Iptables advanced routing

[mycroes]

Just to introduce my situation: I'm using windows 2000 on this pc. This pc is connected to my Gentoo pc that will be server for my web page soon. The Gentoo pc is connected to a hub through another NIC, and on the hub there are several other pc's (running windows).
I managed to get all my pc's/NICs on the same subnet, and I'm using iptables with ipv4_forwarding to have internet on my windows 2000 pc. Now the problem is I want to have acces to the other pc's in the network (that are connected to the hub). I can see them in network neigboorhood, but I can't acces them.

The iptables commands I used on my Gentoo pc are:
iptables -A POSTROUTING -t nat -s 192.168.0.54 -o eth0 -j MASQUERADE
iptables -A POSTROUTING -t nat -s 192.168.0.1/24 -o eth1 -j MASQUERADE

192.168.0.54 is my windows 2000 pc, eth1 is connected to the 2000 pc, eth0 is going to the hub with the other pc's.

Am I doing anything wrong or can't it be done what I want?
Thnx in advance.
Greetings,

Michael
_________________
In a world without walls or fences we don't need windows or gates

[DefconAlpha]

I'm not exactly sure why you have the win2k box plugged into the hub (dmz or something?) but you won't need to use masquerading. You will want to bridge the two networks together. I think that you will want something on the order of

[mycroes]

the Gentoo pc is connected to the hub, the win2000 pc is only connected to the gentoo pc... I'll try to do some with the prerouting command.
Thnx anyway
Greetings,

Michael
_________________
In a world without walls or fences we don't need windows or gates

[uzik]

I would think you'd want to set rules for the "FORWARD" chain
to forward traffic from one NIC to the other on the gentoo box.
for file sharing you need to allow traffic on ports 137 and 139 through
from one nic to the other. I've never tried file sharing on separate
subnets, but I thought it would work fine. I don't think you need
masquerade

[mycroes]

The windows 2000 pc and the other pc's in the hub are on the same subnet (192.168.0.x, subnet mask 255.255.255.0). I think that I indeed may be searching for forwarding, but could you please give a (working) example (the prerouting example by DefconAlpha wasn't working )?
Greetings,

Michael
_________________
In a world without walls or fences we don't need windows or gates

[uzik]

[DefconAlpha]

Well, i have done some hunting and i think that the easiest thing to do would be to make a pseudo-bridge. The advanced linux routing project has some dox on it, but basically here's what you should do to test it out:

1: flush out all of your iptables rules (may not even need iptables for this)
2: create routes so that gentoo box can talk to either pc (already done from what it seems)
3: echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
echo 1 > /proc/sys/net/ipv4/ip_forward (if not already on)
4: run the 'arping' tool

if that doesn't work well, issue
echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind so you can send out unsolicted arp messages.

Give this a shot, i'm curious to know if it works (i will probably want to use something like this)
_________________
In the end, the love you get is equal to the love you make
--John Lennon & Paul McCartney (The End - Abbey Road,

[mycroes]

I think it would work with just forwarding ports 137 and 139, but I ran into another problem. Windows 2000 only seems to work with gateways ending with a .1, allthough it worked for a few days it stopped working yesterday so I'm on a different subnet now... I'll try to fix it later and then gonna do this all over again, I think I can get there without any more help now. Thnx all
Greetings,

Michael
_________________
In a world without walls or fences we don't need windows or gates