Routing between two networks on linux?

I got stuck with one problem I cant find solution. I have linux pc with two NIC. first nic (eth1) is connected to public ip (probably switch or whatever, doesnt really mater) so eth1 is connected to wan and another eth0 that I connected to switch and make it a lan nic. configuration:

eth1 ip address 88.200.1xx.xxx //xxx's are cuz of security reasons eth0 ip address 192.168.1.1

wan ------> [eth1 (linux PC) eth0]<---->[switch]<----> [eth1 (PC1)]

Now I want to connect this two networks, so PC1 can access linux PC and wan. I think I know how to do it but I cant confiugre it right. This is what I tried:

  1. I turend on ip forwarding (for sure)
  2. I set eth1 default gw to the right ip on the wan
  3. I tried to set eth0 default gw to the same ip (but i couldnt)

What or how can I do this, I was trying with linux route command, but I got stuck. Please help.


If you have 2 NICs on a Linux box, both configured with IP's you don't have to add a route from one network to another. That will be done automatically.

Add a default gateway address on the WAN NIC. Do not do this in the configuration of the LAN NIC.

Then enable forwarding in the kernel:

echo 1 >> /proc/sys/net/ipv4/ip_forward

To make it auto-set this value on boot uncomment this line in/etc/sysctl.conf

#net.ipv4.ip_forward=1

Then set up some rules in iptables to perform the natting and forwarding:

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT

# We allow traffic from the LAN side
iptables -A INPUT -i eth0 -j ACCEPT

######################################################################
#
#                         ROUTING
#
######################################################################

# eth0 is LAN
# eth1 is WAN

# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# fowarding
iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

that should do it.


You can only have one default gateway, so only set one.

To route traffic across the other interface, you need to set a persistent static route and bind it to that interface.


I have to do this, very rarely, when setting up ancient routers connected via ethernet to my netbook. My answer, which I found in my blog from September 2012, is very much like Goez's but simpler:

On the router: route add default gw 192.168.42.123 (the eth0 IP of the Linux box)

On the Linux box: sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward", followed by sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE