Cant route

Kernels & Hardware, configuring network, installing services

Cant route

Postby carlos11 » 2017-10-01 11:04

Greetings,

im running a debian 9 server with 2 nic, so kids have their own lan. so far so good, but i cant route properly to receive a connection on nic2

interfaces:

# The primary network interface
allow-hotplug enp2s0
iface enp2s0 inet static
address 192.168.178.111
netmask 255.255.255.0
gateway 192.168.178.1
dns-nameservers 192.168.178.1

allow-hotplug enp1s0
iface enp1s0 inet static
address 192.168.1.1
netmask 255.255.255.0


forwarding is on

echo '1' > /proc/sys/net/ipv4/ip_forward


route set

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.178.1 enp2s0


dnsmasq configured on correct dhcp range.

dhcp-range=enp1s0,192.168.1.150,192.168.1.175,72h


when plugging in device on enp1s0, i got an ip (192.168.1.171) but no connection. internet fails, ping on gateway or enp2s0 also fails.

route

0.0.0.0 192.168.178.1 0.0.0.0 UG 0 0 0 enp2s0
192.168.1.0 192.168.178.1 255.255.255.0 UG 0 0 0 enp2s0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp1s0
192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 enp2s0


any idea where i missed the point?

thx
carlos11
 
Posts: 4
Joined: 2017-10-01 10:40

Re: Cant route

Postby p.H » 2017-10-01 12:41

carlos11 wrote:route set
Code: Select all
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.178.1 enp2s0

This route is wrong. Remove it.
p.H
 
Posts: 87
Joined: 2017-09-17 07:12

Re: Cant route

Postby carlos11 » 2017-10-01 18:18

so if this route is wrong, what is the correct route?
carlos11
 
Posts: 4
Joined: 2017-10-01 10:40

Re: Cant route

Postby p.H » 2017-10-01 18:47

None. All the necessary routes are already created with the address/netmask and gateway options.
p.H
 
Posts: 87
Joined: 2017-09-17 07:12

Re: Cant route

Postby ralph.ronnquist » 2017-10-01 22:10

You might want the server to masquerade outgoing packets as well so that return traffic finds its way back to the sub net. A simple way for this is to add an iptables rule like the following
Code: Select all
iptables -t nat -A POSTROUTING -o enp2s0  -j MASQUERADE
Or, by searching the web, you can find other, more complex ways of achieving the same thing.
User avatar
ralph.ronnquist
 
Posts: 303
Joined: 2015-12-19 01:07
Location: Melbourne, Australia

Re: Cant route

Postby carlos11 » 2017-10-02 04:53

thx for your kind help @all

i was adding iptables as you suggested, but no output with iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


deleting route with

route del -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.178.1 enp2s0


but no effect on the connection on enp1s0.

ping on 192.168.1.1.

PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.113 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.144 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.146 ms


but still no internet connection on any device on enp1s0
carlos11
 
Posts: 4
Joined: 2017-10-01 10:40

Re: Cant route

Postby p.H » 2017-10-02 07:44

carlos11 wrote:i was adding iptables as you suggested, but no output with iptables -L

iptables -L only displays (in an ugly way) the contents of the filter table. Use iptables-save instead.
Note that masquerading is not required if the uplink router at 192.168.178.1 has a proper route to 192.168.1.0/24.

carlos11 wrote:deleting route with

Please check the actual result with "ip route".

carlos11 wrote:ping on 192.168.1.1.

From where ?

Could you provide the output of "ip addr" and "ip route" on a client host connected to enp1s0 ?
p.H
 
Posts: 87
Joined: 2017-09-17 07:12

Re: Cant route

Postby carlos11 » 2017-10-02 10:06

ip route

default via 192.168.178.1 dev enp2s0 onlink
192.168.1.0/24 dev enp1s0 proto kernel scope link src 192.168.1.1 linkdown
192.168.178.0/24 dev enp2s0 proto kernel scope link src 192.168.178.111


Ping from a client with ip 19.168.178.104

ip addr client on enp1s0:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 74:e6:e2:44:**:** brd ff:ff:ff:ff:ff:ff
inet 192.168.1.155/24 brd 192.168.1.255 scope global dynamic enp7s0
valid_lft 259093sec preferred_lft 259093sec
inet6 fe80::3f98:5fbd:f10f:e3c8/64 scope link
valid_lft forever preferred_lft forever
3: wlp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 4c:bb:58:63:**:** brd ff:ff:ff:ff:ff:ff
inet 192.168.178.10/24 brd 192.168.178.255 scope global dynamic wlp6s0
valid_lft 7072sec preferred_lft 7072sec
inet6 fe80::9d24:9c0c:def:cb38/64 scope link
valid_lft forever preferred_lft forever



ip route

default via 192.168.1.1 dev enp7s0 proto static metric 100
default via 192.168.178.1 dev wlp6s0 proto static metric 600
169.254.0.0/16 dev wlp6s0 scope link metric 1000
192.168.1.0/24 dev enp7s0 proto kernel scope link src 192.168.1.155 metric 100
192.168.178.0/24 dev wlp6s0 proto kernel scope link src 192.168.178.10 metric 600
carlos11
 
Posts: 4
Joined: 2017-10-01 10:40


Return to System configuration

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable