Linux route add between static LAN and Wifi Gateway

linux networking gateway routing

23,307

Solution 1

What you want is to share (using masquerading) the internet connection of PC1.

You can find a lot of guides online to do it, but here's a summary:

First of all, flush and delete existing firewall rules:

iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -X

Then, configure iptables for NAT translation:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

To make sure the ip tables are restored at boot, run iptables-save | tee /etc/iptables.sav and edit /etc/rc.local and add the following lines before the "exit 0" line: iptables-restore < /etc/iptables.sav

Enable IP forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

On Ubuntu, you also have to edit /etc/sysctl.conf and uncomment:

 #net.ipv4.ip_forward=1

On PC2, you should also do:

 ip route add default via 192.168.2.1

Solution 2

Your PC1 eth0 interface should not have a gateway defined - this is the same as setting a default route, and so with the addition default route set to be 10.0.0.1 half your packets will go in the wrong direction.

In order for PC1 to act as a router for PC2, you need to enable packet forwarding. This can be enabled as follows:

sudo sysctl -w net.ipvt.ip_forward=1

And to make it survive a reboot, modify /etc/sysctl.conf and add find the line

#net.ipv4.ip_forward=1

and uncomment it (or add it if not present, or change it to 1 if it is present but set to 0)

Finally you will need to modify the wifi gateway at 10.0.0.1 and add a static route, saying the gateway for the 192.168.2.0/24 network is the PC1 IP address in the 10.0.0.0/24 range (I imagine it is probably 10.0.0.2).

Oh, whereever you added

route add -net 192.168.2.0 netmask 255.255.255.0 gw 10.0.0.1

you should remove it - the 192.168.2.0/24 network is not accessed via the wifi router.

23,307

Hamza

Updated on September 18, 2022

Comments

Hamza over 1 year
I have two local machines connected to each other via wired ethernet and one of those machines is also connected to a wifi network which provides internet access.

A pseudo-graphical representation of the topology is as follows:
```
(PC2)----------(PC1)---------(Wifi Gateway)
    192.168.2.x      10.0.0.x
```
The configuration on PC2 is:
```
iface eth0 inet static
address 192.168.2.2
network 192.168.2.0
netmask 255.255.255.0
gateway 192.168.2.1
```
...and the configuration on PC1 is:
```
iface eth0 inet static
address 192.168.2.1
network 192.168.2.0
netmask 255.255.255.0
gateway 192.168.2.1
```
On PC1, I've added a default route for wlan0 as I couldn't access the internet otherwise:
```
route add default gw 10.0.0.1 wlan0
```
And also tried setting the gateway for the 192.168.2.x network using:
```
route add -net 192.168.2.0 netmask 255.255.255.0 gw 10.0.0.1
```
But I still can't access internet from PC2.

Edit

I don't have access to the wifi gateway.
Hamza over 11 years

Thanks for your answer, I should have mentioned that I don't have access to the wifi gateway so I can't add a static route.
Hamza over 11 years

Thanks but I can't seem to get it working. service iptables save returns service not defined (I'm on Debian wheezy) and after reading up on the topic it looks like I will have to save this into a file and load it back via iptables-restore. iptables -L doesn't return the rule even right after adding it.
m4573r over 11 years

For your second point, you want to use iptables -t nat -L.
m4573r over 11 years

As for saving iptables, indeed you could use this: iptables-save | tee /etc/iptables.sav and edit /etc/rc.local and add the following lines before the "exit 0" line: iptables-restore < /etc/iptables.sav