1

I experimented with subnetting in my home network and Raspberry Pi.

The ISP Cable Modem has 4 eth-interfaces and 1 wlan interface which all seem to be switched together. The routers IP is 192.168.0.1 behind the ISPs NAT.

I connected one eth port of the Cable Modem to the raspberries eth port. The raspberry has an additional wlan dongle and sets up an access point via hostapd. The raspberries network config in /etc/network/interfaces:

auto eth0
allow-hotplug eth0
iface eth0 inet static
address 192.168.0.2
netmask 255.255.255.0
gateway 192.168.0.1 
dns-nameservers 8.8.8.8 8.8.4.4

auto wlan0
allow-hotplug wlan0
iface wlan0 inet static 
address 192.168.1.3
netmask 255.255.255.0

Using the iptables command I removed all rules and set the default policy for all chains to be ACCEPTED. IPv4 forwarding is activated and the routing table is:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0

However, the RaspberryPi provides network configurations via ISC-DHCP-SERVER to both subnets. Its configuration is:

subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.10 192.168.0.111;
  option routers 192.168.0.1;
  option rfc3442-classless-static-routes 24, 192, 168, 1, 192, 168, 0, 2;
  option ms-classless-static-routes 24, 192, 168, 1, 192, 168, 0, 2; 
}

subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.10 192.168.1.111;
  option routers 192.168.1.3;
}

So I want issues from the 192.168.0.0/24 network with 192.168.1.0/24 should be routed via 192.168.0.2 (the Raspberries eth-port). All other issues over 192.168.0.1. All issues from 192.168.1.0/24 should go through 192.168.1.3 (the Raspberries wlan-port).

I obtain the following results:

pPinging the two interfaces of the Raspberry from a host in the 192.168.1.0/24 network gives successful answers. Pinging the 192.168.0.1 or another 192.168.0.0/24 address doesn't even give a host unreachable message. Nothing - the packages are lost...

What can I do? What is the problem?

UPDATE:

The routing tables of the pinging machines seem to be okay. I could solve the problem by masquerading the source ip-address from all devices within the 192.168.1.0/24 network:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

But using NAT in order to connect two subnets within the internal network seems to me to be a workaround. The subnets should be available without NAT. May it be that traffic in my internal network is blocked by any of my ISPs upstream routers???

Improve this question
2
  • Troubleshoot. Check the routing tables on the two machines that can't ping each other.
    – David Schwartz
    Commented Aug 25, 2015 at 19:21
  • I once had a cable device (comcast) where disabling intranet ICMP response actually blocked internal pings rather than external. This may have been by design, but the UX wording was wrong in that case. ( dslreports.com/forum/… )
    – Yorik
    Commented Aug 25, 2015 at 20:27

1 Answer 1

Reset to default
0

This looks like a one-way routing issue.

Your routes are all set up correctly, and the packets get to their destination. When the destination attempts to reply, it has no idea how to reach network 192.168.1.0/24. It will send the traffic to its default gateway, which is the ISP router 192.168.0.1.

If you add a route on the ISP router to 192.168.1.0/24 via 192.168.0.2, then it should work properly without NAT.

Update:

If you don't have access to your ISP router, you can simply add a route to 192.168.1.0/24 via 192.168.0.2 on EVERY HOST DEVICE.

OR

In your DHCP scope for the 192.168.0.0/24 network, you can hand out your Pi's address (192.168.0.2) as the router, and it will be the default gateway for all of your clients instead of the ISP router. Then you will be able to route between both networks, and the Pi will simply forward clients' Internet traffic to 192.168.0.1. It seems "more efficient" that client Internet traffic go directly to 192.168.0.1 instead of making a stop at 192.168.0.2, but if you want to control the routing you would have to do this.

Improve this answer
3
  • Thanks for your answer. Unfortunately that is the point: I can't set up routes on my ISPs router and have to trust it finds the right routes. I am able to change the routers internal IP address but there is no option to manipulate the routing table (router model: thomson twg870) - the manual doesn't give any information about this and the webinterface provides no options. That's a pitty! I think my remaining options are: "ask your cable operator" or "use NAT"...
    – fragwürdig
    Commented Aug 25, 2015 at 22:24
  • The first provided option is what I already tried to do with the "option classless-static-route" in my dhcp configuration for the 192.168.0.0/24 scope (pushing static routes to the clients). The other option you provided sounds also well and I think I will give it a try.But one more question: When I would like to ping 192.168.0.1 from 192.168.1.0/24 network I will still get no answer (much less pinging a host beyond my ISP router), is that right? Because the router itself still does not know how to route to the requesting host...
    – fragwürdig
    Commented Aug 26, 2015 at 12:49
  • Yes, that's correct. The ISP router (192.168.0.1) will not have a route to 192.168.1.0/24, and will send that traffic to the Internet using its default route. In this case you would have to use NAT so that all requests for 192.168.1.0/24 are translated to 192.168.0.2, which the ISP router can communicate with.
    – Matt
    Commented Aug 26, 2015 at 16:45

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .