: If someone knows a simpler solution pls let me know, thx. SHORT answer , I think you forgot return routing ! I am not sure what you are doing here , but I am sure from your last post you are "doin' it wrong" . If I understand your solution , you have now "eliminated the need" for routing by using NAT ! Since I cannot see your complete setup I will explain some BASIC "issues" you might encounter . ( And I believe this might be your issue for this case too ) NET A --- A side GW-X (ROUTER) B side GW-X --- NET B --- B side GW-Y (ROUTER) C side GW-Y --- Internet/or further networks SWITCH SWITCH | | PC-A1 PC-B1 PC-A2 PC-B2 To start on the solution , the first thing we focus on is ROUTING is always 2 ways . In any setup like above , making a route from GW-X is useless , unless all units "after" GW-X know a route back to side A for the NET A . When GW's already have routing enabled , they normally only have 1 route entry added . This is default GW going towards outside world , additionally they also have automatic "routing" for all local interfaces . When you have this traffic will only go from "left to right" , meaning when you send packets from A to B , the B will send any reply out to C , because it will follow default route going "right" . MINIMUM to solve this is to make a route for NET A on GW-Y to GW-X . Now A will send to B and B return packets to A through GW-Y router , this is somewhat suboptimal since only unit on NET B with route to A IS GW-Y . ( meaning all traffic to NET A must initially go through GW-Y , making an extra HOP for PC's in NET B ) Next step is to solve this by either adding a route for all units , here seen as PC-B1 and PC-B2 , So that they send traffic directly to GW-X for NET-A and have default route to GW-Y . ( This can also be done via routing protocols like RIP , OSPF or IS-IS , but for home use you will likely add one more route ) Your next issue will be fix RFC1918 ( private address space ) when going to Internet ( or any other outside network ) This is usually fixed by adding NAT for all networks to the address of GW-Y's IP on NET C when leaving GW-Y towards outside . This must include in this examples NET A and NET B , if not no one on the outside will be able to return packets ( this also means that GW-Y IP on NET C needs to be public and also routed , which is normaly the responsibility of your ISP ) Hope this explains how to start your setup from scratch again , if not please ask if you need more info . Best regards André Paulsberg Senior Network Engineer Core Network Operation, Network, Nordic Operations andre.paulsberg@xxxxxxxx M +47 9070 5988 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
