2

based on this sample guide link:
http://ubuntulinux.co.in/blog/ubuntu/nat-configuration-with-iptables-in-ubuntu/

with this code: 

iptables –append FORWARD –in-interface eth1 -j ACCEPT

it means that "All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer."

How can we make our ubuntu server router gateway mode to router mode? In order our private networks is visible from other networks or different subnet.

Scenario:

                             +---+        
                   eth1-*.1.2| S |           +----------+
 *1.1router===switch=========|   |           |          |------PC1
               ||            | / |private net|  switch  |------PC2
               ||            |   |===========|          |------PC3
               ||            | R |eth0-*.0.1 +----------+
               ||            +---+
             *.1.3
              Router
               ||            
               ||
             *.7.1
          other network

S/R: Server as Router
192.168.x.x
eth1: connection from the internet/other network
eth0: internal/private network
PC1,PC2,PC3: w/ ip add .0.x

ckknight
  • 303
  • 1
  • 4
  • 11
  • I don't understand the question "How can we make our ubuntu server router gateway mode to router mode?" Could you clarify it by explaining what you're trying to achieve? – Oli Aug 13 '13 at 08:20
  • Are you talking about port forwarding? – Oli Aug 13 '13 at 08:21
  • Hi @Oli, thanks for you immediate response. What I am trying is to make my private network visible to other network. e.g. my private network had a 192.168.0.0/24 and other network has a 192.168.7.0/24. How can we connect .7.x to .0.x? – ckknight Aug 13 '13 at 08:25
  • And there is an Ubuntu server as the gateway to each of these subnets with a common router at the top or is it one Ubuntu server controlling two subnets? – Oli Aug 13 '13 at 08:36
  • This might be relevant: http://askubuntu.com/questions/168033/how-to-set-routes – Oli Aug 13 '13 at 08:37
  • @Oli I edited my question for more details. I add figure. – ckknight Aug 13 '13 at 08:45
  • I think the author of the question has a Ubuntu Server machine set as a gateway with masquerade and is interested in both masquerade at the WAN interface and simple non-NAT routing for other interfaces interconnecting LANs. Guessing a bit though. – moon.musick Aug 13 '13 at 08:49
  • Well you either need to configure the first-line router to route this traffic and that's probably the best way of handling it, or you add static routes at each of the secondary network routers. On the Ubuntu server ip route 192.168.7.0 255.255.255.0 192.168.1.1 - but again, if the head router isn't configured to allow that routing, it won't go. – Oli Aug 13 '13 at 08:51
  • Thanks @moon.musick, that's what i meant. Using non-NAT routing for other insterfaces interconnecting LANs. but how? – ckknight Aug 13 '13 at 08:52
  • Ok, I put back my previous comment. It depends on the configurable options of the 'router' box - if it is a simple NAT-ting consumer-grade router, you might not be able to configure the static path to the x.x.7.0 network. If it is something more advanced, just set the routing there - your Ubuntu box in this case does not matter that much (I suppose it has forwarding enabled already, if it works at all in this setup). If the 'router' already lets both x.x.7.0 and x.x.1.0 reach the Internet, then you might be in luck, as most consumer routers do not support such behavior. – moon.musick Aug 13 '13 at 08:59
  • @ckknight what is that 'router' device specifically? – moon.musick Aug 13 '13 at 08:59
  • @Oli I already static route it... but why .7.x can't ping the private network hosts (PC1,PC2,PC3)? though it can ping the ip add of eth1 and eth0 but not the hosts connected to eth0. – ckknight Aug 13 '13 at 09:01
  • @moon.musick, Sorry my figure before is not right... now the figure is corrected. – ckknight Aug 13 '13 at 09:15

1 Answers1

1

You'll need to turn on IP forwarding if your static routes are already in place. To do that run sudoedit /etc/sysctl.conf and look for the following segment:

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

Do as it says and uncomment the second line so it looks like:

net.ipv4.ip_forward=1

Save and exit. Then run sudo sysctl -p /etc/sysctl.conf to reload the configuration. You might then have to reload the networking stack (sudo restart networking) but after that your 192.168.7.x machines should be able to reach 192.168.0.*

Oli
  • 293,335
  • It is possible that if the OP actually run through the steps of the tutorial and enabled masquerade, it has to be turned off if the hosts from x.x.7.0 network are to be able to reach those in x.x.0.0 network. – moon.musick Aug 13 '13 at 09:27
  • @moon.musick : do i have to disable or flush the nat masquerade on my iptables? – ckknight Aug 13 '13 at 13:41
  • @ckknight I guess that if you have masquerade configured for hosts in x.x.0.0 network and don't have any specific rules allowing direct connection to those hosts from outside (that is, from hosts behind eth1), then yes, you might have to disable masquerading. Try and see, if it does not work, the problem is elsewhere. – moon.musick Aug 13 '13 at 17:18
  • @moon.musick : yes, it works! thank you so much, guys. – ckknight Aug 14 '13 at 00:32
  • The problem found. If we disable the masquerading, it can ping(visible) the hosts (PC1,PC2,PC3) from .7.x networks but the host can't remote/connect to .7.x. However, when we enable the the masquerade we can connect to .7.x but .7.x can't be ping(invisible). Any idea of what/why is this happened? – ckknight Aug 14 '13 at 02:52