Hi

I am knew here and arrived after many hours watching very boring youtube videos and fruitless google searches. I am tired after hours of futile hacking away at it. I need help here.

Here is what I would like to achieve:

ether1 IP = 192.168.1.6/24 this connects to a cisco from ISP with LAN IP 192.168.1. It already has a NAT.
ether2 = 192.168.12.1/24 - this will go do a network 192.168.2.0/24
ether3 = 192.168.3.1/24- this will go to a network 192.168.3.0/24
etc etc etc

All the subnets will get internet (gateway at 192.168.1.1). I want to be able to access all the networks 192.168.1.0/24 .....192.168.2.0/24 from any of the subnets - ie the "LAN" side of my internet connection.

To try get it going I have only provided scrnat rule on the 192.168.12.0/24. If I get one port working I assume it will work on the subnets. I have a PC with IP 192.168.12.5 connected to ether2.

Works fine when I use the Nat masquerade. As shown :
chain=srcnat action=masquerade src-address=192.168.12.0/24 dst-address=0.0.0.0/0 log=no log-prefix="".
If I disable this I cant ping my gate way from the pc.

I don't want a NAT I already have a nat in the cisco. How can I get it to work without a masquerade (which as far as I can tell is a NAT).

My routes are as follows.

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 192.168.1.1 1
1 ADC 192.168.1.0/24 192.168.1.6 ether1 0
2 ADC 192.168.12.0/24 192.168.12.1 ether2 0
3. ACD 192.168.13.0/24 192.168.13.1 ether3 0

Thanks

Isn’t better do a DMZ in cisco to ether1?
Also, your router cisco need to know who are the subnets from ether2 and ether3. Then you must add them to routing table of cisco, with this, you will not need the masquerade rule.

Like:

route add -net 192.168.12.0/24 gw 192.168.1.6 dev eth0
route add -net 192.168.3.0/24 gw 192.168.1.6 dev eth0