I am trying to set up IP forwarding, but cannot achieve it. Maybe somebody can help. Here is the configuration I have.
There are two computers - Master and Slave. Master has two network cards. The gateway (router) has LAN IP address 192.168.1.1. All network masks are set to 255.255.255.0. I don’t use IPv6. The setting in /etc/sysctl.conf is made:
net.ipv4.ip_forward = 1
The computer called Master is going to do the IP forwarding. It has two network interfaces.
Interface wlan0 is the one connected to the router. It has address 192.168.1.160. The Master computer connects to Internet correctly.
Interface eth0 is connected to Slave via Ethernet cable. This interface of Master has IP address 192.168.3.1.
IP forwarding is enabled in Master via Yast’s network configuration.
The computer called Slave is connected to Master only. It has one network interface. The IP is set fixed to 192.168.3.20. Default gateway is set to 192.168.3.1.
In this configuration, there is no Internet connection in Slave. I cannot ping to any hosts besides self, 192.168.3.20 and 192.168.1.160. Ping to 192.168.1.1 does not go through.
I have tried to set the gateway of Slave to 192.168.1.1, but nothing changed. I have also attempted to set IP forwarding in Slave, configured the network of Slave via DHCP, and changed a few other settings, but didn’t achieve IP forwarding.
Thank you, that worked remarkably well. I added a route in internet gateway: to 192.168.3.0 via gateway 192.168.1.160.
But this involves making changes in internet gateway.
Can I avoid changing anything in the internet gateway by assigning IP address to Slave belonging to LAN of internet gateway and/or Master, for example 192.168.1.40 ? My first run fails; I cannot ping even to 192.168.1.1 (internet gateway). Here are the settings.
IP of Slave is 192.168.1.40
Default gateway of Slave is 192.168.1.30
IP of Master’s eth0 is 192.168.1.30
In Master, a route to 192.168.1.40/32 is added via gateway 192.168.1.30.
Pings from Master to Slave and in vice versa go through.
Again, how should the internet router know that 192.168.1.40 can be reached via the master host (also acting as a router here) without a static route provided?
Indeed, without declaring a route in the internet router, I couldn’t achieve connection to/from Slave.
But isn’t the following true about using only 192.168.1.x/24 addresses?
The internet router shall forward traffic to 192.168.1.160 (Master computer), because Master’s wlan1 interface is configured so. (I tested ping from within internet gateway to 192.168.1.160; obviously, it works.)
The Master computer shall forward traffic from its 192.168.1.160 interface to its 192.168.1.30 interface, because it has IP forwarding enabled. (I tested ping from within internet gateway to 192.168.1.30; it works).
The interface 192.168.1.30 acts as gateway. It shall forward traffic to the host connected to it - 192.168.1.40. (No ping works to 192.168.1.40.)
My goal is to set up IP forwarding without making any changes in internet gateway (like adding routes in it), after it is configured to work with Master only. To the internet gateway, I can connect nothing but the Master, not even a switch. In my current configuration, I have the devices connected in series:
You’re missing that the internet gateway is not directly connected to the slave, so an explicit route is needed to direct it towards the intermediate router where the far-end host is connected to.
Take the time to learn some basic routing concepts…
My goal is to set up IP forwarding without making any changes in internet gateway (like adding routes in it), after it is configured to work with Master only. To the internet gateway, I can connect nothing but the Master, not even a switch. In my current configuration, I have the devices connected in series:
It is possible to employ NAT (network address translation) such that packets coming from the slave to the master (and vice versa) have the source and destination IP addresses manipulated so that internet-going traffic appears to be coming from the master (SNAT rule) and incoming traffic is also translated (DNAT rule) such that it is then routed back to the slave. The additional firewall configuration is all done within the master host. (A tedious approach for this situation though.)
Thank you. I understood most of it. I will learn more and perhaps come back later.
My last question: Is it possible to set up NAT, SNAT rule, DNAT rule without dealing with firewall in Master? I have the firewall disabled and don’t want to enable and configure it.
Well, it does not really require firewall. One could simply add boot script (service) that enables masquerading. This is just a single iptables command really.
Well iptables is a means to configure the Linux kernel firewall (not matter how permissive or restrictive). Yes, use of a masquerading table can be employed. It really depends on what the OP is trying to achieve with having one host behind another.