NAT-setup: modification requared

[Hiisi]

Dear All!
I have F11 system running as my home server. It shares Internet and printer for small home network. Up to now there was only one client in my network - window$ laptop. Using google I was able to set up NAT POSTROUTING on F11 machine. It has 3 ethernet adapters: 1 in motherboard (eth0) and two aditional PCI cards. Now I added second client to my home network - Ubuntu laptop. Here's the configuration:

Code:

ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0F:EA:22:A0:2C  
          inet addr:192.168.0.203  Bcast:192.168.1.255  Mask:255.255.254.0
          inet6 addr: fe80::20f:eaff:fe22:a02c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22516 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7711 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:6900848 (6.5 MiB)  TX bytes:1230720 (1.1 MiB)
          Interrupt:19 Base address:0xe000 

eth1      Link encap:Ethernet  HWaddr 00:80:48:2E:43:9C  
          inet addr:192.168.2.20  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::280:48ff:fe2e:439c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4126 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4425 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:607414 (593.1 KiB)  TX bytes:3235680 (3.0 MiB)
          Interrupt:18 Base address:0x8000 

eth2      Link encap:Ethernet  HWaddr 00:40:F4:98:DB:E9  
          inet addr:192.168.2.40  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::240:f4ff:fe98:dbe9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:30 errors:0 dropped:0 overruns:0 frame:0
          TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1991 (1.9 KiB)  TX bytes:14166 (13.8 KiB)
          Interrupt:19 Base address:0xa000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:43 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3412 (3.3 KiB)  TX bytes:3412 (3.3 KiB)

Code:

route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     *               255.255.255.0   U     0      0        0 eth1
192.168.2.0     *               255.255.255.0   U     0      0        0 eth2
192.168.0.0     *               255.255.254.0   U     0      0        0 eth0
link-local      *               255.255.0.0     U     1002   0        0 eth0
link-local      *               255.255.0.0     U     1003   0        0 eth1
link-local      *               255.255.0.0     U     1004   0        0 eth2
default         mitht2.imt.ru   0.0.0.0         UG    0      0        0 eth0

Code:

cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.3.1 on Tue Sep  1 23:36:23 2009
*nat
:PREROUTING ACCEPT [1264:158963]
:POSTROUTING ACCEPT [96:14688]
:OUTPUT ACCEPT [462:49878]
-A POSTROUTING -o eth0 -j MASQUERADE 
COMMIT
# Completed on Tue Sep  1 23:36:23 2009
# Generated by iptables-save v1.4.3.1 on Tue Sep  1 23:36:23 2009
*filter
:INPUT ACCEPT [7849:1116249]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1219:189475]
-A FORWARD -i eth0 -j ACCEPT 
-A FORWARD -i eth1 -j ACCEPT 
-A FORWARD -i eth2 -j ACCEPT 
COMMIT
# Completed on Tue Sep  1 23:36:23 2009

I'm trying to use 192.168.2.* network for laptops. Window$ laptop (192.168.2.30), connected to eth1 can browse the Web. It uses 192.168.2.20 (eth1' address) as its gateway. The second machine (Ubuntu laptop, 192.168.2.50) can't ping F11, neither go Web. It's connected to eth2 (192.168.2.40).
Whenever trying

Code:

ping 192.168.2.50

from F11 result is always the same:

Code:

ping 192.168.2.50
PING 192.168.2.50 (192.168.2.50) 56(84) bytes of data.
From 192.168.2.20 icmp_seq=2 Destination Host Unreachable
From 192.168.2.20 icmp_seq=3 Destination Host Unreachable
From 192.168.2.20 icmp_seq=4 Destination Host Unreachable
^C
--- 192.168.2.50 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4710ms
pipe 3

Could anybody point me where's the problem with it?
Thanks for attention!

[Roxoff]

I think your problem is that you have your two network cards inside your machine running on the same subnet.

This would all run much smoother if, instead of connecting both your laptops to different LAN adapters in your server, you were to acquire a cheap network hub or switch, connect that to eth1 in the server and connect both the laptops to the hub. I'm not sure how much such an item would cost in Russia, but here in the UK a cheap switch can cost as little as £10 (<US$15)

[Hiisi]

I don't think there is a big difference. Especially if both hubs are from the same fabric in China.
I just don't want buy anything. It is window$ way of life. I'm sure there's some other solution. And I would like to find it.
Anyway, thanks for replaying. Appreciate that!

[Lazydog]

The only thing you can do is use different subnets on your system. Presently you have both interfaces on 192.168.2.0/24 and when a packet is sent the system doesn't know what interface to send it out.

I would suggest leaving eth1 as 192.168.2.0/24 and setup eth2 as 192.168.3.0/24

[Hiisi]

The only thing you can do is use different subnets on your system. Presently you have both interfaces on 192.168.2.0/24 and when a packet is sent the system doesn't know what interface to send it out.

I would suggest leaving eth1 as 192.168.2.0/24 and setup eth2 as 192.168.3.0/24

Thank you, Mr. Lazydog!
I've done exactly. Actually, I posted the same message on fedora-list. The other useful suggestions from there were to setup NetworkBridge. Using that one can add as many network cards, as he wants. And they all will be using the same IP.
Thanks again!