Tue Nov 08, 2016 12:54 pm
Sorry I misread what you were asking.
I think you should remove the masquerade option in iptables on the Pi. That way, each computer behind the Pi will retain its own IP address. (*)
The Pi has an interface on each network and routing is enabled, so I think it is good to go.
Client computers on the 192.168.0.0 network need to know where the gateway to the 192.168.42.0 network is. In other words, they need a static route to that network via 192.168.0.101.
So you need to do something like (depending on client OS) "ip route add 192.168.42.0/24 via 192.168.0.101 dev eth0" on each client.
To automate it, perhaps you can add that to your router's DHCP server configuration (or use a dhcp server like dnsmasq listening on 192.168.0.101 as a replacement to your router's service; dnsmasq understands dhcp option 121).
In case you want to let hosts on 192.168.42.0 reach the internet: I suppose outgoing traffic will pass ok without any change to the edge router's configuration. For incoming traffic (and possibly responses), the edge router will need a static route also, to send traffic back to those foreign hosts on 192.168.42.0, via 192.168.0.101
(*) If you retain the use of masquerading, you don't have to worry about routing to a second network. However, you'd need to define port forwarding on the Pi, so that for example a hit to 192.168.0.101 port 1234 from a client computer would be forwarded to 192.168.42.65 port 22. That's ok for a few services, but beyond that managing forwarding rules get cumbersome.
Pick your poison...
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel