2 internal networks

Hello,

I’ve got an openSUSE 11 box with three ethernet cards. ifconfig output is as follows:

eth0      Link encap:Ethernet  HWaddr 00:30:84:87:A6:1A
          inet addr:192.168.1.64  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1204486 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1128893 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1085581047 (1035.2 Mb)  TX bytes:497473694 (474.4 Mb)
          Interrupt:18 Base address:0xcf00

eth1      Link encap:Ethernet  HWaddr 00:E0:4C:50:28:8D
          inet addr:192.168.15.1  Bcast:192.168.15.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1109913 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1182966 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:485612141 (463.1 Mb)  TX bytes:1079811256 (1029.7 Mb)
          Interrupt:19 Base address:0xee00

eth2      Link encap:Ethernet  HWaddr 00:0B:6A:B2:FC:A2
          inet addr:192.168.25.1  Bcast:192.168.25.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12234 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9708 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:8249811 (7.8 Mb)  TX bytes:3104781 (2.9 Mb)
          Interrupt:17 Base address:0xed00

eth0 is connected to my DSL modem and it’s in the External zone.
eth1 and eth2 are in the Internal zone. I’ve setup forwarding and now the computers behind eth1 and eth2 have internet access.

Problem is - they can’t seem to “see” eachother!

This is from 192.168.15.2:

Z:\>ping 192.168.25.1

Pinging 192.168.25.1 with 32 bytes of data:

Reply from 192.168.25.1: bytes=32 time<1ms TTL=64
Reply from 192.168.25.1: bytes=32 time<1ms TTL=64
Reply from 192.168.25.1: bytes=32 time<1ms TTL=64
Reply from 192.168.25.1: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.25.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Z:\>ping 192.168.25.2

Pinging 192.168.25.2 with 32 bytes of data:

Reply from 192.168.15.1: Destination protocol unreachable.
Reply from 192.168.15.1: Destination protocol unreachable.
Reply from 192.168.15.1: Destination protocol unreachable.
Reply from 192.168.15.1: Destination protocol unreachable.

Ping statistics for 192.168.25.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

What should I do to make the two networks visible to one another?

You need to have IP forwarding enabled in your “hub computer” and also to have the correct routing rules installed, e.g. to get to 192.168.15.0/24, use eth1 and so forth. And of course, your firewall rules should allow the packets through. Since the routing is implicit in the setup of the subnets on the hub computer, that leaves the firewall rules as the place to look.

Personally I think its overkill to use OpenSuse to do this if you really want this to just be a router/firewall. ipcop, smoothwall, or endian firewalls will do the same thing easily.

But whatever - First check if its a routing, firewall, or forwarding issue.

  1. Routing. On your machine 192.168.15.2 - see if it has a route to 192.168.25.0/24. Use “route print” if they are windows machines, “ip route ls” if they are linux

  2. Firewall. type this as root"
    iptables -I FORWARD -p icmp -j ACCEPT
    iptables -t nat "
    That’s going to allow forwarding of all pings and obviously not
    generally a good thing to keep - but it lets to you test this part.

  3. Forwarding. Yast -> Sysconfig -> Network -> General -> Forwarding.