# How to ping on 2 different subnets from clients

## voncloft

My clients via ethernet-non wireless are on the subnet 192.168.1.x

My wireless....are on 192.168.42.x

I have a router I created with 3 cards (with Gentoo on it)

1x Wan - ethernet - dhcp from ISP

1x Lan - ethernet - 192.168.1.1

1x Wifi Card - 192.168.42.1

How do I ping from PC "A" which is 192.168.1.100 and ping my laptop 192.168.42.2

I am just getting my feet wet with networking - I got wifi working with hostapd ... but I can't ping my laptop from my ethernet connected PC.

Any guides? Google isn't returning much.

Thanks

----------

## eccerr0r

What are your network masks?

It should just 'work' if you have netmasks on your LANs (wl and wired) to 255.255.255.0 and you have forwarding enabled which you should, if NAT is working...

----------

## Ant P.

You need to enable IPv4 forwarding on the router, it's off by default unless some routing daemon turns it on:

```
net.ipv4.ip_forward=1

net.ipv4.conf.default.forwarding=1

net.ipv4.conf.all.forwarding=1
```

----------

## voncloft

 *eccerr0r wrote:*   

> What are your network masks?
> 
> It should just 'work' if you have netmasks on your LANs (wl and wired) to 255.255.255.0 and you have forwarding enabled which you should, if NAT is working...

 

Both are 255.255.255.0

----------

## voncloft

 *Ant P. wrote:*   

> You need to enable IPv4 forwarding on the router, it's off by default unless some routing daemon turns it on:
> 
> ```
> net.ipv4.ip_forward=1
> 
> ...

 

Already added no dice.Still can't ping 192.168.42.2 from 192.168.1.100

I can ping 192.168.42.1 though.

----------

## bbgermany

Hi,

Do you have traceroute installed on one of the clients? If yes, can you post the output from traceroute to one of the other unreachable clients? An can you post the output of your firewall rules? Maybe there can be a problem as well.

greets, bb

----------

## voncloft

 *bbgermany wrote:*   

> Hi,
> 
> Do you have traceroute installed on one of the clients? If yes, can you post the output from traceroute to one of the other unreachable clients? An can you post the output of your firewall rules? Maybe there can be a problem as well.
> 
> greets, bb

 

Will do when I get home - currently at work.

----------

## voncloft

 *bbgermany wrote:*   

> Hi,
> 
> Do you have traceroute installed on one of the clients? If yes, can you post the output from traceroute to one of the other unreachable clients? An can you post the output of your firewall rules? Maybe there can be a problem as well.
> 
> greets, bb

 

```

traceroute to 192.168.42.2 (192.168.42.2), 30 hops max, 60 byte packets

 1  router (192.168.1.1)  0.132 ms  0.124 ms  0.125 ms

 2  * * *

 3  * * *

 4  * * *

 5  * * *

 6  * * *

 7  * * *

 8  * * *

 9  * * *

10  * * *

11  * * *

12  * * *

13  * * *

14  * * *

15  * * *

16  * * *

17  * * *

18  * * *

19  * * *

20  * * *

21  * * *

22  * * *

23  * * *

24  * * *

25  * * *

26  * * *

27  * * *

28  * * *

29  * * *

30  * * *

```

```

localhost ~ # iptables -L                                                                                                                   

Chain INPUT (policy ACCEPT)                                                                                                                 

target     prot opt source               destination                                                                                        

ACCEPT     all  --  anywhere             anywhere                                                                                           

ACCEPT     all  --  anywhere             anywhere                                                                                           

ACCEPT     all  --  anywhere             anywhere                                                                                           

REJECT     udp  --  anywhere             anywhere             udp dpt:bootps reject-with icmp-port-unreachable                              

REJECT     udp  --  anywhere             anywhere             udp dpt:domain reject-with icmp-port-unreachable                              

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh                                                                   

DROP       tcp  --  anywhere             anywhere             tcp dpts:0:1023                                                               

DROP       udp  --  anywhere             anywhere             udp dpts:0:1023                                                               

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh                                                                   

Chain FORWARD (policy DROP)

target     prot opt source               destination         

DROP       all  --  anywhere             192.168.0.0/16      

DROP       all  --  anywhere             192.168.0.0/16      

ACCEPT     all  --  192.168.0.0/16       anywhere            

ACCEPT     all  --  anywhere             192.168.0.0/16      

ACCEPT     all  --  192.168.0.0/16       anywhere            

ACCEPT     all  --  anywhere             192.168.0.0/16      

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

```

----------

## szatox

I suppose it's a routing problem on the remote client.

It probably doesn't know it is connected to a router. E.g. no default gw defined.

What does `ip route` say?

What does ip -o a say?

If you can't spot any mistakes there, consider pasting the results from all 3 machines. You can anonymize wan interface, it's irrelevant

Edit: is this iptables dump from your rotuer or from client?

Also, does it work if you disable all firewalls along the way?

----------

## voncloft

 *szatox wrote:*   

> I suppose it's a routing problem on the remote client.
> 
> It probably doesn't know it is connected to a router. E.g. no default gw defined.
> 
> What does `ip route` say?
> ...

 

```

default via 192.168.1.1 dev bond0 src 192.168.1.100 metric 12        

192.168.1.0/24 dev bond0 proto kernel scope link src 192.168.1.100 metric 12

```

iptables is not installed on client

I have no firewall software on the moment - this router is in the beginning stages.

----------

## szatox

THis one is your lcoal client, isn't it?

The remote one would be 192.168.42.2, since this is the one that does not respond.

Finally, there is that ultimate weapon for network troubleshooting: wireshark (or tcpdump in text mode though it's not as user friendly). Launch it on the remote client and see if it receives anything and attempts to reply.

----------

## eccerr0r

Can you flush all your forward table rules, change it to default ACCEPT, and then see if it works?

You shouldn't need iptables on your non-router machines...

Also what's your route table look like on the router?  And what is bond0?  You have a more complicated setup than what seems to be implied...

----------

## Hu

According to your iptables -L output, failure is expected.  Your first two rules are identical (unless iptables is lying to you, which it probably is, which is why I always tell people to use iptables-save -c instead, but no one ever learns) and direct it to drop traffic that you say you want passed.

----------

