I've had this working before, but I can't get it right on a new machine. I have the following setup on a ubuntu install as a router.
192.168.2.0/24 p34p1 wifi1 -------------|
192.168.1.0/24 p33p1 wired -------------|------Internet p32p1
192.168.3.0/24 p34p1 wifi2 -------------| 192.168.0.0/24
This might look overly complicated but it keeps the kids gaming traffic off my regular network, which can't use it on a console anyway. At present all three segments can talk to the internet, but cannot talk to each other in different segments as required.
routing
Kernel IP Routing table
Destination Gateway Genmask Iface
0.0.0.0 192.168.0.1 0.0.0.0 p32p1
192.168.0.0 * 255.255.255.0 p32p1
192.168.0.1 * 255.255.255.255 p32p1
192.168.1.0 * 255.255.255.0 p33p1
192.168.2.0 * 255.255.255.0 p34p1
192.168.3.0 * 255.255.255.0 p35p1
iptables -t nat -v -x -n -L
Chain PREROUTING (policy ACCEPT 998 packets, 64328 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 115 packets, 9157 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 30271 packets, 1701429 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 172 packets, 17314 bytes)
pkts bytes target prot opt in out source destination
30982 1739286 MASQUERADE all -- * p32p1 0.0.0.0/0 0.0.0.0/0
102 8264 all -- * p33p1 0.0.0.0/0 0.0.0.0/0
61 7327 all -- * p34p1 0.0.0.0/0 0.0.0.0/0
7 1603 all -- * p35p1 0.0.0.0/0 0.0.0.0/0
my iptables rules are turning into mush.
Any Assistance appreciated, thank-you
This missing gateways were the problem to the solution ;) Works much more betterer that way.
repeat for each nic
Without the gateway even if it knows the network is there it won't work