From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mike Wright Date: Fri, 24 Mar 2006 16:11:57 +0000 Subject: Re: [LARTC] 2 WAN - 1 LAN - ping and route problem Message-Id: <44241A4D.2060403@mailinator.com> List-Id: References: <1143196274.1612.133.camel@localhost> In-Reply-To: <1143196274.1612.133.camel@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Don Gould wrote: > ClarkConnect Home 3.2 > > eth0 - WAN - inet - ip:192.168.1.2 gw:192.168.1.1 (connected to my > www.woosh.co.nz gatway) > wlan - WAN - private community wireless networt - ip:10.252.16.16 > gw:10.252.16.1 > > eth1 - LAN - ip:192.168.2.1 > > # route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.252.16.1 > > > [root@bowenvale etc]# route > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 10.252.16.0 * 255.255.255.224 U 0 0 0 wlan0 > 192.168.2.0 * 255.255.255.0 U 0 0 0 eth1 > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 > 10.0.0.0 10.252.16.1 255.0.0.0 UG 0 0 0 wlan0 > default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 > [root@bowenvale etc]# > > I can ping 10.252.1.7 from the cc box (which is called 'bowenvale'). > Because you've specifically added a route to that subnet. > I can't get a ping result from any of the machines connected to the > LAN(192.168.2.0/24) > There doesn't appear to be a route to that subnet defined. It should be possible to add that route: "ip route add 192.16.2.0/24 via 192.16.2.1 dev eth1" > I can ping anything on the internet ok (ie where the ip being pinged is > located on the default route). > Good. That works just the way it should work for a simple network with only one NIC with the gateway on the same subnet. > I've had it suggested to me that my problem is that I don't have the NAT > set up correctly to nat WAN-wlan0 --> LAN-eth1 > > I've had a look at the multi-WAN module but that seems to be more for > dealing with two or more wan links where they're both inet. > > I want the 10.0.0.0 network on the WAN side of the network because it's > a public access network, hence needs to be on the other side of my > firewall. > > What am I doing wrong and what should I be doing? > I'm going to take a stab at this. Do you have IP forwarding enabled? This can be accomplished by the following: "echo 1 > /proc/sys/net/ipv4/ip_forward" On some linux systems this can be setup automatically by editing the file "/etc/sysctl.conf" and making this change: "# Controls IP packet forwarding net.ipv4.ip_forward = 1" > Cheers Don Hope that helps, Mike Wright :m) _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc