Connecting two private networks

Hi

I am have a two boxes connected together with a 1Gbps ethernet
crossover link. One of the boxes is on a wireless network. I'm trying
to get routing set up so I can use the wireless network from the box
which doesn't have the card in it...

My network is set up as follows:
- cable modem is connected to a D-Link wireless router/switch
(192.168.0.1)
- Linux box (FC4) has a D-Link wireless card in it (192.168.0.102),
using madwifi & wpa_supplicant, and a 1GBps ethernet card (eth0,
192.168.39.1)
- Windows box has a 1GBps ethernet card (192.168.39.120)

What I would like to do is something like this (is this possible?):
- configure the Linux box to advertise via ARP both its IP & the
Windows box's IP for its wireless MAC address
- route the packets it receives for the Window's box's IP through its
ethernet interface to the windows box.

I have the routing set up, but how do I do the ARP stuff?

I have also thought about using bridge-utils/ebtables, but I'd rather
not use bridging unless I have to...

Many thanks

Simon

> What I would like to do is something like this (is this possible?):
> - configure the Linux box to advertise via ARP both its IP & the
> Windows box's IP for its wireless MAC address
> - route the packets it receives for the Window's box's IP through its
> ethernet interface to the windows box.
>
> I have the routing set up, but how do I do the ARP stuff?
>
> I have also thought about using bridge-utils/ebtables, but I'd rather
> not use bridging unless I have to...

You could get the Linux box to proxy arp (in 2.4 kernels it's a setting
in /proc/sys, haven't looked at 2.6) but
1) how does the router know to send 192.168.39 traffic back? (I've had
one that would do this automagically, and one that wouldn't)
2) why not just configure NAT?

Thanks for your response,

Allen McIntosh wrote:
[snip]
> You could get the Linux box to proxy arp (in 2.4 kernels it's a setting
> in /proc/sys, haven't looked at 2.6) but
> 1) how does the router know to send 192.168.39 traffic back? (I've had
> one that would do this automagically, and one that wouldn't)
I don't know whether it will or won't... I'm hoping

> 2) why not just configure NAT?
Well, I could do that. I was wondering if there was an alternative...
(Its been a couple of years since I last seriously touched iptables,
and I'm not rushing to play with it again

Cheers
Simon

"Simon Kissane" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Thanks for your response,
>
> Allen McIntosh wrote:
> [snip]
>> You could get the Linux box to proxy arp (in 2.4 kernels it's a setting
>> in /proc/sys, haven't looked at 2.6) but
>> 1) how does the router know to send 192.168.39 traffic back? (I've had
>> one that would do this automagically, and one that wouldn't)
> I don't know whether it will or won't... I'm hoping
>
>> 2) why not just configure NAT?
> Well, I could do that. I was wondering if there was an alternative...
> (Its been a couple of years since I last seriously touched iptables,
> and I'm not rushing to play with it again
>
> Cheers
> Simon
>

Simon,

Machine "A" has Internet access, and also a private LAN.
Machine "B" has only private LAN.

Machine "A" can provide NAT for all the machines on the private
LAN by doing doing something like:

------------------------------------------
LOCALNETWORK="10.0.100.0/24"
EXTINT="eth1" #The external interface
INTINT="eth0" #The internal interface
PUBLICPORTS="1056:65535"

#
# Allow forwarding from inside to out and vice versa
#
/sbin/iptables -A FORWARD -i $INTINT -s $LOCALNETWORK -j ACCEPT
/sbin/iptables -A FORWARD -o $INTINT -d $LOCALNETWORK -j ACCEPT

/sbin/iptables -t nat -A POSTROUTING -o $EXTINT -s $LOCALNETWORK \
-j MASQUERADE
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -i lo -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o lo -j ACCEPT
/sbin/iptables -t nat -A OUTPUT -o lo -j ACCEPT

/sbin/iptables -A INPUT -i $INTINT -s $LOCALNETWORK -j ACCEPT
/sbin/iptables -A OUTPUT -o $INTINT -d $LOCALNETWORK -j ACCEPT

/sbin/iptables -t nat -A OUTPUT -s $LOCALNETWORK -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o $INTINT -s $LOCALNETWORK \
-j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o lo -s $LOCALNETWORK \
-j ACCEPT
/sbin/iptables -t nat -A PREROUTING -s $LOCALNETWORK -j ACCEPT

/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

/sbin/iptables -A INPUT -i $EXTINT -p TCP ! --syn --sport $PUBLICPORTS \
--dport $PUBLICPORTS -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -o $EXTINT -p TCP --sport $PUBLICPORTS \
--dport $PUBLICPORTS -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -t nat -A OUTPUT -o $EXTINT -p TCP --sport $PUBLICPORTS \
--dport $PUBLICPORTS -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o $EXTINT -p TCP --sport $PUBLICPORTS
\
--dport $PUBLICPORTS -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o lo -p TCP --sport $PUBLICPORTS \
--dport $PUBLICPORTS -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward
------------

Enjoy
Postmaster

Allen McIntosh wrote:
[snip]
> You could get the Linux box to proxy arp (in 2.4 kernels it's a setting
> in /proc/sys, haven't looked at 2.6) but
> 1) how does the router know to send 192.168.39 traffic back? (I've had
> one that would do this automagically, and one that wouldn't)
> 2) why not just configure NAT?

I got proxy arp to work by doing the following:
sysctl -w 'net.ipv4.conf.ath0.proxy_arp=1'
sysctl -w 'net.ipv4.ip_forward=1'
ip neigh add proxy 192.168.39.120 dev ath0

unfortunately, you were right, my router only recognises the
192.168.0.* subnet as being on the private side, and nothing I can do
will change it... maybe i'll just have to use NAT after all.

Simon Kissane wrote:

> What I would like to do is something like this (is this possible?):
> - configure the Linux box to advertise via ARP both its IP & the
> Windows box's IP for its wireless MAC address
> - route the packets it receives for the Window's box's IP through its
> ethernet interface to the windows box.
>
> I have the routing set up, but how do I do the ARP stuff?

Make sure you have enabled routing on the Linux box?
http://www.yolinux.com/TUTORIALS/Lin...tml#FORWARDING


>