Need help with IPTables, (double?) NAT, and network bridging
Posted on 2004-10-25
To start, here's some ASCII-Art of my current network setup.
Internet <---> DSL Modem <---> 192.168.1.2 <---> Switch <---> 192.168.1.3 <--- wireless ---> 18.104.22.168/16
| ---192.168.1.100 (Me)
------192.168.1.1xx (Other housemates)
192.168.1.2 is a linux box running iptables and acting as a gateway for the rest of the LAN to have internet access. This works fine.
192.168.1.3 is a linux box running iptables. It has a wireless connection to my university.
192.168.1.100 is my computer (Windows XP Pro)
Here's the current situation:
I am a computer science student, so I spend a lot of time SSHing into my university's network to work on projects for various classes. My DSL connection is not fast enough to provide me with decent latency, so SSH is a pain to use.
Here's what I want:
192.168.1.3 has a wireless card and a high-gain antenna. It can connect to an access point at my university from my apartment across the street. I want to somehow configure 192.168.1.3 and 192.168.1.2 so that any requests from 192.168.1.100 (and anyone else on the LAN) for any address in the university's range (22.214.171.124/16) will go over the wireless connection instead of the internet.
Here's where I'm stuck:
192.168.1.2 is set up as a router, and any machine on the network can access the internet through it, since the DHCP server sets the default route on each computer to 192.168.1.2. If I manually add a route to my machine so that requests for 126.96.36.199/16 go to 192.168.1.3 instead, everything works fine, but for my machine only. I don't want to have to do it this way, though, since this would require me to manually set up routes for all my housemates, and besides, it strikes me as a pretty ugly solution. If I set up a route on the router (192.168.1.2) for 188.8.131.52/16, then the router can access the university via wireless, but the rest of the network loses access to the university entirely, which strikes my housemates as a bad solution. I'm sure there's a way to set up iptables to handle this, but I'm not very familiar with it, and the documentation has been somewhat less than helpful.
I'm told that if I put the wireless card in the router instead of a separate machine, the problem becomes much easier. Unfortunately, this is not an option, as I get no wireless signal at all in the room where the router is located.