Debian: connect two local networks

1

currently I'm trying to connet two local networks as it seems both networks don't know each other.

Herre is the network setup:

  • My local home network: 192.168.0.0/24 A Rasperry Pi as an Access

  • Point using it's own network (for DHCP functionality, etc): 192.168.1.0/24

Raspberry Pi setup:

  • eth0: not connected
  • wlan0: 192.168.0.117
  • wlan1: 192.168.1.1
  • Ping RasPi 192.168.1.1 to RasPi Client 192.168.1.2 => successful
  • Ping RasPi 192.168.0.117 to PC 192.168.0.120 => successful
  • Ping RasPi 192.168.0.117 to Google (http://www.google.de) => successful

PC setup:

  • RJ45 Connection: 192.168.0.120
  • WiFi: not connected
  • Ping PC 192.168.0.120 to RasPi 192.168.0.117 => successful
  • Ping PC 192.168.0.120 to RasPi 192.168.1.1 => successful
  • Ping PC 192.168.0.120 to Google (http://www.google.de) => successful

Any RasPi Client (for example my iPhone4S, which is supposed to use the RasPi WiFi network) setup: Connected to the RasPi WiFi (192.168.1.0/24):

  • WiFi: 192.168.1.2
  • Ping RasPi Client 192.168.1.2 to PC 192.168.0.120 => not successful (timeout)
  • Ping RasPi Client 192.168.1.2 to RasPi 192.168.0.117 => successful
  • Ping RasPi Client 192.168.1.2 to RasPi 192.168.1.1 => successful
  • Ping RasPi Client 192.168.1.2 to nach Google (http://www.google.de) => not successful (timeout)

Connected to the Routers (Home) WiFi (same network like the PC 192.168.0.0/24)

  • WiFi: 192.168.0.110
  • Ping RasPi Client 192.168.0.110 to PC 192.168.0.120 => successful
  • Ping RasPi Client 192.168.0.110 to RasPi 192.168.0.117 => successful
  • Ping RasPi Client 192.168.0.110 to RasPi 192.168.1.1 => not successful (timeout)
  • Ping RasPi Client 192.168.0.110 to Google (http://www.google.de) => successful

I'd like all devices in both networks to be able to connect to each other. The problem is that my home network router (192.168.0.1) unfortunately has no options in order to route the traffic between the two networks (can handle port forwarding only).

This is why I would like to use the RasPi in order to route the traffic between the two networks as the RasPi is a gateway as well.

This is the iptables setup of the RasPi:

Generated by iptables-save v1.4.14 on Fri Mar 14 23:34:55 2014
*filter
:INPUT ACCEPT [423:33976]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [533:57052]
COMMIT
Completed on Fri Mar 14 23:34:55 2014
Generated by iptables-save v1.4.14 on Fri Mar 14 23:34:55 2014
*nat :PREROUTING ACCEPT [3:96]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0]
-A PREROUTING -i wlan1 -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 22
-A PREROUTING -i wlan1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -i wlan1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040 COMMIT
Completed on Fri Mar 14 23:34:55 2014

When my iPhone is connected to the network 192.168.1.0/24, I'd like to be able to ping my PC in the 192.168.0.0/24 network.

When my iPhone is conected to the network 192.168.0.0/24, I'd like to be able to ping the RasPi in the 192.168.1.0/24 network.

Do you have any idea how to accomplish that?

cheers, Dan

---EDIT 1--- So far the suggestions made didn't work. The only thing I've got working so far is the internet connection for the RasPi client, hence the ping to www.google.de.

I've edited the /etc/network/interfaces file:

auto lo

iface lo inet loopback
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid "abcdef"
wpa-psk "123456789"

allow-hotplug wlan1
iface wlan1 inet static
address 192.168.1.1
netmask 255.255.255.0
subnet 192.168.1.0

up iptables-restore < /etc/iptables.ipv4.nat

post-up route del default gw 192.168.1.1 wlan1
post-up route add default gw 192.168.0.1 wlan0

The routing table looks now like this:

Ziel Router Genmask Flags Metric Ref Use Iface
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 0 0 0 wlan0
192.168.1.0 * 255.255.255.0 U 0 0 0 wlan1

As the internet is working with this solution, all I need is a connection between the two subnets. From the 192.168.1.0/24 network I'm still not able to reach the 192.168.0.0/24 network, just the internet via the gateway 192.168.1.1.

---EDIT 1---
---EDIT 2---
I've removed now the following lines from /etc/network/interfaces:

post-up route del default gw 192.168.1.1 wlan1
post-up route add default gw 192.168.0.1 wlan0

Therefore I've added the iptable rules mentioned from Lawrence. My iptable looks like this:

Generated by iptables-save v1.4.14 on Mon Apr 7 17:51:30 2014
*nat
:PREROUTING ACCEPT [39:1816]
:INPUT ACCEPT [1:384]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i wlan1 -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 22
-A PREROUTING -i wlan1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -i wlan1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT
--to-ports 9040
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
Completed on Mon Apr 7 17:51:30 2014
Generated by iptables-save v1.4.14 on Mon Apr 7 17:51:30 2014
*filter
:INPUT ACCEPT [28:3580]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [30:3192]
-A INPUT -i lo -j ACCEPT
-A INPUT -i wlan1 -j ACCEPT
-A FORWARD -i wlan1 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o wlan1 -j ACCEPT
COMMIT
Completed on Mon Apr 7 17:51:30 2014

Note: The three PREROUTING rules are necessary for the TOR proxy thats running on my Pi.

