Bridge two subnets under Linux

Hey there, i would like to know how do i bridge two subnets under Linux. Here is what i want to do:

192.168.0.x <--machine with 2 NICs--> 192.168.1.x

I want that 192.168.1.23 can ping 192.168.0.5 and vice-versa. Right now, i'm doing NAT from 192.168.1.x ---> 192.168.0.x. But with this setup, the 192.168.0 subnets can't access 192.168.1..

I tried to do echo 1 > /proc/sys/ipv4/ip_forward, but it seem to do nothing :-)

Here is my actual setup:

       Internet
          |
          |
      firewall (Doing NAT with iptables)
          |
          | subnet 192.168.0.x
          |
   Internet Server (Doing NAT with ipchains)
          |
          | subnet 192.168.1.x
          |
   XTerminal Server
          |
          | subnet 192.168.2.x
          |
      Xterminals (about 40 machines)

Ok, ok, i know, it's lame, but i'm out of switch!

Thanks for you help






bomekAsked:
Who is Participating?
 
jlevieCommented:
Yeah, that's a bit of  a mess. Take down ipchains on the "Internet server" and make sure that box has routing enabled and that its default route point to the firewall. On the firewall add routes to the interior networks pointing to the Internet server:

 route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.?
 route add 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.?
   (where "?" is the IP of the internet server)

Make sure that the the interior network nodes have their default gateway pointing to the next hop, i.e., on the .1 network the defualt gateway should point to the Internet server's 192.168.1.0 IP.
0
 
bomekAuthor Commented:
Ok, thx, i did that on the firewall (192.168.0.1):

/sbin/route add 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3
route: netmask 000000ff doesn't make sense with host route

The firewall have absolutly no clue about the 192.168.1 subnet.

Routing table of the firewall:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth1
132.215.56.214  0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
132.215.56.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         132.215.56.1    0.0.0.0         UG    0      0        0 eth0

Routing table of the internet server (192.168.0.3) (sorry for the french...)
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth1

On the Xterminal server, the default route is 192.168.1.1. (ssh seem to have crashed on the xterm server... grrr)

Forgot to say, every computer (firewall, server, xtermserver) have 2 NICs.

Thanks
0
 
jlevieCommented:
Whoops, my bad... Use "route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3". Why linux can't figure out that we aretrying to route to a network when the netmask is 255.255.255.0 is beyond me... So you have to use the "-net" option.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
bomekAuthor Commented:
Ok, so, i did that:

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.3
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.3

I can't ping 192.168.1.2 (which is the xterm server) but i havent flush ipchains rules. I'll wait tomorrow when i'll be there.

So, usually, i should be able to ping 192.168.1.2 and 192.168.2.x?

thanks
0
 
jlevieCommented:
If the routes are correct on each of the interior routers and each of those has routing enabled and the clients are using the correct default route and there are no firewall rules active on the interior routers, then yes you should be able to ping a node on the 192.168.2.0 network from a node on any of the other private networks (and vice versa).
0
 
bomekAuthor Commented:
It don't seem to work :-P

I even look in a book that say something like you tell me. Anyway, i'll buy an other switch, this gonna solve the problem :-)

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.