# routing between 2 lans

## karl420

OK, we've had a windows LAN here since before I started working here. Its 192.168.0.*, and I setup a Linux LAN (with iptables to share internet, etc), and its 192.168.12.*.

With that said, I want to be able to reach 192.168.0.* addresses, and possibly set something up so that windows computers on my lan, can be in the same workgroup and/or domains, etc, as the windows network.

How do I go about setting this up?

Karl

----------

## aja

You will either need to set up a router (which will recognize addresses on the two networks and route between them) or modify your subnet mask to include all the IPs in the same network (i.e. 255.255.0.0) - of course, this is a bit dodgy, as you are combining two class C networks into one class B network, but you are using non-routable IPs, so it's not verboten.

----------

## karl420

Well, my firewall is pretty much a router, I just don't know how to configure it to do what I want.

I tried changing the subnetmask on my workstation, and that doesnt help, did you mean change the subnet mask on the firewall ?

Karl

----------

## ben

Well I cannot find where I posted this already, but here it is again:

/sbin/iptables -A FORWARD -i eth3 -s 192.168.20.2 -o eth1 -j ACCEPT

/sbin/iptables -A FORWARD -i eth3 -o eth1 -m state --state ESTABLISHED,RELATED -

j ACCEPT

/sbin/iptables -A FORWARD -i eth1 -o eth3 -j ACCEPT

/sbin/iptables -A FORWARD -j LOG

eth1 and 3 are internal. I authorused one hot one eth3 net to traverse.

And you may want to set up a samba server to share files with win.

HTH

Ben

----------

## karl420

 *ben wrote:*   

> Well I cannot find where I posted this already, but here it is again:
> 
> /sbin/iptables -A FORWARD -i eth3 -s 192.168.20.2 -o eth1 -j ACCEPT
> 
> /sbin/iptables -A FORWARD -i eth3 -o eth1 -m state --state ESTABLISHED,RELATED -
> ...

 

I see, so eth3 is a card that is connected to the win LAN, and eth1 is your linux LAN. I just need to setup forwarding between the two? And in your configuration, you are only letting windows user 192.168.20.2 get from the windows lan to the linux lan, and letting everone in the linux lan get to the linux lan?

Karl

----------

## ben

Let say: would be in your case  :Wink: 

I don't have any windows machine, but I have a wire (eth1) and wireless (eth3) lan. One both lans, I give dhcp assigned fixed IP to known machines. And the wireless lan is untrusted.

So if someone pass by, he could surf through my wireless lan (my 2cents back to the community), but he can't traverse to my internal net easily and unnoticed. Whereas the reverse is not true: I do authorise myself from any where on the wire lan to talk to any machines on the wireless part.

HTH

Ben

----------

## karl420

Thanks a million! I appreciate the help!

Karl   :Twisted Evil: 

----------

## mb

or give net-misc/netkit-routed a try, if you want dynamic routing instead of static routing/iptables....

#mb

----------

