Unfortunately I have very little practice with routing in linux and also I was not able to properly phrase my issue for a search.
So I will explain the issue here. In the picture below you see the topolgy of my network. The goal is that the client device with the ip 10.0.0.50 can access the target device with the ip 192.168.0.1.
Setting the proper route on the client device is not my goal, because there may be multiple client devices with the need to access 192.168.0.1. Due to the reason that I do not have access to all of the clients it is not the goal to configure them individually to achieve the goal.
So far I tried setting a route on the gateway 10.0.0.1 with route add -net 192.168.0.0/25 gw 10.0.0.99
. The gateway is (should be) properly configured to forward the packages, because I use it as the gateway for the whole network to access the internet. So iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
is set as well as ip forwarding with echo 1 > /proc/sys/net/ipv4/ip_forward
. route
shows the following output on the gateway:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 123.123.123.1 0.0.0.0 UG 202 0 0 eth0
10.0.0.0 * 255.255.255.128 U 0 0 0 br0
123.123.123.2 * 255.255.255.252 U 0 0 0 eth0
192.168.0.0 10.0.0.99 255.255.255.128 UG 0 0 0 br0
The configuration on the server 10.0.0.99 includes the iptable rules for masquerading and the ip forwarding as well. route
shows the following output on the server:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default tower 0.0.0.0 UG 204 0 0 br0
default 192.168.0.1 0.0.0.0 UG 303 0 0 wlan0
10.0.0.0 * 255.255.255.128 U 0 0 0 br0
192.168.0.0 * 255.255.255.128 U 0 0 0 wlan0
With the setup explained above I can ping 192.168.0.1 from the server as well as from the gateway, but the clients are not able to do it. A traceroute to test what is happening gets stuck at the gateway 10.0.0.1 and does not progress any further.
I have also tried to set iptables -A POSTROUTING -t nat -o br0 -j MASQUERADE
on the gateway as well to check if that is the issue, but that rule did not help so I removed it again.
What am I missing here? Please help me out. Thank you very much!
Best Answer
man ip
and read the iproute tutorials).ip route add 192.168.0.0/25 via 10.0.0.99
sysctl -w sys.net.ipv4.conf.br0.send_redirects
.ip route get 192.168.0.1 from 10.0.0.50 iif br0
. The output should be seem likeSNAT/MASQUERADE
rule to make the replies passed through the internet gateway, not directly from the server to the client:sysctl -w sys.net.ipv4.ip_forward=1
ip route add 10.0.0.0/24 via 192.168.0.X
, where192.168.0.X
is address of the server in192.168.0.0/25
subnet) or setup the NAT on the server itself (iptables -t nat -A POSTROUTING -o wlan0 --src 10.0.0.0/24 --dst 192.168.0.1 -j MASQUERADE
).