How can we make our ubuntu server router as gateway mode to router mode?
You'll need to turn on IP forwarding if your static routes are already in place. To do that run sudoedit /etc/sysctl.conf
and look for the following segment:
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
Do as it says and uncomment the second line so it looks like:
net.ipv4.ip_forward=1
Save and exit. Then run sudo sysctl -p /etc/sysctl.conf
to reload the configuration. You might then have to reload the networking stack (sudo restart networking
) but after that your 192.168.7.x machines should be able to reach 192.168.0.*
Related videos on Youtube
ckknight
Updated on September 18, 2022Comments
-
ckknight over 1 year
based on this sample guide link:
http://ubuntulinux.co.in/blog/ubuntu/nat-configuration-with-iptables-in-ubuntu/with this code:
iptables –append FORWARD –in-interface eth1 -j ACCEPT
it means that "All PC’s on the private office network should set their “gateway” to be the local private network IP address of the Linux gateway computer."
How can we make our ubuntu server router gateway mode to router mode? In order our private networks is visible from other networks or different subnet.
Scenario:
+---+ eth1-*.1.2| S | +----------+ *1.1router===switch=========| | | |------PC1 || | / |private net| switch |------PC2 || | |===========| |------PC3 || | R |eth0-*.0.1 +----------+ || +---+ *.1.3 Router || || *.7.1 other network
S/R: Server as Router
192.168.x.x
eth1: connection from the internet/other network
eth0: internal/private network
PC1,PC2,PC3: w/ ip add .0.x-
Oli over 10 yearsI don't understand the question "How can we make our ubuntu server router gateway mode to router mode?" Could you clarify it by explaining what you're trying to achieve?
-
Oli over 10 yearsAre you talking about port forwarding?
-
ckknight over 10 yearsHi @Oli, thanks for you immediate response. What I am trying is to make my private network visible to other network. e.g. my private network had a 192.168.0.0/24 and other network has a 192.168.7.0/24. How can we connect .7.x to .0.x?
-
Oli over 10 yearsThis might be relevant: askubuntu.com/questions/168033/how-to-set-routes
-
ckknight over 10 years@Oli I edited my question for more details. I add figure.
-
moon.musick over 10 yearsI think the author of the question has a Ubuntu Server machine set as a gateway with masquerade and is interested in both masquerade at the WAN interface and simple non-NAT routing for other interfaces interconnecting LANs. Guessing a bit though.
-
Oli over 10 yearsWell you either need to configure the first-line router to route this traffic and that's probably the best way of handling it, or you add static routes at each of the secondary network routers. On the Ubuntu server
ip route 192.168.7.0 255.255.255.0 192.168.1.1
- but again, if the head router isn't configured to allow that routing, it won't go. -
moon.musick over 10 yearsOk, I put back my previous comment. It depends on the configurable options of the 'router' box - if it is a simple NAT-ting consumer-grade router, you might not be able to configure the static path to the x.x.7.0 network. If it is something more advanced, just set the routing there - your Ubuntu box in this case does not matter that much (I suppose it has forwarding enabled already, if it works at all in this setup). If the 'router' already lets both x.x.7.0 and x.x.1.0 reach the Internet, then you might be in luck, as most consumer routers do not support such behavior.
-
moon.musick over 10 years@ckknight what is that 'router' device specifically?
-
ckknight over 10 years@Oli I already static route it... but why .7.x can't ping the private network hosts (PC1,PC2,PC3)? though it can ping the ip add of eth1 and eth0 but not the hosts connected to eth0.
-
ckknight over 10 years@moon.musick, Sorry my figure before is not right... now the figure is corrected.
-
-
moon.musick over 10 yearsIt is possible that if the OP actually run through the steps of the tutorial and enabled masquerade, it has to be turned off if the hosts from x.x.7.0 network are to be able to reach those in x.x.0.0 network.
-
ckknight over 10 years@moon.musick : do i have to disable or flush the nat masquerade on my iptables?
-
moon.musick over 10 years@ckknight I guess that if you have masquerade configured for hosts in x.x.0.0 network and don't have any specific rules allowing direct connection to those hosts from outside (that is, from hosts behind eth1), then yes, you might have to disable masquerading. Try and see, if it does not work, the problem is elsewhere.
-
ckknight over 10 years@moon.musick : yes, it works! thank you so much, guys.
-
ckknight over 10 yearsThe problem found. If we disable the masquerading, it can ping(visible) the hosts (PC1,PC2,PC3) from *.7.x networks but the host can't remote/connect to *.7.x. However, when we enable the the masquerade we can connect to *.7.x but *.7.x can't be ping(invisible). Any idea of what/why is this happened?