybe the last part of the iptables rule was wrong, and the address should have been the IP address of the LINKSYS (the WAN side), however that didn't seem to work either. I know this isn't a LINKSYS problem because again, I created a static route on my PC (see legend above), and was able to access the other network perfect. I removed the static route on my PC, and it couldn't talk to that other network.

Again, thanks for your help, and hopefully you can help me fix this mess the right way .

The source address and destination address need to be corrected to specify the subnet address..

192.168.0.x is the LAN on eth0
192.168.0.1 is the GW
192.168.0.50 is a workstation
192.168.0.90 is the wireless router

192.168.1.x is the wireless net..
192.168.1.5 is a wireless workstation

There's a problem with a netmask tho'..
Make all the netmasks 255.255.255.0 (=/24)

Then the routes in GW will show..With this you may not need the SNAT rule..
If you do, it will be coz another setting is interfering, so use
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -d 192.168.1.0/24 -j SNAT --to-source 192.168.0.1

Peter:

I made the following changes (as per your suggestion):

192.168.0.x is the LAN on eth0 (netmask = 255.255.255.0)
192.168.0.1 is the GW
192.168.0.50 is a workstation
192.168.0.90 is the wireless router

192.168.1.x is the wireless net.. (netmask = 255.255.255.0)
192.168.1.5 is a wireless workstation

My routing table shows:

also used your line in my firewall rules
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -d 192.168.1.0/24 -j SNAT --to-source 192.168.0.1



Same exact results as I have been getting, which are:

192.168.0.1 can ping 192.168.1.5 with no problems
192.168.1.5 can ping 192.168.0.50 with no problems
192.168.0.50 CANNOT ping 192.168.1.5 (HOWEVER if I add a static route into 192.168.0.50 to the 192.168.1.0 network I have no problems)


Due to the fact that I can add a static route in my 192.168.0.50 machine and it works fine, I KNOW that the problem is with the 192.168.0.1 machine. I just don't know why we can't make it forward the static routes... Again, thanks for all of your efforts with this.

Probably need a static route in the wireless router..

I can put in a static route, but what should it point to? A router (by definition) should know about the network directly attached to it, AND the network it is attached to. I also didn't think it was a wireless router problem, because it seemed to work with no problems if I put the static route in the workstation on the 192.168.0.0 network.

But hey - you guys are the experts, I am just a . With that being said, what kind of static route do you want me to put in the wireless router?

Quite right..
I am thinking of several different configurations at the same time :-/

I am bumping this for hopes that someone else may want to take a stab at it.