I have configured my Linux router to connect to my ISP (Verizon) no problems at all. I have two NIC: ETH0 (Nic connected to the internet via PPPOE, NIC IP address is 192.168.1.2 SM 255.255.255.128), secondary NIC: ETH1(NIC connected to my wireless WRT54G router. IP address 192.168.1.129,SM 255.255.255.128). My WRT54G wireless router is connected to my secondary NIC, its IP address is 192.168.1.3,SM 255,255,255,0. There is an advanced routing feature on my WRT54G and I have tried to set a route. I tried to a a staic route: Destination LAN IP: 192.168.1.0,SM 255.255.255.0, Default Gateway 192.168.1.2(IP of my first NIC ETH0) that did not work. I have added routes on the linux box(route add -net 192.168.1.0 netmask 255.255.255.128 dev eth1), this route allow me to communicate with my wireless router(I do not understand how that works). This is what I want to happen:
I need to know how to tell my wireless router how to communicate with my linux router, just have all of my subnets to work together back and forth. Then when I have that all up and running configure IPTABLES and SQUID for security and internet filtering for my kids. I have spent a solid month try this. Please help

Hi,

your config is a bit "overcomplicated" : you're using subneting where you could use classical class C networks.

You could configure eth1 on the linux box like this :
IP address : 192.168.2.1
Netmask : 255.255.255.0

This will prevent you from using 255.255.255.128 masks, which works well but are more complicated to understand for the average human.

Then configure your Linksys with an IP in the same net :
IP address : 192.168.2.2
Netmask : 255.255.255.0
Gateway : 192.168.2.1 (your eth1 adapter)

now, connexion should work :
from linux to internet (as it allready did)
from linux to linksys
NOT FROM linksys to internet.

enter the line "echo 1 > /proc/sys/net/ipv4/ip_forward" in your linux box

now, your linux box can forward packets from eth0 to eth1 and you should be able to ping internet from the linksys box (be carefull : you have no dns configured on the linksys so you can not use domain names, only IP addresses).

Next step : iptables

Your problem was that your netmasks didn't match between eth1 and the linksys router. They must be the same, and IP should be in both case over 128 (since under 128 it's on your eth0 subnet).

You shoudn't have to set routes (except from the default route configured thanks to the default gateway), since all your networks are "directly connected networks". Route configuration comes when a machine must know the route to a network which is not defined directly on an interface and that it's not accessible through the default gateway.

Hope that's clear enough

Should I choose Gateway or Router and is the destination network 192.168.2.0. Would that be the correct setting?

I am using SUSe Linux 9.0 just though I would let you know and that a hell of alot for your help. I am going to give your suggestion a try.

this is my dhcp.conf

ddns-update-style none;
subnet 192.168.1.0 netmask 255.255.255.0 {
# default gateway
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;

option domain-name "whatever.net";
option domain-name-servers 10.5.0.250;

range dynamic-bootp 192.168.1.16 192.168.1.253;
default-lease-time 21600;
max-lease-time 43200;

this is my ifcfg-eth0

DEVICE=eth0
BOOTPROTO=static
IPADDR=10.106.0.123
NETMASK=255.255.252.0
NETWORK=10.106.0.0
BROADCAST=10.106.3.255
ONBOOT=yes
MII_NOT_SUPPORTED=no

this is my ifcfg-eth1

DEVICE=eth1
BOOTPROTO=static
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
ONBOOT=yes

this is my ifcfg-lo

DEVICE=lo
IPADDR=127.0.0.1
NETMASK=255.0.0.0
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback

and then i made sure that i allowed people to use the internet by con figuring my shorewall like so
my /shorewall/rules

#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER
# PORT PORT(S) DEST LIMIT
ACCEPT net fw udp 53 -
ACCEPT net fw tcp 80,443,53,22,20,21,25,109,110,143 -
ACCEPT net fw icmp 8 -
ACCEPT loc fw udp 53 -
ACCEPT loc fw tcp 80,443,53,22,20,21,25,109,110,143 -
ACCEPT loc fw icmp 8 -
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE


hope this helps

Do you have a linksys router. That is what I cannot get configured! and What is your route table look like(route -n)

Don't really see what you mean...

For your linux box, default gateway is your ISP's IP

For the Linksys router, you've got to configure this :

In the advanced tab, click setup.

The Internet section is in fact the interface which connects to the linux box (since you "inserted" the linux box between Internet and the WRT54G).
Chose "static IP", and enter thez following :
Internet IP address : 192.168.2.2
Subnet mask : 255.255.255.0
Default gateway : 192.168.2.1 (eth1 on your Linux box, can't be eth0 : they're not on the same net)
DNS : your ISP's DNS

The LAN section is your WiFi LAN
IP address : 192.168.3.1
netmask : 255.255.255.0
there's no gateway, since there's only one gateway per machine : it's still your linux eth1 defined on the Internet section

Finally (as for WRT54G), you've got to specify the encryption settings, WEP is the minimum you should choose.

Wow, I must say smething : I just looked the WRT54G doc and there pdf is bullshit : they should not refer ethernet as internet and wifi as lan ! It's almost false (hope the writer doesn't have a diploma to pass, he wouldn't have it -- hope he doesn't read this forum, if you reading me, you writer of this guide, please be more precise for poor network beginers !)