Result: The internet connection works, access from 192.168.1.0/24 to 192.168.0.0/24 still not possible. ---EDIT 2---

---EDIT 3---
I'm using another router now that supports static routes. Good thing is, I can ping all ips now no matter from which network to which. Unfortunately I still cant open any services. So I tried to do some port forwarding in order to fix that as well.

The scenario is:

192.168.1.2 (iPhone) -> 192.168.1.1 (RasPi Wlan1) -- 192.168.0.4 (RasPi Wlan0) -> 192.168.0.2:5901 (NAS)

The NAS has a service running on port 5901 and 80. Let's say I'd like to access the NAS on port 5901 from the iPhone, for that case I've tried the following iptables rule, again with no success:

iptables -A PREROUTING -t nat -i wlan1 -p tcp --dport 5901 -j DNAT --to 192.168.0.2:5901
iptables -A FORWARD -p tcp -d 192.168.0.2 --dport 5901 -j ACCEPT

Any suggestions how to fix that?
---EDIT 3---

Daniel

Posted 2014-03-19T14:23:14.853

Reputation: 111

you can resource your problem using static route – c4f4t0r – 2014-03-19T16:12:40.837

So I would need to execute: route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.1 dev eth0

and

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 dev wlan1

Or would I need to change 192.168.0.1 (gateway) to 192.168.0.117 as this is the ip of the eth0 interface? – None – 2014-03-19T16:32:56.973

route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.1.1 and route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.1 – c4f4t0r – 2014-03-19T17:02:51.717

You won't be able to access devices on 192.168.1.0/24 network from 192.168.0.0/24 network because of the NAT that is running on the Raspberry Pi unless you 'port forward' specific ports to specific hosts. Just thought I'd mention that. Also, I assumine you're running a DHCP server on the Pi ? – Lawrence – 2014-04-07T07:30:59.773

@Lawrence: I've tried to add port forwarding now, unfortunately with no success. Could you pelase help me with the correct rule set? – Daniel – 2014-04-29T19:59:43.897

Answers

0

To use a device (Raspberry Pi for ex) as gateway, you need to "dual-home" the device, ie set it with IPs in both networks, so you'll need to add an IP in the 192.168.1.* network to the RaspberryPi, you can use an eth0:0 alias for this.

Once the Raspberry can communicate with the 192.168.1.* network you add the route ('route add') in all the 192.168.1.* network devices that tell them that the 192.168.0.* network is reached through gateway RaspberryPi and vice-versa.

LinuxDevOps

Posted 2014-03-19T14:23:14.853

Reputation: 101

Hi LinuxDevOps, the two wlan adapters are set up this way: wlan0: 192.168.0.117 wlan1: 192.168.1.1

I've tried to add the route the way c4f4t0r described it above in the /etc/network/interfaces file at the end of the file. Unfortunately it didn't work.

Please have a look at my edited text above for further information. – Daniel – 2014-04-07T05:51:56.663

0

I'm going to assume that you're running a DHCP server on the Pi, and it's listening on wlan1, and that you're using hostapd to broadcast as an access point.
I'm also going to assume that you've setup the Pi to forward packets.

Firstly, I use the following configuration for the interfaces. I don't manually set routes at all.

auto wlan0
iface wlan0 inet dhcp
wpa-ssid "ssid"
wpa-psk "psk" 

auto wlan1
iface wlan1 inet static
address 10.0.0.1
netmask 255.255.255.0

Secondly, I use the following iptables rules to do what you want to do -

iptables -F
iptables -X

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i wlan1 -j ACCEPT
iptables -A OUTPUT -o wlan1 -j ACCEPT

iptables -A POSTROUTING -t nat -o wlan0 -j MASQUERADE
iptables -A FORWARD -i wlan1 -j ACCEPT

That script should allow devices that connect to the Pi's hotspot to connect to devices in the 192.168.0.0/24 network.

That's the setup I had working at home for a while to get devices to connect.

If you want devices that's on the 192.168.0.0/24 network to access devices on the 192.168.1.0/24 network, then the easiest option is to forward ports on the Pi to the client machines on the Pi network, and then access them by accessing the Pi's IP address with a specific port.

Alternatively, you can setup routes on all the client machines on the 192.168.0.0/24 network to access the 192.168.1.0/24 network via the Pi.

Lawrence

Posted 2014-03-19T14:23:14.853

Reputation: 3 807

Your assumptions are right Lawrence. I've added the rules to my iptable (please have a look at Edit2 of my post). I'm able to connect to the internet but not to the 192.168.0.0/24 network. – Daniel – 2014-04-07T16:06:45.500

And the 192.168.0.0/24 network is what wlan0 is connected to ? How is the router setup ? It sounds more like a network configuration issue than something to do with the Pi. – Lawrence – 2014-04-08T03:25:10.197

Exactly, wlan1 is connected to 192.168.1.0/24 and wlan0 is connected to 192.168.0.0/24. The Router is in the 192.168.0.0/24 network (ip: 192.168.0.1) and unfortunately not able to do any network routing, only port-forwarding. Any other suggestions? – Daniel – 2014-04-08T07:53:48.583

Sorry, I meant something's wrong with the network and not with the Pi. Not sure why you can't access the rest of the 192.168.0.0/24 network unless the router is blocking it. If you can access the gateway then you should be able to access the rest of the network. – Lawrence – 2014-04-09T13:04:48.653

Asked: 2014-03-19T14:23:14.853

Viewed: 1 441 times

Active: 2014-04-29T19:57:52.900