Need help to make Linux act as router
by sockscap from LinuxQuestions.org on (#6HCZN)
The Linux to act as router has IP address: 192.168.1.83.
1. sudo ifconfig output:
Code:ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.83 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe46:2110 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:46:21:10 txqueuelen 1000 (Ethernet)
RX packets 387 bytes 40493 (40.4 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 75 bytes 10075 (10.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 02. sudo route -n output:
Code:Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 ens33
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ens333. ping command shows that it can reach external host 192.168.86.1 successfully
Code:PING 192.168.86.1 (192.168.86.1) 56(84) bytes of data.
64 bytes from 192.168.86.1: icmp_seq=1 ttl=63 time=7.34 ms4. cat /proc/sys/net/ipv4/ip_forward returns 1, which means ip forwarding is enabled.
5. Add only one iptables rule.
Code:sudo iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ens33 -j SNAT --to-source 192.168.1.836. sudo iptables -L -n output:
Code:Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination7. sudo iptables -t nat -L -n output:
Code:Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.1.0/24 0.0.0.0/0 to:192.168.1.83
Now I configure a Windows PC with the following network settings (use IPv4 only):
IP address: 192.168.1.95
Subnet mask: 255.255.255.0
Default gateway: 192.168.1.83
1. ipconfig /all output:
Code:Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0C-29-8C-01-FF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.95(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.83
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled2. route print output:
Code:IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.83 192.168.1.95 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.95 266
192.168.1.95 255.255.255.255 On-link 192.168.1.95 266
192.168.1.255 255.255.255.255 On-link 192.168.1.95 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.95 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.95 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.83 Default
===========================================================================3. ping 192.168.1.83 works
Code:Pinging 192.168.1.83 with 32 bytes of data:
Reply from 192.168.1.83: bytes=32 time<1ms TTL=644. However, it fails to ping 192.168.86.1
Code:Pinging 192.168.86.1 with 32 bytes of data:
Request timed out.
Request timed out.5. tracert 192.168.86.1 output:
Code:Tracing route to 192.168.86.1 over a maximum of 30 hops
1 <1 ms * 1 ms 192.168.1.83
2 * * * Request timed out.I've spent half day on this but couldn't work it out. What am I missing? Any suggestions are appreciated.
update: I change the iptables rule to the one below, but it still doesn't work.
Code:sudo iptables -t nat -A POSTROUTING -s 192.168.1.95/32 -o ens33 -j SNAT --to-source 192.168.1.83
1. sudo ifconfig output:
Code:ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.83 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe46:2110 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:46:21:10 txqueuelen 1000 (Ethernet)
RX packets 387 bytes 40493 (40.4 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 75 bytes 10075 (10.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 02. sudo route -n output:
Code:Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 ens33
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ens333. ping command shows that it can reach external host 192.168.86.1 successfully
Code:PING 192.168.86.1 (192.168.86.1) 56(84) bytes of data.
64 bytes from 192.168.86.1: icmp_seq=1 ttl=63 time=7.34 ms4. cat /proc/sys/net/ipv4/ip_forward returns 1, which means ip forwarding is enabled.
5. Add only one iptables rule.
Code:sudo iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ens33 -j SNAT --to-source 192.168.1.836. sudo iptables -L -n output:
Code:Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination7. sudo iptables -t nat -L -n output:
Code:Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.1.0/24 0.0.0.0/0 to:192.168.1.83
Now I configure a Windows PC with the following network settings (use IPv4 only):
IP address: 192.168.1.95
Subnet mask: 255.255.255.0
Default gateway: 192.168.1.83
1. ipconfig /all output:
Code:Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0C-29-8C-01-FF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.95(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.83
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled2. route print output:
Code:IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.83 192.168.1.95 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.95 266
192.168.1.95 255.255.255.255 On-link 192.168.1.95 266
192.168.1.255 255.255.255.255 On-link 192.168.1.95 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.95 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.95 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.83 Default
===========================================================================3. ping 192.168.1.83 works
Code:Pinging 192.168.1.83 with 32 bytes of data:
Reply from 192.168.1.83: bytes=32 time<1ms TTL=644. However, it fails to ping 192.168.86.1
Code:Pinging 192.168.86.1 with 32 bytes of data:
Request timed out.
Request timed out.5. tracert 192.168.86.1 output:
Code:Tracing route to 192.168.86.1 over a maximum of 30 hops
1 <1 ms * 1 ms 192.168.1.83
2 * * * Request timed out.I've spent half day on this but couldn't work it out. What am I missing? Any suggestions are appreciated.
update: I change the iptables rule to the one below, but it still doesn't work.
Code:sudo iptables -t nat -A POSTROUTING -s 192.168.1.95/32 -o ens33 -j SNAT --to-source 192.168.1.83