0

I have a two small networks: One is cabled and another is wi-fi and has the internet connection.

The first one is: 10.5.0.0 subnet 255.255.0.0 gateway 10.5.60.1 The second one is: 192.168.0.0 subnet 255.255.255.0 gateway 192.168.0.1

The gateway for the first network is a Ubuntu machine, I configured a NAT so I can access all the computers on the second network.

The gateway for the second network is a TP-LINK wireless router, I configured a static route like this: Destination Network: 10.5.0.0 Subnet Mask: 255.255.0.0 Default Gateway: 192.168.0.1

But in the case using wireless I cannot access on the first network but the gateway 10.5.60.1

From a mac using wireless (address 10.5.60.101) I made a traceroute:

$ traceroute 10.5.60.1
traceroute to 10.5.60.1 (10.5.60.1), 64 hops max, 52 byte packets
 1  192.168.0.1 (192.168.0.1)  4.051 ms  0.901 ms  0.886 ms
 2  10.5.60.1 (10.5.60.1)  2.085 ms  1.911 ms  1.303 ms

$ traceroute 10.5.60.2
traceroute to 10.5.60.2 (10.5.60.2), 64 hops max, 52 byte packets
 1  192.168.0.1 (192.168.0.1)  1.761 ms  1.186 ms  1.050 ms
 2  192.168.0.1 (192.168.0.1)  3177.626 ms !H  3071.109 ms !H  3071.924 ms !H
Improve this question
1
  • What type of NAT did you configure?
    – Werner Henze
    Commented Dec 11, 2014 at 9:00

1 Answer 1

Reset to default
0

If your LAN network is behind a (restricted-cone) NAT, then you cannot access machines in the LAN network from your WiFi network. Restricted-cone NAT hides all individual machines/machine IPs, the whole LAN network is mapped to one external IP (the 192.168.0.x IP of the Ubuntu machine). This allows machine behind a NAT to access machines outside of the NAT, but it prevents machines from outside the NAT to access machines behind the NAT.

It seems what you really want is routing without NAT. But even in this case (or with full-cone NAT) your setup is not correct. If your WiFi-network wants to reach the LAN-network, it should not contact your TP-Link internet router, it must contact the Ubuntu machine that is in both networks. So you must change the route to

Destination Network: 10.5.0.0 Subnet Mask: 255.255.0.0 Default Gateway: 192.168.0.x

where 192.168.0.x is the IP address of the Ubuntu machine.

Improve this answer
4
  • It does hide addresses for outgoing connections, but really there's nothing preventing incoming connections even across NAT as long as they reach the LAN's router somehow. (We had six different buildings' LANs connected that way without even doing anything special, just adding routes.) Of course, it would be best to reconfigure the NAT router to avoid translating local connections (iptables and pfsense both can do that).
    – grawity_u1686
    Commented Dec 11, 2014 at 8:52
  • 1
    @grawity en.wikipedia.org/wiki/Network_address_translation. Only full-cone NAT can do this. The NATs I've seen up to now have been restricted-cone NATs. Nevertheless, I adjusted my answer.
    – Werner Henze
    Commented Dec 11, 2014 at 9:03
  • Ok. I understand. I'll work on full-cone NAT... I have to understand more about this. Thank you very much for the answer.
    – MFDG
    Commented Dec 11, 2014 at 10:20
  • @MFDG: You could just configure it to not NAT local connections; e.g. -A OUTPUT -d 10.0.0.0/8 -j ACCEPT before -A OUTPUT -j MASQUERADE
    – grawity_u1686
    Commented Dec 11, 2014 at 13:36

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .