Discussion:
virtual router running Debian - add gateway to LAN
motty cruz
2014-02-20 21:03:53 UTC
Permalink
Hi All,

I'm new to this list, I want to thank you all for support in advance.

I have a router running Debian with one interface facing public and 2nd
interface to a LAN 10.5.0.0/24.

I have a 2nd router one interface on 10.5.0.0/24 and 2nd interface facing
another LAN 10.6.0.0/24. So I want 10.5.0.0/24 to be able to access
10.6.0.0/24. I did the following for a temporary work around.

ip route add 10.6.0.0/24 via 10.5.0.6 dev eth0

this works fine but if I log in to another machine in 10.5.0.0/24 network,
I'm unable to access 10.6.0.0/24

can you please help? I have Linux 3.2.0-4-686 Debian 3.2

Thanks in advance!
Vicios
2014-02-20 21:29:08 UTC
Permalink
Post by motty cruz
Hi All,
I'm new to this list, I want to thank you all for support in advance.
I have a router running Debian with one interface facing public and 2nd
interface to a LAN 10.5.0.0/24 <http://10.5.0.0/24>.
I have a 2nd router one interface on 10.5.0.0/24 <http://10.5.0.0/24>
and 2nd interface facing another LAN 10.6.0.0/24 <http://10.6.0.0/24>.
So I want 10.5.0.0/24 <http://10.5.0.0/24> to be able to access
10.6.0.0/24 <http://10.6.0.0/24>. I did the following for a temporary
work around.
ip route add 10.6.0.0/24 <http://10.6.0.0/24> via 10.5.0.6 dev eth0
this works fine but if I log in to another machine in 10.5.0.0/24
<http://10.5.0.0/24> network, I'm unable to access 10.6.0.0/24
<http://10.6.0.0/24>
can you please help? I have Linux 3.2.0-4-686 Debian 3.2
Thanks in advance!
Hi!

What is the default gateway for the network 10.5.X.X? The default
gateway of 10.5.X.X known the route for the 10.6.X.X network?

Some iptables rules are applied? Port forwarding has configured?

Regards. Fernando.
--
To UNSUBSCRIBE, email to debian-firewall-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/***@gmail.com
Vicios
2014-02-20 22:08:07 UTC
Permalink
Thank you for your reply,
default gateway for 10.75.0.0/24 <http://10.75.0.0/24> is 10.75.0.1
if I ran the following command on gateway machine (10.5.0.1)
ip route add 10.6.0.0/24 <http://10.6.0.0/24> via 10.5.0.6 dev eth0
any traffic bound for 10.6.0.0/24 <http://10.6.0.0/24> gets re-directed
to 10.5.0.6, but only that machine. I have not configure iptables or
port forwarding. can you point a direction on how to accomplish that step?
Thanks,
Hi All,
I'm new to this list, I want to thank you all for support in advance.
I have a router running Debian with one interface facing public and 2nd
interface to a LAN 10.5.0.0/24 <http://10.5.0.0/24>
<http://10.5.0.0/24>.
I have a 2nd router one interface on 10.5.0.0/24
<http://10.5.0.0/24> <http://10.5.0.0/24>
and 2nd interface facing another LAN 10.6.0.0/24
<http://10.6.0.0/24> <http://10.6.0.0/24>.
So I want 10.5.0.0/24 <http://10.5.0.0/24> <http://10.5.0.0/24>
to be able to access
10.6.0.0/24 <http://10.6.0.0/24> <http://10.6.0.0/24>. I did the
following for a temporary
work around.
ip route add 10.6.0.0/24 <http://10.6.0.0/24>
<http://10.6.0.0/24> via 10.5.0.6 dev eth0
this works fine but if I log in to another machine in
10.5.0.0/24 <http://10.5.0.0/24>
<http://10.5.0.0/24> network, I'm unable to access 10.6.0.0/24
<http://10.6.0.0/24>
<http://10.6.0.0/24>
can you please help? I have Linux 3.2.0-4-686 Debian 3.2
Thanks in advance!
Hi!
What is the default gateway for the network 10.5.X.X? The default
gateway of 10.5.X.X known the route for the 10.6.X.X network?
Some iptables rules are applied? Port forwarding has configured?
Regards. Fernando.
--
with a subject of "unsubscribe". Trouble? Contact
Hi!

