[LARTC] 2 WAN - 1 LAN - ping and route problem

[LARTC] 2 WAN - 1 LAN - ping and route problem

[Don Gould]

ClarkConnect Home 3.2

eth0 - WAN - inet - ip:192.168.1.2 gw:192.168.1.1 (connected to my
www.woosh.co.nz gatway)
wlan - WAN - private community wireless networt - ip:10.252.16.16
gw:10.252.16.1

eth1 - LAN - ip:192.168.2.1 

# route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.252.16.1


[root@bowenvale etc]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.252.16.0 * 255.255.255.224 U 0 0 0 wlan0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
10.0.0.0 10.252.16.1 255.0.0.0 UG 0 0 0 wlan0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
[root@bowenvale etc]#

I can ping 10.252.1.7 from the cc box (which is called 'bowenvale').

I can't get a ping result from any of the machines connected to the
LAN(192.168.2.0/24)

I can ping anything on the internet ok (ie where the ip being pinged is
located on the default route).

I've had it suggested to me that my problem is that I don't have the NAT
set up correctly to nat WAN-wlan0 --> LAN-eth1

I've had a look at the multi-WAN module but that seems to be more for
dealing with two or more wan links where they're both inet.

I want the 10.0.0.0 network on the WAN side of the network because it's
a public access network, hence needs to be on the other side of my
firewall.

What am I doing wrong and what should I be doing?

Cheers Don
-- 
Don Gould


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] 2 WAN - 1 LAN - ping and route problem

[Mike Wright]

Don Gould wrote:
> ClarkConnect Home 3.2
> 
> eth0 - WAN - inet - ip:192.168.1.2 gw:192.168.1.1 (connected to my
> www.woosh.co.nz gatway)
> wlan - WAN - private community wireless networt - ip:10.252.16.16
> gw:10.252.16.1
> 
> eth1 - LAN - ip:192.168.2.1 
> 
> # route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.252.16.1
> 
> 
> [root@bowenvale etc]# route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 10.252.16.0 * 255.255.255.224 U 0 0 0 wlan0
> 192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
> 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
> 10.0.0.0 10.252.16.1 255.0.0.0 UG 0 0 0 wlan0
> default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
> [root@bowenvale etc]#
> 
> I can ping 10.252.1.7 from the cc box (which is called 'bowenvale').
> 

Because you've specifically added a route to that subnet.

> I can't get a ping result from any of the machines connected to the
> LAN(192.168.2.0/24)
> 

There doesn't appear to be a route to that subnet defined.  It should be 
possible to add that route:

     "ip route add 192.16.2.0/24 via 192.16.2.1 dev eth1"

> I can ping anything on the internet ok (ie where the ip being pinged is
> located on the default route).
> 

Good.  That works just the way it should work for a simple network with 
only one NIC with the gateway on the same subnet.

> I've had it suggested to me that my problem is that I don't have the NAT
> set up correctly to nat WAN-wlan0 --> LAN-eth1
> 
> I've had a look at the multi-WAN module but that seems to be more for
> dealing with two or more wan links where they're both inet.
> 
> I want the 10.0.0.0 network on the WAN side of the network because it's
> a public access network, hence needs to be on the other side of my
> firewall.
> 
> What am I doing wrong and what should I be doing?
> 

I'm going to take a stab at this.  Do you have IP forwarding enabled? 
This can be accomplished by the following:

     "echo 1 > /proc/sys/net/ipv4/ip_forward"

On some linux systems this can be setup automatically by editing the 
file "/etc/sysctl.conf" and making this change:

     "# Controls IP packet forwarding
      net.ipv4.ip_forward = 1"

> Cheers Don

Hope that helps,
Mike Wright :m)
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc