0

I have two physical networks:

eth0 192.168.0.0/24 with with several PCs and NAT adresss 192.168.0.1 where PPPoE connecting to inet;

eth1 192.168.0.1/24 with several PCs and no internet.

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.0.2
gateway 192.168.0.1
netmask 255.255.255.0

auto eth1
iface eth1 inet static
address 192.168.1.2
netmask 255.255.255.0

up route add -net 192.168.0.0/24 gw 192.168.0.1 dev eth0
up route add -net 192.168.1.0/24 gw 192.168.1.2 dev eth1

and got:

Reconfiguring network interfaces...RTNETLINK answers: File exists
Failed to bring up eth1.

what route I should add and why eth1 failed? What default gateway I should add for 192.168.1.0/24 network? Can anywone help?

Alexander B
  • 1

1 Answers1

0

You should only have 1 gateway as far as I know. All traffic goes to the Internet through that interface.

route add default gw 192.168.0.1 eth0

Should be sufficient.

Although I'm not sure if it's required as you set the gateway in your eth0 config. See what the route command lists before you try adding it, it will probably have a default listed.

Then as long as you have IP forwarding and iptables enabled, all other computers can route through eth0 OK.

NAT setup in Ubuntu

If you require 2 subnets to talk to each other then you should configure iptables to allow that traffic. Omitting one of the lines of the iptables commands should prevent traffic in both directions.

First enable ip forwarding echo "1" > /proc/sys/net/ipv4/ip_forward

Then configure iptables.

sudo iptables -A FORWARD -i eth0 -o eth1 -s 192.168.1.0/24 -d 192.168.0.0/24 -j ACCEPT
sudo iptables -A FORWARD -i eth1 -o eth0 -s 192.168.0.0/24 -d 192.168.1.0/24 -j ACCEPT

To make this permanent do the following.

sudo iptables-save > /etc/iptables.ipv4.nat

add the line up iptables-restore < /etc/iptables.ipv4.nat to the bottom of /etc/network/interfaces

Then edit /etc/sysctl.conf.

net.ip4.ip_forward = 1

You can put the iptables-save file wherever is best for you.

Community
  • 1
Sir_Scofferoff
  • 322
  • Thanks for reply. Yes, the only gatway is 192.168.0.1.

    But I don't need internet in 192.168.1.0/24. Also PCs in 1.0/24 should not see PCs in 0.0/24.

    When I tried to configure network without routes I can't ping anything in 192.168.1.0/24. That's why I think about route add.

     – Alexander B Feb 13 '16 at 18:32
  • Added Subnet routing to the answer. You may need to adjust the iptables commands to suit your required setup. – Sir_Scofferoff Feb 13 '16 at 18:53
  • Thanks a lot for the help. So the whole setup is enable IP forwarfing and drop other traffic between subnets later? For example, if I don't need samba (Windows Networking in my case) block some ports in iptables, right? – Alexander B Feb 13 '16 at 19:02
  • yes, there's far too much you can do with iptables to list here. Samba is best configured to not listen on eth1 if you don't want that network to use it. "interfaces = 127.0.0.1 & bind interfaces only = yes" for e.g. – Sir_Scofferoff Feb 13 '16 at 19:08
  • Hmmm... Still no ping from localhost to 192.168.1.100

    Chain INPUT (policy ACCEPT) target prot opt source destination

    Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 192.168.1.0/24 192.168.0.0/24 ACCEPT all -- 192.168.0.0/24 192.168.1.0/24

    Chain OUTPUT (policy ACCEPT) target prot opt source destination

     – Alexander B Feb 13 '16 at 20:45
  • What I did wrong? In this case ICMP forwarding is allowed or not? – Alexander B Feb 13 '16 at 20:58
  • Might need further routing config, something like iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -I FORWARD -i eth0 -o eth1 -j ACCEPT May or may not work, this is where I start to zone out! :) – Sir_Scofferoff Feb 13 '16 at 23:28
  • Ok, thanks a lot!

    PS: Sorry, it was my IP mistakes. After your instructions ICMP request to 192.168.1.200 (NAS) are going from localhost. I have also changed network mask on PC 192.168.0.5 to 255.255.0.0 and tried to send ICMP to IP adress of eth1 (192.168.1.2). Yeah, they returned from eth1!

    Now looking for good advices with MASQUERADE. Can anyone help?

     – Alexander B Feb 14 '16 at 02:23
  • http://www.iptables.info/en/iptables-targets-and-jumps.html#MASQUERADETARGET - Absolutely everything you need to know about iptables. – Sir_Scofferoff Feb 14 '16 at 11:41