I am having trouble routing traffic between 2 subnets. With my current setup I can ping hosts on both subnets from my Rasbperry Pi but can't ping hosts from one subnet to another (timeout).
Basically, I would like hosts from one subnet to have access to hosts on the other subnet. My plan was to configure my Raspberry Pi to handle nearly all routing between subnets, since each subnet is behind its own basic household router which does not support static routing. I would then add a route on each host to the opposite subnet via its RPi 'gateway' interface.
Here is my current setup:
LAN A <—> Router A <—> RPi <—> Router B <—> LAN B
LAN A
Network: 192.168.0.0/24
Gateway: 192.168.0.1
LAN B
Network: 192.168.1.0/24
Gateway: 192.168.1.1
RPi
OS: Raspbian
eth0: 192.168.0.4
eth1: 192.168.1.4
RPi interface config:
# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.0.4
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1
# The USB-Ethernet interface 1
allow-hotplug eth1
iface eth1 inet static
address 192.168.1.4
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
RPi routes:
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
192.168.0.0 192.168.0.1 255.255.255.0 UG 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
RPi firewall rules:
# iptables -t nat -n -L -v
Chain PREROUTING (policy ACCEPT 2711 packets, 147K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 33 packets, 5204 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 97 packets, 7344 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 97 packets, 7344 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * eth0 192.168.0.0/24 192.168.1.0/24
0 0 MASQUERADE all -- * eth1 192.168.1.0/24 192.168.0.0/24
Host 192.168.0.3 (WIN 10) route:
>route PRINT
===========================================================================
Interface List
...
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 281
...
192.168.1.0 255.255.255.0 192.168.0.4 192.168.0.3 26
...
===========================================================================
...
Currently, this is what happens when I ping the opposite subnet's gateway from host 192.168.0.3:
>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss).
Looking at my setup, you could probably say I have taken the shotgun approach, but sadly it hasn't worked out. Could I please find out what else I might need to configure, or where I have gone wrong? Let me know if I need to provide any more information.
Many thanks in advance. 🙂
Best Answer
The full context of the setup is that we have 2 apartments with their own Internet connection and LAN which we have joined together using a RPi via jumper cabling in the garage. The whole point of this exercise was so that I can administer the upstairs apartment's NAS without having the network traffic leave the building (which would also make sharing data a LOT faster), and also retain each apt's Internet/network setup so that they may continue working in case the RPi goes down. Since the commodity routers in each apartment are so lacking in options and features, I was willing to compromise by manually adding routes to the hosts that I would do the administration from on my subnet.
It's true that I need to get a better understanding of networking, and I am continually in the process of doing so as an IT professional. I spoke with a colleague today about my issue and it turns out I didn't need to add any routes, I just needed to change the firewall rules to use SNAT instead of MASQUERADE and the subnets started talking to each other (I did also need to allow IPv4 forwarding as Paul suggested, thanks!):
Full iptables list:
As you can see, now the traffic is staying inside the building when testing from host 192.168.0.3:
Many thanks for your comments.