0

Yes I know again and again ... but I don't see it maybe someone sees my problem. I have to forward a internal Office Network (here 9.0.0.0/24) which is connected to eth1 (9.0.0.5) through the Server with Internet access on (10.0.0.5).

Here is where I started:

/etc/network/interfaces

# INTERNET
auto eth0
iface eth0 inet static          
    address 10.0.0.5            
    netmask 255.255.255.248     # we've got only 5 IPs with Internet connection.
    gateway 10.0.0.1            # the gateway where we get our signal from
    dns-name-servers 1.2.3.4    # DNS-Server

# OFFICE - DNS-Server running on this iface giving IPs of the network 9.0.0.0/24
auto eth1
iface eth1 inet static
    address 9.0.0.5
    netmask 255.255.255.0

route -n

target    Router     Genmask          Flags Metric Ref Use Iface
0.0.0.0   10.0.0.1   0.0.0.0          UG    0      0   0   eth0
9.0.0.0   0.0.0.0    255.255.255.0    U     0      0   0   eth1
10.0.0.0  0.0.0.0    255.255.255.248  U     0      0   0   eth0

Further there is a DHCP-Server running on eth1 with the setup

/etc/dhcp/dhpcd.conf

ddns-update-style none;

option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;

authoritative;

log-facility local7;

### OUR OFFICE NETWORK
subnet 9.0.0.0 netmask 255.255.255.0 {
    range 9.0.0.10 9.0.0.252;
    option subnet-mask 255.255.255.0;
    option routers 10.0.0.5; # <- The servers eth1 IP here?
}

What am I missing?

EDIT: Found out how to add an image ;) I hope this helps understanding My access ends at "My Server"...

derHugo
  • 3,376
  • 5
  • 34
  • 52

1 Answers1

1

Thanks for the image, which makes things clearer.

First, as your clients are in network 9.0.0.0/24, they need to have a default router in the same subnet (they would not know how to reach another subnet), so the DHCP entry should read option routers 9.0.0.5 - the address of 'My Server' in that subnet.

Now they should send packets for any other network (except from 9.0.0.0) to the address 9.0.0.5 in the hope that would know how to route them.

As 'My Server' has a default route to 10.0.0.1, it will pass those packets to 'Gateway' if the destination is outside its direct attached networks. And hopefully 'Gateway' will pass them further, using NAT. Up to now it's OK.

When the target host (say 151.101.65.69) tries to respond, it sends the response to 'Gateway'; this one knows that the request came from say 9.0.0.10. But now there is a problem: 'Gateway' does not have a route to 9.0.0.0/24, and so again passes the packet to its default route (or drops it maybe, as your private network is not routed at all).

If you have no access to change the configuration of 'Gateway', there are two solutions:

  1. If 'Gateway' listens to any sort of router information protocol on the inside, say RIP2, OSPF or BGP, 'My Server' should announce its routing information on the network. How to do that see e.g. Dynamic Routing or How to Turn....
  2. If this does not work, your only chance is to use NAT on 'My Server' instead of routing. This is done by 'masquerad'ing; it is described in How to Turn... as well.
ridgy
  • 2,516