per default debian is not configured to forward traffic.

on server/router/gateway:

ping yahoo.de; # make sure internet connection works

ifconfig eth0:0 192.168.1.1 netmask 255.255.255.0 up; # add additional ip

vim /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

ESC :x # save and quit

sysctl -p; # Load in sysctl settings from the file

on clients:

ifconfig eth0:0 192.168.1.100 netmask 255.255.255.0 up; # add ip so client1 suse12 can reach server/router/gateway

ifconfig eth0:0 192.168.1.200 netmask 255.255.255.0 up; # add ip so client2 centos7 can reach server/router/gateway

route add default gw 192.168.1.1; # set default gateway on client1 and client2

suse12:~ # traceroute yahoo.de; # client1 already using this route
traceroute to yahoo.de (124.108.105.24), 30 hops max, 60 byte packets
 1  debian8.domainname.local (172.20.0.12)  0.254 ms  0.281 ms  0.269 ms
 2  172.20.0.1 (172.20.0.1)  1.169 ms  1.406 ms  1.629 ms
 3  hsi-kbw-37-49-88-1.hsi14.kabel-badenwuerttemberg.de (37.49.88.1)  16.016 ms  16.958 ms  17.126 ms
 4  172.30.24.49 (172.30.24.49)  17.159 ms  17.246 ms  17.387 ms
 5  de-fra01b-rc1-ae57-0.aorta.net (84.116.190.105)  24.748 ms  26.210 ms^C

suse12:~ # ping yahoo.de
PING yahoo.de (74.6.50.24) 56(84) bytes of data.
From 192.168.1.1: icmp_seq=2 Redirect Host(New nexthop: 172.20.0.1)
64 bytes from aviate.yahoo.com (74.6.50.24): icmp_seq=19 ttl=50 time=126 ms
64 bytes from aviate.yahoo.com (74.6.50.24): icmp_seq=21 ttl=50 time=126 ms
... slow but it works :-D

suse12:~ # netstat -rn
Kernel IP Routentabelle
Ziel            Router          Genmask         Flags   MSS Fenster irtt Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0
0.0.0.0         172.20.0.1      0.0.0.0         UG        0 0          0 eth0
172.20.0.0      0.0.0.0         255.255.0.0     U         0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0

testing: back to server:

while clinet suse12 (192.168.1.100) is pinging yahoo.de via gateway debian8 (192.168.1.1) you can monitor the forwareded ping ICMP packages like this:

root@Debian8:~# tcpdump -vi eth0|grep 192.168; # filter for source IP

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 1, length 64
 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 1, length 64
 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 3, length 64
 192.168.1.1 > 192.168.1.100: ICMP redirect aviate.yahoo.com to host 172.20.0.1, length 92
 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 3, length 64
 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 3, length 64
 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 4, length 64
 192.168.1.1 > 192.168.1.100: ICMP redirect aviate.yahoo.com to host 172.20.0.1, length 92
 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 4, length 64
 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 4, length 64
 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 5, length 64
 192.168.1.1 > 192.168.1.100: ICMP redirect aviate.yahoo.com to host 172.20.0.1, length 92
 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 5, length 64
 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 5, length 64
 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 6, length 64
 192.168.1.1 > 192.168.1.100: ICMP redirect aviate.yahoo.com to host 172.20.0.1, length 92
 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 6, length 64
 192.168.1.100 > aviate.yahoo.com: ICMP echo request, id 8548, seq 6, length 64
16:45:37.862231 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.100 tell 192.168.1.1, length 28
16:45:37.862392 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.100 is-at 00:15:5d:00:07:09 (oui Unknown), length 28

Links:

http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/

https://unix.stackexchange.com/questions/126595/iptables-forward-all-traffic-to-interface

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!
admin