You only need configure port forwarding in the default gateway of
10.5.X.X because it is the bridge between boths networks. Clients of
boths without routes of the other, send thats packets to the default
gateways.

If all is right, both networks are connected and you can use iptables o
whatever to filter any traffic or configure NAT between networks.

You can find a lot of information of port forwarding in google[1], for
example[2]

Regards. Fernando.

1 - https://www.google.es/search?q=port+forwarding
2 - http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/
--
To UNSUBSCRIBE, email to debian-firewall-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/***@gmail.com
motty cruz
2014-02-20 23:23:44 UTC
Permalink
Hi, I apologize, but I don't understand this very well.

If i'm on a Machine with IP 10.5.0.32 and want to sent a packet to
10.6.0.20, I don't want the packet to go out to the public but to 10.5.0.6
because that is my gateway to 10.6.0.0/24.

I am not filtering traffic or do any port forwarding. I want to add a route
to 10.6.0.0/24 on 10.5.0.1 gateway.

my understand was to do something like this:

cat /etc/network/interfaces

iface eth0 inet static
address 10.5.0.1
netmask 255.255.255.0
gateway public IP
up route add -net 10.6.0.0 netmask 255.0.0.0 gw 10.5.0.6 dev eth0


this does not work because then all traffic gets routed to that
interface, 10.5.0.6 including public traffic.


Thanks,
Thank you for your reply,
default gateway for 10.75.0.0/24 <http://10.75.0.0/24> is 10.75.0.1
if I ran the following command on gateway machine (10.5.0.1)
ip route add 10.6.0.0/24 <http://10.6.0.0/24> via 10.5.0.6 dev eth0
any traffic bound for 10.6.0.0/24 <http://10.6.0.0/24> gets re-directed
to 10.5.0.6, but only that machine. I have not configure iptables or
port forwarding. can you point a direction on how to accomplish that step?
Thanks,
Hi All,
I'm new to this list, I want to thank you all for support in advance.
I have a router running Debian with one interface facing public and 2nd
interface to a LAN 10.5.0.0/24 <http://10.5.0.0/24>
<http://10.5.0.0/24>.
I have a 2nd router one interface on 10.5.0.0/24
<http://10.5.0.0/24> <http://10.5.0.0/24>
and 2nd interface facing another LAN 10.6.0.0/24
<http://10.6.0.0/24> <http://10.6.0.0/24>.
So I want 10.5.0.0/24 <http://10.5.0.0/24> <http://10.5.0.0/24>
to be able to access
10.6.0.0/24 <http://10.6.0.0/24> <http://10.6.0.0/24>. I did the
following for a temporary
work around.
ip route add 10.6.0.0/24 <http://10.6.0.0/24>
<http://10.6.0.0/24> via 10.5.0.6 dev eth0
this works fine but if I log in to another machine in
10.5.0.0/24 <http://10.5.0.0/24>
<http://10.5.0.0/24> network, I'm unable to access 10.6.0.0/24
<http://10.6.0.0/24>
<http://10.6.0.0/24>
can you please help? I have Linux 3.2.0-4-686 Debian 3.2
Thanks in advance!
Hi!
What is the default gateway for the network 10.5.X.X? The default
gateway of 10.5.X.X known the route for the 10.6.X.X network?
Some iptables rules are applied? Port forwarding has configured?
Regards. Fernando.
--
with a subject of "unsubscribe". Trouble? Contact
Hi!
You only need configure port forwarding in the default gateway of 10.5.X.X
because it is the bridge between boths networks. Clients of boths without
routes of the other, send thats packets to the default gateways.
If all is right, both networks are connected and you can use iptables o
whatever to filter any traffic or configure NAT between networks.
You can find a lot of information of port forwarding in google[1], for
example[2]
Regards. Fernando.
1 - https://www.google.es/search?q=port+forwarding
2 - http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/
--
with a subject of "unsubscribe". Trouble? Contact
Florian Schmitt
2014-02-20 23:33:22 UTC
Permalink
Hi!
Post by motty cruz
cat /etc/network/interfaces
iface eth0 inet static address 10.5.0.1 netmask 255.255.255.0
gateway public IP up route add -net 10.6.0.0 netmask 255.0.0.0 gw
10.5.0.6 dev eth0
this does not work because then all traffic gets routed to that
interface, 10.5.0.6 including public traffic.
Why are you using netmask 255.0.0.0? This would also include your
10.5.0.0/24 net.


