Complicated Network

XTJ7 · 05-15-2004, 04:15 PM

well, i guess it'll be enough to describe only the neccessary parts of the network.
there's a router connected to a dsl modem that shares the internet connection.
also there is a switch connected to the router as this router has not enough ports to serve all pcs. this is no problem so far. every linux and windows pc is protected by a firewall and able to connect to the internet through this router.
now the more compliced part: there are two multimedia-boxes running linux, one connected to the router and one connecting to the second ethernet card in my pc (eth1), where the other ethernet card (eth0) is connected to the switch which is connected to the router.
so far so good, my pc is able to connect with the box as well as with the internet or all the other pcs within the network. unfortunately the box isn't. all network settings are alright, i can connect to the first ethernet card (eth1) but for some reason not even to the second one (eth0). there is no way to even ping the second device (eth0).
i thought this might be done with ip routes so i tried

the relevant parts:
eth0: 192.168.0.40
eth1: 192.168.0.42
second box: 192.168.0.91

ip route add 192.168.0.91 gw 192.168.0.40 dev eth1

this was not working. i tried a few hours, read howtos and manuals but it does not work. the error has certainly to do with my router, if i unplug the cable of eth0 and put it into the box i can connect to the other box and to the internet.
i just want to use eth0 for my pc and to route all traffic that comes from / goes to 192.168.0.91 as if 192.168.0.91 was plugged directly into the switch or the router (doesnt matter).

how do i do that?

thanks in advance.

chort · 05-15-2004, 06:02 PM

Your error is that you have the daisy-chained box on the same subnet as the rest of your boxes--pick a different subnet. On the dual-NIC box, give eth1 an IP of 192.168.1.42. Give the second box 192.168.1.91, the gateway should be 192.168.1.42 (you have to be physically connected to the gateway). Make sure that IP forwarding is turned on with your dual-NIC box.

Now there are two options:
a) setup proxy-arp on eth0 of the dual-NIC box. This is so it will let boxes on 192.168.0.0/24 know about your second box on the 192.168.1.0/24 subnet.

b) setup a static NAT assignment on the dual-NIC box (using iptables) to map 192.168.0.91 (on eth0) to 192.168.1.91 and forward the traffic out eth1. This will also convert traffic coming into eth1 (with IP 192.168.1.91) to 192.168.0.91 as it passes out eth0 to the rest of the network. You will also need to add an IP alias to eth0 of 192.168.0.91.

XTJ7 · 05-16-2004, 04:38 AM

thanks. i had it that way (separated ips on different subnets) and tried to map it a few days ago. unfortunately i did something wrong, although i dont know what.
it was exactly configured as you described it in b).
could you tell me exactly how to set the routing / ip alias / mapping?
in one of those 3 must be my mistake.

XTJ7 · 05-17-2004, 05:07 AM

does really nobody know about that?
i just want to "simulate" the box being plugged into the switch, so that it is available within the network as every other pc/box on the router or switch, too. i don't want to buy a new switch just because there are not enough ports for just this one new box. it is unneccessary for the box to be available if my pc is not running. and as i had one ethernet card that was not in use i plugged it into my pc and just want to route all the traffic from eth1 to eth0 (or so) to make the box available within the lan. if it was just that the box should be able to communicate with my pc that wouldnt be a problem. but it has to be able to communicate with other pcs within the lan as well. how do i do that best?

michaelk · 05-17-2004, 06:43 AM

Did you enable IP forwarding?
echo 1 > /proc/sys/net/ipv4/ip_forward

XTJ7 · 05-17-2004, 06:53 AM

yeah, i did. but that didnt help either. i have to "bridge" the traffic somehow. that can be done with routing, the point is that i dont know how exactly

chort · 05-17-2004, 11:16 AM

I already told you the two ways. Use proxy-arp and act as a router, or static NAT with iptables. It's quite possible and thousands of people have done it. You just have some error in your configuration. You must use static NAT, not dynamic if you go the NAT route rather than proxy-arp.

XTJ7 · 05-17-2004, 03:45 PM

ah, i am very sorry but i did not understand what you were trying to tell me until i read the iptables manual

so if i indeed did understand correctly what you were telling me i should do something like
iptables -A FORWARD -s 192.168.1.91 -d 192.168.0.91 -i eth1 -o eth0

or am i totally wrong?

chort · 05-18-2004, 01:34 AM

No, you need SNAT. You want to SNAT the IP directly, don't specify any ports or protocols, just straight SNAT IP to IP.

XTJ7 · 05-18-2004, 12:48 PM

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 192.168.1.91

but for some strange reason after i did this it happened that the box couldnt communicate with the other box/the internet nor could my pc. this is not what i want, i want my pc as well be able to interact within the network like before.
so are you sure i have to use snat and not dnat instead? or am i getting it totally wrong?

thanks for supporting me although i'm a little stupid with these things!