Then your wifi clients (other PC connecting through WiFI) should have IPs like :
IP : 192.168.3.x (x=2...254, since .1 is the Wifi interface of the wrt54g)
netmask 255.255.255.0 (the same as the wifi interface)
gateway : 192.168.3.1 (so as to go out of the wifi network, you've got to send packets to the wifi interface of the wrt54g).
Since there's a dhcp server on the WRT54G they should get all this automatically.

Finally, your network looks like this :

Internet
|
modem : IP 192.168.1.1 (I think)
|
| Lan 1 : 192.168.1.0 255.255.255.128
|
eth0 : IP 192.168.1.2
Linux Box : default gateway 192.168.1.1 (I think ; it must be your modem's IP)
eth1 : IP 192.168.2.1
|
| Lan 2 : 192.168.2.0 255.255.255.0
|
Ethernet : IP 192.168.2.2
WRT54G : default gateway 192.168.2.1
Wifi : IP 192.168.3.1
|
| Lan 3 : 192.168.3.0 255.255.255.0
|
Wifi : IP 192.168.3.x
WiFi client : default gateway 192.168.3.1

One more question Linux God! What files do I edit in order to make the routes permanent in SUSE 9.0, the
IP_Fowarding, and can you please show me a sample IFCFG-ETH0, IFCFG-ETH1, ROUTES and etc files. Then I will have better understand. The good news is that what you are saying I perfectly understand but I am still getting to know how SUSE 9.0 linux is setup. I do not want to use the GUI to do these things because I believe the way of learning Linux is to do it the manual way. Linux God Im at you mercy!

Re,

As for conf files, I don't have mandrake distributions... usually a google serach with the name of the file as subject is quite successfull.

for the echo 1 > /proc/sys/net/ipv4/ip_forward, I use a startup script which also includes my iptables rules.
That's not the cleaniest way : there are iptables-save, iptables-restore command, rtfm (read the fucking man page) is what I tell myself and what I'll do... someday

Good luck (some is often needed)

you are the man! thanks for your help!

Fr_laz

I have setup everything according to your directions but I still cannot get to the internet from any of my wireless clients through the WRT54G. I cannot ping anything but that network 192.168.3.1(gateway). I have setup my iptables, enable masquerading. Here are my rules:

Generated by iptables-save v1.2.8 on Tue Feb 15 11:09:53 2005
# Completed on Tue Feb 15 11:09:53 2005
# Generated by iptables-save v1.2.8 on Tue Feb 15 11:09:53 2005
# Completed on Tue Feb 15 11:09:53 2005
# Generated by iptables-save v1.2.8 on Tue Feb 15 11:09:53 2005
# Completed on Tue Feb 15 11:09:53 2005
FW_LOG_ACCEPT_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_DROP_CRIT="yes"
FW_PROTECT_FROM_INTERNAL="no"
FW_DEV_DMZ=""
FW_DEV_INT="eth1"
FW_DEV_EXT="ppp0"
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_EXT_UDP=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_EXT_TCP="http https"
FW_AUTOPROTECT_SERVICES="yes"
FW_MASQ_NETS="192.168.2.0/24"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_ALLOW_FW_TRACEROUTE="yes"

My linux router is fine. I can get to the internet. tis is what happens when I ping other networks:

Sludge:~ # ping 192.168.1.2 (ETH0), WAN connection
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.189 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.132 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=0.136 ms
64 bytes from 192.168.1.2: icmp_seq=4 ttl=64 time=0.136 ms

--- 192.168.1.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 0.132/0.148/0.189/0.025 ms

Sludge:~ # ping 192.168.2.1 ETH1(Private Network)
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.147 ms
64 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=0.130 ms
64 bytes from 192.168.2.1: icmp_seq=3 ttl=64 time=0.132 ms
64 bytes from 192.168.2.1: icmp_seq=4 ttl=64 time=0.135 ms

--- 192.168.2.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.130/0.136/0.147/0.006 ms

Sludge:~ # ping 192.168.2.2 WRT54G (Internet Interface)
PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
From 10.23.1.1: icmp_seq=1 Destination Net Unreachable
From 10.23.1.1 icmp_seq=1 Destination Net Unreachable
From 10.23.1.1 icmp_seq=2 Destination Net Unreachable
From 10.23.1.1 icmp_seq=3 Destination Net Unreachable
From 10.23.1.1 icmp_seq=4 Destination Net Unreachable

--- 192.168.2.2 ping statistics ---
4 packets transmitted, 0 received, +5 errors, 100% packet loss, time 3003ms

Sludge:~ # ping 192.168.3.1 WRT54G (LAN interface)
PING 192.168.3.1 (192.168.3.1) 56(84) bytes of data.
From 10.23.1.1: icmp_seq=1 Destination Net Unreachable
From 10.23.1.1 icmp_seq=1 Destination Net Unreachable
From 10.23.1.1 icmp_seq=2 Destination Net Unreachable
From 10.23.1.1 icmp_seq=3 Destination Net Unreachable
From 10.23.1.1 icmp_seq=4 Destination Net Unreachable

--- 192.168.3.1 ping statistics ---
4 packets transmitted, 0 received, +5 errors, 100% packet loss, time 3003ms

All of my wireless laptop grab everything dhcp from the WRT54G. What am I missing? I also even put the DNS information into the WRT54G of my ISP under the WAN section for DNS and still nothing please help.

Could it be routes that I need to put in? This is kicking my culo!