3 -> 1 routing issue












0















I've had this working before, but I can't get it right on a new machine. I have the following setup on a ubuntu install as a router.



 192.168.2.0/24 p34p1 wifi1 -------------|

 192.168.1.0/24 p33p1 wired -------------|------Internet p32p1 

 192.168.3.0/24 p34p1 wifi2 -------------|      192.168.0.0/24


This might look overly complicated but it keeps the kids gaming traffic off my regular network, which can't use it on a console anyway. At present all three segments can talk to the internet, but cannot talk to each other in different segments as required.



routing



 Kernel IP Routing table

 Destination     Gateway       Genmask         Iface

 0.0.0.0         192.168.0.1   0.0.0.0         p32p1

 192.168.0.0     *             255.255.255.0   p32p1

 192.168.0.1     *             255.255.255.255 p32p1

 192.168.1.0     *             255.255.255.0   p33p1

 192.168.2.0     *             255.255.255.0   p34p1

 192.168.3.0     *             255.255.255.0   p35p1


iptables -t nat -v -x -n -L



Chain PREROUTING (policy ACCEPT 998 packets, 64328 bytes)

pkts      bytes target     prot opt in     out     source               destination



Chain INPUT (policy ACCEPT 115 packets, 9157 bytes)

pkts      bytes target     prot opt in     out     source               destination



Chain OUTPUT (policy ACCEPT 30271 packets, 1701429 bytes)

pkts      bytes target     prot opt in     out     source               destination



Chain POSTROUTING (policy ACCEPT 172 packets, 17314 bytes)

pkts      bytes target     prot opt in     out     source               destination

30982  1739286 MASQUERADE  all  --  *      p32p1   0.0.0.0/0            0.0.0.0/0

  102     8264            all  --  *      p33p1   0.0.0.0/0            0.0.0.0/0

   61     7327            all  --  *      p34p1   0.0.0.0/0            0.0.0.0/0

    7     1603            all  --  *      p35p1   0.0.0.0/0            0.0.0.0/0


my iptables rules are turning into mush.



Any Assistance appreciated, thank-you






networking iptables routing







share|improve this question

























  • iptables -L doesn't give us your NAT rules, which we need. Please do sudo iptables -t nat -v -x -n -L and edit your question adding the output. Since your default policy for your FORWARD chain is accept, you don't actually need any of those rules.

    – Doug Smythies
    Feb 4 at 23:10











  • iptables -t nat -v -x -n -L added

    – A.Adverse
    Feb 4 at 23:50











  • I think I found a partial, the networks there, but no gateways. Will look into that next

    – A.Adverse
    Feb 5 at 2:46
















0















I've had this working before, but I can't get it right on a new machine. I have the following setup on a ubuntu install as a router.



 192.168.2.0/24 p34p1 wifi1 -------------|

 192.168.1.0/24 p33p1 wired -------------|------Internet p32p1 

 192.168.3.0/24 p34p1 wifi2 -------------|      192.168.0.0/24


This might look overly complicated but it keeps the kids gaming traffic off my regular network, which can't use it on a console anyway. At present all three segments can talk to the internet, but cannot talk to each other in different segments as required.



routing



 Kernel IP Routing table

 Destination     Gateway       Genmask         Iface

 0.0.0.0         192.168.0.1   0.0.0.0         p32p1

 192.168.0.0     *             255.255.255.0   p32p1

 192.168.0.1     *             255.255.255.255 p32p1

 192.168.1.0     *             255.255.255.0   p33p1

 192.168.2.0     *             255.255.255.0   p34p1

 192.168.3.0     *             255.255.255.0   p35p1


iptables -t nat -v -x -n -L



Chain PREROUTING (policy ACCEPT 998 packets, 64328 bytes)

pkts      bytes target     prot opt in     out     source               destination



Chain INPUT (policy ACCEPT 115 packets, 9157 bytes)

pkts      bytes target     prot opt in     out     source               destination



Chain OUTPUT (policy ACCEPT 30271 packets, 1701429 bytes)

pkts      bytes target     prot opt in     out     source               destination



Chain POSTROUTING (policy ACCEPT 172 packets, 17314 bytes)

pkts      bytes target     prot opt in     out     source               destination

30982  1739286 MASQUERADE  all  --  *      p32p1   0.0.0.0/0            0.0.0.0/0

  102     8264            all  --  *      p33p1   0.0.0.0/0            0.0.0.0/0

   61     7327            all  --  *      p34p1   0.0.0.0/0            0.0.0.0/0

    7     1603            all  --  *      p35p1   0.0.0.0/0            0.0.0.0/0


my iptables rules are turning into mush.



Any Assistance appreciated, thank-you






networking iptables routing







share|improve this question

























  • iptables -L doesn't give us your NAT rules, which we need. Please do sudo iptables -t nat -v -x -n -L and edit your question adding the output. Since your default policy for your FORWARD chain is accept, you don't actually need any of those rules.

