Linux Networking – How to Route Between Two Networks on Linux

linuxnetworkingrouting

I got stuck with one problem I cant find solution. I have linux pc with two NIC. first nic (eth1) is connected to public ip (probably switch or whatever, doesnt really mater) so eth1 is connected to wan and another eth0 that I connected to switch and make it a lan nic.
configuration:

eth1 ip address 88.200.1xx.xxx //xxx's are cuz of security reasons
eth0 ip address 192.168.1.1

wan ——> [eth1 (linux PC) eth0]<—->[switch]<—-> [eth1 (PC1)]

Now I want to connect this two networks, so PC1 can access linux PC and wan. I think I know how to do it but I cant confiugre it right. This is what I tried:

I turend on ip forwarding (for sure)
I set eth1 default gw to the right ip on the wan
I tried to set eth0 default gw to the same ip (but i couldnt)

What or how can I do this, I was trying with linux route command, but I got stuck.
Please help.

Best Answer

If you have 2 NICs on a Linux box, both configured with IP's you don't have to add a route from one network to another. That will be done automatically.

Add a default gateway address on the WAN NIC. Do not do this in the configuration of the LAN NIC.

Then enable forwarding in the kernel:

echo 1 >> /proc/sys/net/ipv4/ip_forward

To make it auto-set this value on boot uncomment this line in/etc/sysctl.conf

#net.ipv4.ip_forward=1

Then set up some rules in iptables to perform the natting and forwarding:

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT

# We allow traffic from the LAN side
iptables -A INPUT -i eth0 -j ACCEPT

######################################################################
#
#                         ROUTING
#
######################################################################

# eth0 is LAN
# eth1 is WAN

# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# fowarding
iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

that should do it.

Related Solutions

Linux – Ping one interface from the other

The simplest solution is to disable reverse path filtering. By default linux filters out packets coming in on an interface which it thinks should have come in on a different interface (because the packet matches the other interface's subnet).

To do this

echo 'net.ipv4.conf.eth0.rp_filter = 0' >> /etc/sysctl.conf
echo 'net.ipv4.conf.eth1.rp_filter = 0' >> /etc/sysctl.conf
echo 'net.ipv4.conf.lo.rp_filter = 0' >> /etc/sysctl.conf
sysctl -p

This adds the setting to the sysctl config file and then reloads the config. You can also temporarily disable the setting by doing echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter.

CentOS, two nics eth0 eth1 with different subnets aren’t reachable outside VLAN/subnet

You need to create a multipath route or active a dynamic routing protocol (ospf, isis).

Mulitpath example:

ip route del default via 192.168.1.1 dev eth0
ip route add default scope global nexthop via 192.168.1.1 dev eth0 weight 1 \
        nexthop via 192.168.2.1 dev eth1 weight 1

Best Answer

Related Solutions

Linux – Ping one interface from the other

CentOS, two nics eth0 eth1 with different subnets aren’t reachable outside VLAN/subnet

Related Topic