Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Cant route

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
carlos11
Posts: 5
Joined: 2017-10-01 10:40

Cant route

#1 Post by carlos11 »

Greetings,

im running a debian 9 server with 2 nic, so kids have their own lan. so far so good, but i cant route properly to receive a connection on nic2

interfaces:
# The primary network interface
allow-hotplug enp2s0
iface enp2s0 inet static
address 192.168.178.111
netmask 255.255.255.0
gateway 192.168.178.1
dns-nameservers 192.168.178.1

allow-hotplug enp1s0
iface enp1s0 inet static
address 192.168.1.1
netmask 255.255.255.0
forwarding is on
echo '1' > /proc/sys/net/ipv4/ip_forward
route set
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.178.1 enp2s0
dnsmasq configured on correct dhcp range.
dhcp-range=enp1s0,192.168.1.150,192.168.1.175,72h
when plugging in device on enp1s0, i got an ip (192.168.1.171) but no connection. internet fails, ping on gateway or enp2s0 also fails.

route
0.0.0.0 192.168.178.1 0.0.0.0 UG 0 0 0 enp2s0
192.168.1.0 192.168.178.1 255.255.255.0 UG 0 0 0 enp2s0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp1s0
192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 enp2s0
any idea where i missed the point?

thx

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Cant route

#2 Post by p.H »

carlos11 wrote: route set

Code: Select all

route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.178.1 enp2s0
This route is wrong. Remove it.

carlos11
Posts: 5
Joined: 2017-10-01 10:40

Re: Cant route

#3 Post by carlos11 »

so if this route is wrong, what is the correct route?

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Cant route

#4 Post by p.H »

None. All the necessary routes are already created with the address/netmask and gateway options.

User avatar
ralph.ronnquist
Posts: 342
Joined: 2015-12-19 01:07
Location: Melbourne, Australia
Been thanked: 6 times

Re: Cant route

#5 Post by ralph.ronnquist »

You might want the server to masquerade outgoing packets as well so that return traffic finds its way back to the sub net. A simple way for this is to add an iptables rule like the following

Code: Select all

iptables -t nat -A POSTROUTING -o enp2s0  -j MASQUERADE
Or, by searching the web, you can find other, more complex ways of achieving the same thing.

carlos11
Posts: 5
Joined: 2017-10-01 10:40

Re: Cant route

#6 Post by carlos11 »

thx for your kind help @all

i was adding iptables as you suggested, but no output with iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
deleting route with
route del -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.178.1 enp2s0
but no effect on the connection on enp1s0.

ping on 192.168.1.1.
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.113 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.144 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.146 ms
but still no internet connection on any device on enp1s0

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: Cant route

#7 Post by p.H »

carlos11 wrote:i was adding iptables as you suggested, but no output with iptables -L
iptables -L only displays (in an ugly way) the contents of the filter table. Use iptables-save instead.
Note that masquerading is not required if the uplink router at 192.168.178.1 has a proper route to 192.168.1.0/24.
carlos11 wrote:deleting route with
Please check the actual result with "ip route".
carlos11 wrote:ping on 192.168.1.1.
From where ?

Could you provide the output of "ip addr" and "ip route" on a client host connected to enp1s0 ?

carlos11
Posts: 5
Joined: 2017-10-01 10:40

Re: Cant route

#8 Post by carlos11 »

ip route
default via 192.168.178.1 dev enp2s0 onlink
192.168.1.0/24 dev enp1s0 proto kernel scope link src 192.168.1.1 linkdown
192.168.178.0/24 dev enp2s0 proto kernel scope link src 192.168.178.111
Ping from a client with ip 19.168.178.104

ip addr client on enp1s0:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 74:e6:e2:44:**:** brd ff:ff:ff:ff:ff:ff
inet 192.168.1.155/24 brd 192.168.1.255 scope global dynamic enp7s0
valid_lft 259093sec preferred_lft 259093sec
inet6 fe80::3f98:5fbd:f10f:e3c8/64 scope link
valid_lft forever preferred_lft forever
3: wlp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 4c:bb:58:63:**:** brd ff:ff:ff:ff:ff:ff
inet 192.168.178.10/24 brd 192.168.178.255 scope global dynamic wlp6s0
valid_lft 7072sec preferred_lft 7072sec
inet6 fe80::9d24:9c0c:def:cb38/64 scope link
valid_lft forever preferred_lft forever
ip route
default via 192.168.1.1 dev enp7s0 proto static metric 100
default via 192.168.178.1 dev wlp6s0 proto static metric 600
169.254.0.0/16 dev wlp6s0 scope link metric 1000
192.168.1.0/24 dev enp7s0 proto kernel scope link src 192.168.1.155 metric 100
192.168.178.0/24 dev wlp6s0 proto kernel scope link src 192.168.178.10 metric 600

Post Reply