    – Doug Smythies
    Feb 4 at 23:10











  • iptables -t nat -v -x -n -L added

    – A.Adverse
    Feb 4 at 23:50











  • I think I found a partial, the networks there, but no gateways. Will look into that next

    – A.Adverse
    Feb 5 at 2:46














0












0








0








I've had this working before, but I can't get it right on a new machine. I have the following setup on a ubuntu install as a router.



 192.168.2.0/24 p34p1 wifi1 -------------|

 192.168.1.0/24 p33p1 wired -------------|------Internet p32p1 

 192.168.3.0/24 p34p1 wifi2 -------------|      192.168.0.0/24


This might look overly complicated but it keeps the kids gaming traffic off my regular network, which can't use it on a console anyway. At present all three segments can talk to the internet, but cannot talk to each other in different segments as required.



routing



 Kernel IP Routing table

 Destination     Gateway       Genmask         Iface

 0.0.0.0         192.168.0.1   0.0.0.0         p32p1

 192.168.0.0     *             255.255.255.0   p32p1

 192.168.0.1     *             255.255.255.255 p32p1

 192.168.1.0     *             255.255.255.0   p33p1

 192.168.2.0     *             255.255.255.0   p34p1

 192.168.3.0     *             255.255.255.0   p35p1


iptables -t nat -v -x -n -L



Chain PREROUTING (policy ACCEPT 998 packets, 64328 bytes)

pkts      bytes target     prot opt in     out     source               destination



Chain INPUT (policy ACCEPT 115 packets, 9157 bytes)

pkts      bytes target     prot opt in     out     source               destination



Chain OUTPUT (policy ACCEPT 30271 packets, 1701429 bytes)

pkts      bytes target     prot opt in     out     source               destination



Chain POSTROUTING (policy ACCEPT 172 packets, 17314 bytes)

pkts      bytes target     prot opt in     out     source               destination

30982  1739286 MASQUERADE  all  --  *      p32p1   0.0.0.0/0            0.0.0.0/0

  102     8264            all  --  *      p33p1   0.0.0.0/0            0.0.0.0/0

   61     7327            all  --  *      p34p1   0.0.0.0/0            0.0.0.0/0

    7     1603            all  --  *      p35p1   0.0.0.0/0            0.0.0.0/0


my iptables rules are turning into mush.



Any Assistance appreciated, thank-you






networking iptables routing







share|improve this question
















I've had this working before, but I can't get it right on a new machine. I have the following setup on a ubuntu install as a router.



 192.168.2.0/24 p34p1 wifi1 -------------|

 192.168.1.0/24 p33p1 wired -------------|------Internet p32p1 

 192.168.3.0/24 p34p1 wifi2 -------------|      192.168.0.0/24


This might look overly complicated but it keeps the kids gaming traffic off my regular network, which can't use it on a console anyway. At present all three segments can talk to the internet, but cannot talk to each other in different segments as required.



routing



 Kernel IP Routing table

 Destination     Gateway       Genmask         Iface

 0.0.0.0         192.168.0.1   0.0.0.0         p32p1

 192.168.0.0     *             255.255.255.0   p32p1

 192.168.0.1     *             255.255.255.255 p32p1

 192.168.1.0     *             255.255.255.0   p33p1

 192.168.2.0     *             255.255.255.0   p34p1

 192.168.3.0     *             255.255.255.0   p35p1


iptables -t nat -v -x -n -L



Chain PREROUTING (policy ACCEPT 998 packets, 64328 bytes)

pkts      bytes target     prot opt in     out     source               destination



Chain INPUT (policy ACCEPT 115 packets, 9157 bytes)

pkts      bytes target     prot opt in     out     source               destination



Chain OUTPUT (policy ACCEPT 30271 packets, 1701429 bytes)

pkts      bytes target     prot opt in     out     source               destination



Chain POSTROUTING (policy ACCEPT 172 packets, 17314 bytes)

pkts      bytes target     prot opt in     out     source               destination

30982  1739286 MASQUERADE  all  --  *      p32p1   0.0.0.0/0            0.0.0.0/0

  102     8264            all  --  *      p33p1   0.0.0.0/0            0.0.0.0/0

   61     7327            all  --  *      p34p1   0.0.0.0/0            0.0.0.0/0

    7     1603            all  --  *      p35p1   0.0.0.0/0            0.0.0.0/0


my iptables rules are turning into mush.



Any Assistance appreciated, thank-you






networking iptables routing




networking iptables routing






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 4 at 23:48







A.Adverse

















asked Feb 4 at 22:38









A.AdverseA.Adverse

438




438













  • iptables -L doesn't give us your NAT rules, which we need. Please do sudo iptables -t nat -v -x -n -L and edit your question adding the output. Since your default policy for your FORWARD chain is accept, you don't actually need any of those rules.

    – Doug Smythies
    Feb 4 at 23:10











  • iptables -t nat -v -x -n -L added

    – A.Adverse
    Feb 4 at 23:50











  • I think I found a partial, the networks there, but no gateways. Will look into that next

    – A.Adverse
    Feb 5 at 2:46



















  • iptables -L doesn't give us your NAT rules, which we need. Please do sudo iptables -t nat -v -x -n -L and edit your question adding the output. Since your default policy for your FORWARD chain is accept, you don't actually need any of those rules.