Florian
motty cruz
2014-02-20 23:43:19 UTC
Permalink
my apologies that was a typo. that is not how interfaces files look.

Thanks,
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!
Post by motty cruz
cat /etc/network/interfaces
iface eth0 inet static address 10.5.0.1 netmask 255.255.255.0
gateway public IP up route add -net 10.6.0.0 netmask 255.0.0.0 gw
10.5.0.6 dev eth0
this does not work because then all traffic gets routed to that
interface, 10.5.0.6 including public traffic.
Why are you using netmask 255.0.0.0? This would also include your
10.5.0.0/24 net.
Florian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTBpDCAAoJELr4d5XenOcbGgsIAJixEGtrLe3up1Oq7hlxTETB
TqGuKMp5oP4aAzx4iP1hc6r8V91nKEFM+qKGw5JGiqFsn4M1KgHy84V1KrDFLRCR
YhFR6qWl0XN71lJ4fRBxtHege8mHTFpjoC/a/AxlvSVVZU6nkCWTgNaKTBwz4qcn
XF2XqbfEPPVcKs99xid4pH9btRVcft4tYCzyEocMd/LNcysXKIxipCM1pGDJYz/M
iCbjwhqLE0Y3Pd/hNE/5BymxSz1WGp4KxGkUXKTJOiluYgUeBMrBOStQqVkumWvV
gdrN2YY7OjvxssooX2Wa2aKRh+jPyENhI/fKTslouOUllWBvsoWuvbrw6ttdF0k=
=pWUC
-----END PGP SIGNATURE-----
--
with a subject of "unsubscribe". Trouble? Contact
Florian Schmitt
2014-02-21 00:14:40 UTC
Permalink
Well, I would remove the gateway from eth0 and set it for your public
interface. Btw: Where is your second, public interface in your
/etc/networking/interfaces? What does ip route say about the default
route?

On 10.5.0.1 you should have done a NAT-Configuration like that (eth1
would be the public interface):
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -o eth1 -j MASQUERADE

