9

iptables vs bridge-utils vs route

I have two network cards in a Linux server and don't know how to make them communicate. After searching a lot I still don't know which method is the one that should work, nor the implications of using each.

Here is my system.

  cat5 cable   +----------------------------------+ cable
<------------- |  my server                       |<------> WiFi router
router         | eth1               eth2          |         192.168.0.1
& internet     | 10.11.12.13        192.168.7.7   |      gw:192.168.7.7 ?
               | gateway: 10.1.1.1                |  192.168.0.x for WiFi clients

The wifi clients should be able to access the internet and the 10.x.x.x subnet, but the wifi clients cannot be on the 10.x.x.x subnet, they have to have IP addresses in the 192.168.x.x range.

So how do I connect the two networks? Do I use iptables? Do I use the linux "route" command? Do I make a network bridge with bridge-utils?

Also, should the WiFi gateway be 192.168.0.1 or 192.168.7.7 ?

I've plugged the cable from the server to the router into the WAN port.

P.S. I've asked this on StackExchange (i) Networking and (ii) Linux and gotten no answers, (iii) and also tried Reddit.

GrandSatrap
  • 151
  • It sounds like this is what you want (duplicate question?): http://askubuntu.com/questions/311053/how-to-make-ip-forwarding-permanent Since you've connected eth2 to the WiFi router's WAN port, it should automatically configure its gateway (to the .7.7 address). – Kim Phillips Oct 04 '14 at 20:57
  • Thanks. Not really though. I've tried iptables and I've tried messing with the route command and I've tried a bridge, but got locked out of the computer. It may be that I need to try combinations of these. Not sure where to get networking help though. – GrandSatrap Oct 05 '14 at 01:23
  • hi, how about the route command on your server (that, to be honest, shall we call router)? Did it have as default gateway 10.1.1.1? Did it connect to internet? Are you sure that you really need a /8 address on eth1? – feligiotti Oct 07 '14 at 13:49
  • I'll look into it more tomorrow. There is no problem with the server connecting to the WAN and the internet. I just wanted to know how to connect the WiFi router to the WAN via the server. There are three linux commands that do similar things. Which of them do I need? (or which combination)? I'll try (1) route again. Then reset it back to the current state (when it doesn't work), then I'll make a bridge, and then add IPtables to the bridge. If my server locks up, then I'll have to reboot to remove the bridge and get things back to the current config. – GrandSatrap Oct 08 '14 at 21:35
  • It is possible to do with use of routing table/NAT and no need of bridging. I will give the proper commands and once i tested. – Gopi Krishna M May 05 '15 at 06:53

2 Answers2

4

Bridging is for adding/combining segments to a network. When you bridge two network interfaces, what you are doing is allowing network broadcasts to reach all of the nodes. Bridging would not apply to what you are trying to do.

For the router to function, here is a basic reference:

check ip forwarding status for routing:
sysctl net.ipv4.ip_forward

set (enable) ip forwarding status for routing:
echo 1 > /proc/sys/net/ipv4/ip_forward

unset (disable) ip forwarding status for routing:
echo 0 > /proc/sys/net/ipv4/ip_forward

After you have verified that ip forwarding is enabled, you can use iptables on the public interface, the network interface with the physical internet connection, as a NAT interface.

I won't attempt a comprehensive explanation of NAT here, but this is a basic example:
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth1 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT

you can see the nat like so:
sudo iptables -L -t nat

ChasW
  • 119
0

I think you should use iptables to connect the two interfaces. According to this http://www.linuxforums.org/forum/newbie/186273-iptables-forwarding-vs-ip-route-post877996.html#post877996

The router's gateway should be the 192.168.1.7, to allow ip packets destinated out of the subnet to be sent to eth2. iptables should handles it from there and forwards it to eth1.

Here's an answer to a similar question detailing the iptables forwarding rules. https://serverfault.com/questions/431593/iptables-forwarding-between-two-interface

Marwan Nabil
  • 199