9

iptables vs bridge-utils vs route

I have two network cards in a Linux server and don't know how to make them communicate. After searching a lot I still don't know which method is the one that should work, nor the implications of using each.

Here is my system.

  cat5 cable   +----------------------------------+ cable
<------------- |  my server                       |<------> WiFi router
router         | eth1               eth2          |         192.168.0.1
& internet     | 10.11.12.13        192.168.7.7   |      gw:192.168.7.7 ?
               | gateway: 10.1.1.1                |  192.168.0.x for WiFi clients

The wifi clients should be able to access the internet and the 10.x.x.x subnet, but the wifi clients cannot be on the 10.x.x.x subnet, they have to have IP addresses in the 192.168.x.x range.

So how do I connect the two networks? Do I use iptables? Do I use the linux "route" command? Do I make a network bridge with bridge-utils?

Also, should the WiFi gateway be 192.168.0.1 or 192.168.7.7 ?

I've plugged the cable from the server to the router into the WAN port.

P.S. I've asked this on StackExchange (i) Networking and (ii) Linux and gotten no answers, (iii) and also tried Reddit.

GrandSatrap
  • 151

2 Answers2

4

Bridging is for adding/combining segments to a network. When you bridge two network interfaces, what you are doing is allowing network broadcasts to reach all of the nodes. Bridging would not apply to what you are trying to do.

For the router to function, here is a basic reference:

check ip forwarding status for routing:
sysctl net.ipv4.ip_forward

set (enable) ip forwarding status for routing:
echo 1 > /proc/sys/net/ipv4/ip_forward

unset (disable) ip forwarding status for routing:
echo 0 > /proc/sys/net/ipv4/ip_forward

After you have verified that ip forwarding is enabled, you can use iptables on the public interface, the network interface with the physical internet connection, as a NAT interface.

I won't attempt a comprehensive explanation of NAT here, but this is a basic example:
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth1 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT

you can see the nat like so:
sudo iptables -L -t nat

ChasW
  • 129
0

I think you should use iptables to connect the two interfaces. According to this http://www.linuxforums.org/forum/newbie/186273-iptables-forwarding-vs-ip-route-post877996.html#post877996

The router's gateway should be the 192.168.1.7, to allow ip packets destinated out of the subnet to be sent to eth2. iptables should handles it from there and forwards it to eth1.

Here's an answer to a similar question detailing the iptables forwarding rules. https://serverfault.com/questions/431593/iptables-forwarding-between-two-interface

Marwan Nabil
  • 299