10.6.0.1 can reach the internet without an own NAT, if it has the
correct default route (gateway 10.5.0.1).
Post by motty cruz
my apologies that was a typo. that is not how interfaces files look.
Thanks,
Hi!
Post by Vicios
Post by motty cruz
cat /etc/network/interfaces
iface eth0 inet static address 10.5.0.1 netmask 255.255.255.0
gateway public IP up route add -net 10.6.0.0 netmask 255.0.0.0 gw
10.5.0.6 dev eth0
this does not work because then all traffic gets routed to that
interface, 10.5.0.6 including public traffic.
Why are you using netmask 255.0.0.0? This would also include your
10.5.0.0/24 net.
Florian
Post by Vicios
--
with a subject of "unsubscribe". Trouble? Contact
Vicios
2014-02-20 23:58:05 UTC
Permalink
Post by motty cruz
Hi, I apologize, but I don't understand this very well.
If i'm on a Machine with IP 10.5.0.32 and want to sent a packet to
10.6.0.20, I don't want the packet to go out to the public but to
10.5.0.6 because that is my gateway to 10.6.0.0/24 <http://10.6.0.0/24>.
I am not filtering traffic or do any port forwarding. I want to add a
route to 10.6.0.0/24 <http://10.6.0.0/24> on 10.5.0.1 gateway.
cat /etc/network/interfaces
iface eth0 inet static
address 10.5.0.1
netmask 255.255.255.0
gateway public IP
up route add -net 10.6.0.0 netmask 255.0.0.0 gw 10.5.0.6 dev eth0
this does not work because then all traffic gets routed to that interface, 10.5.0.6 including public traffic.
Thanks,
Thank you for your reply,
default gateway for 10.75.0.0/24 <http://10.75.0.0/24>
<http://10.75.0.0/24> is 10.75.0.1
if I ran the following command on gateway machine (10.5.0.1)
ip route add 10.6.0.0/24 <http://10.6.0.0/24>
<http://10.6.0.0/24> via 10.5.0.6 dev eth0
any traffic bound for 10.6.0.0/24 <http://10.6.0.0/24>
<http://10.6.0.0/24> gets re-directed
to 10.5.0.6, but only that machine. I have not configure iptables or
port forwarding. can you point a direction on how to accomplish that step?
Thanks,
On Thu, Feb 20, 2014 at 1:29 PM, Vicios
Hi All,
I'm new to this list, I want to thank you all for
support in
advance.
I have a router running Debian with one interface
facing public
and 2nd
interface to a LAN 10.5.0.0/24 <http://10.5.0.0/24>
<http://10.5.0.0/24>
<http://10.5.0.0/24>.
I have a 2nd router one interface on 10.5.0.0/24
<http://10.5.0.0/24>
<http://10.5.0.0/24> <http://10.5.0.0/24>
and 2nd interface facing another LAN 10.6.0.0/24
<http://10.6.0.0/24>
<http://10.6.0.0/24> <http://10.6.0.0/24>.
So I want 10.5.0.0/24 <http://10.5.0.0/24>
<http://10.5.0.0/24> <http://10.5.0.0/24>
to be able to access
10.6.0.0/24 <http://10.6.0.0/24> <http://10.6.0.0/24>
<http://10.6.0.0/24>. I did the
following for a temporary
work around.
ip route add 10.6.0.0/24 <http://10.6.0.0/24>
<http://10.6.0.0/24>
<http://10.6.0.0/24> via 10.5.0.6 dev eth0
this works fine but if I log in to another machine in
10.5.0.0/24 <http://10.5.0.0/24> <http://10.5.0.0/24>
<http://10.5.0.0/24> network, I'm unable to access
10.6.0.0/24 <http://10.6.0.0/24>
<http://10.6.0.0/24>
<http://10.6.0.0/24>
can you please help? I have Linux 3.2.0-4-686 Debian 3.2
Thanks in advance!
Hi!
What is the default gateway for the network 10.5.X.X? The default
gateway of 10.5.X.X known the route for the 10.6.X.X network?
Some iptables rules are applied? Port forwarding has configured?
Regards. Fernando.
--
To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact
Hi!
You only need configure port forwarding in the default gateway of
10.5.X.X because it is the bridge between boths networks. Clients of
boths without routes of the other, send thats packets to the default
gateways.
If all is right, both networks are connected and you can use
iptables o whatever to filter any traffic or configure NAT between
networks.
You can find a lot of information of port forwarding in google[1],
for example[2]
Regards. Fernando.
1 - https://www.google.es/search?__q=port+forwarding
<https://www.google.es/search?q=port+forwarding>
2 -
http://www.ducea.com/2006/08/__01/how-to-enable-ip-__forwarding-in-linux/
<http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/>
--
with a subject of "unsubscribe". Trouble? Contact
Sorry, I don't read well your previous message.

You have this stage?

Router1: ISP + 10.5.0.1/24 <-LAN1-> Router2 10.5.0.6/24 + 10.6.0.1/24
<-LAN2-> ...

and Router2 is Debian?

If yes, in Router2 you need configure port forwarding and if you wont
Internet for 10.6.0.0/24 you need a firewall too like iptables on it.

King regards. Fernando.
--
To UNSUBSCRIBE, email to debian-firewall-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Archive: http://lists.debian.org/***@gmail.com
Loading...