    – Doug Smythies
    Feb 4 at 23:10











  • iptables -t nat -v -x -n -L added

    – A.Adverse
    Feb 4 at 23:50











  • I think I found a partial, the networks there, but no gateways. Will look into that next

    – A.Adverse
    Feb 5 at 2:46

















iptables -L doesn't give us your NAT rules, which we need. Please do sudo iptables -t nat -v -x -n -L and edit your question adding the output. Since your default policy for your FORWARD chain is accept, you don't actually need any of those rules.

– Doug Smythies
Feb 4 at 23:10





iptables -L doesn't give us your NAT rules, which we need. Please do sudo iptables -t nat -v -x -n -L and edit your question adding the output. Since your default policy for your FORWARD chain is accept, you don't actually need any of those rules.

– Doug Smythies
Feb 4 at 23:10













iptables -t nat -v -x -n -L added

– A.Adverse
Feb 4 at 23:50





iptables -t nat -v -x -n -L added

– A.Adverse
Feb 4 at 23:50













I think I found a partial, the networks there, but no gateways. Will look into that next

– A.Adverse
Feb 5 at 2:46





I think I found a partial, the networks there, but no gateways. Will look into that next

– A.Adverse
Feb 5 at 2:46










1 Answer
1






active

oldest

votes


















0














This missing gateways were the problem to the solution ;) Works much more betterer that way. 



route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1


repeat for each nic



Without the gateway even if it knows the network is there it won't work






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1115662%2f3-1-routing-issue%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    This missing gateways were the problem to the solution ;) Works much more betterer that way. 



    route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1


    repeat for each nic



    Without the gateway even if it knows the network is there it won't work






    share|improve this answer




























      0














      This missing gateways were the problem to the solution ;) Works much more betterer that way. 



      route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1


      repeat for each nic



      Without the gateway even if it knows the network is there it won't work






      share|improve this answer


























        0












        0








        0







        This missing gateways were the problem to the solution ;) Works much more betterer that way. 



        route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1


        repeat for each nic



        Without the gateway even if it knows the network is there it won't work






        share|improve this answer













        This missing gateways were the problem to the solution ;) Works much more betterer that way. 



        route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1


        repeat for each nic



        Without the gateway even if it knows the network is there it won't work







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Feb 5 at 21:29









        A.AdverseA.Adverse

        438




        438






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1115662%2f3-1-routing-issue%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Human spaceflight

            Image
            Human spaceflight From Wikipedia, the free encyclopedia Jump to navigation Jump to search "Space traveler" redirects here. For other uses, see Space traveler (disambiguation). @media all and (max-width:720px){.mw-parser-output .tmulti>.thumbinner{width:100%!important;max-width:none!important}.mw-parser-output .tmulti .tsingle{float:none!important;max-width:none!important;width:100%!important;text-align:center}} Apollo 11 crewmember Buzz Aldrin on the Moon, 1969 International Space Station crewmember Tracy Caldwell Dyson views the Earth, 2010 Space Shuttle Discovery heads into space with a crew aboard, STS-121 in 2006 Inside a space suit on the Canadarm, 1993 Human spaceflight (also referred to as crewed spaceflight or manned spaceflight ) is space travel with a crew or passengers aboard the spacecraft. Spacecraft carrying people may be operated directly, by human crew, or it may be e
            Read more

            Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

            Image
            0 1 What exactly does the error message beginning with E: mean? I assume it has to do with the file structure on Ubuntu-on-Windows, but what exactly? The following package was automatically installed and is no longer required: os-prober Use 'apt-get autoremove' to remove it. The following extra packages will be installed: libxslt1.1 The following NEW packages will be installed: libxslt1.1 xmlstarlet 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 435 kB of archives. After this operation, 1023 kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main libxslt1.1 amd64 1.1.28-2build1 [145 kB] Get:2 http://archive.ubuntu.com/ubuntu/ trusty/universe xmlstarlet amd64 1.5.0-1 [290 kB]
            Read more

            File:DeusFollowingSea.jpg

            Image
            File:DeusFollowingSea.jpg From Wikipedia, the free encyclopedia Jump to navigation Jump to search File File history File usage No higher resolution available. DeusFollowingSea.jpg ‎ (238 × 211 pixels, file size: 12 KB, MIME type: image/jpeg ) Summary [ edit ] Media data and Non-free use rationale Description Cover art of the Deus CD Following Sea Author or copyright owner Deus Source (WP:NFCC#4) rocksucker.co.uk Date of publication 2012 Use in article (WP:NFCC#7) Following Sea Purpose of use in article (WP:NFCC#8) to serve as the primary means of visual identification at the top of the article dedicated to the work in question. Not replaceable with free media because (WP:NFCC#1) n.a. Minimal use (WP:NFCC#3) Low res image used in infobox of the article on the album Respect for commercial opportunities (WP:NFCC#2) n.a. Fair use Fair use of co
            Read more