(Machine to act as a) Router
(Machine to act as a) Router
Debian 12, two network interfaces.
eth0 is the access to the internet (on 192.168.0.1), and my home network is 192.168.1.0/24 on eth1
I'm just using /etc/network/interfaces which has:
auto eth1
iface eth1 inet static
address 192.168.1.1
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
auto eth0
iface eth0 inet static
address 192.168.0.2
network 192.168.0.0
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1
So from this machine I can ping to the outside world from both ports, for example to 192.168.0.1 and to 192.168.1.8
but... if I try to ping 192.168.0.1 from 192.168.1.8, no routing is found.
And yes, I uncommented the 'net.ipv4ip_forward=1' in /etc/sysctl.conf
I know I must be missing some thing very obvious, but I just can't see it.
Is there anything else in sysctl.conf?
eth0 is the access to the internet (on 192.168.0.1), and my home network is 192.168.1.0/24 on eth1
I'm just using /etc/network/interfaces which has:
auto eth1
iface eth1 inet static
address 192.168.1.1
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
auto eth0
iface eth0 inet static
address 192.168.0.2
network 192.168.0.0
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1
So from this machine I can ping to the outside world from both ports, for example to 192.168.0.1 and to 192.168.1.8
but... if I try to ping 192.168.0.1 from 192.168.1.8, no routing is found.
And yes, I uncommented the 'net.ipv4ip_forward=1' in /etc/sysctl.conf
I know I must be missing some thing very obvious, but I just can't see it.
Is there anything else in sysctl.conf?
Last edited by ShedPaul on 2024-06-15 08:19, edited 1 time in total.
- RedGreen925
- Posts: 157
- Joined: 2024-05-16 02:56
- Has thanked: 1 time
- Been thanked: 29 times
Re: Router
Well the obvious is they are on separate networks which will not be reachable due to that. Put them on the same network and they should be able to communicate with each other. Use either the 192.168.0.??? or the 192.168.1.??? for both the interfaces. If you plan on using the second interface to connect other machines to the internet via it then what you do will make sense. Also I see no mention of firewall being used to shield the computer from being directly connected to the internet and allowing those ports that are open to be exposed to any port scanners out there doing what they do, scan for open ports for machines to compromise if they can. A search to list some articles you should read to configure this properly. I gave up on it ages ago and now just use router and hubs for my home network. It simplifies the process to a pre-configured device that works well in my experience with them at a fraction of the power consumption of dedicated machine doing it.
https://www.google.com/search?q=setting ... dm=14#ip=1
- FreewheelinFrank
- Global Moderator
- Posts: 2360
- Joined: 2010-06-07 16:59
- Has thanked: 45 times
- Been thanked: 257 times
Re: Router
@ShedPaul
Welcome to the forum!
A more descriptive topic title would help both with members with knowledge of the issue being more likely to respond, and members with the same or similar issue being more likely to find your topic in the future.
Please could you edit your first post and make the title more descriptive. Thank you.
Welcome to the forum!
A more descriptive topic title would help both with members with knowledge of the issue being more likely to respond, and members with the same or similar issue being more likely to find your topic in the future.
Please could you edit your first post and make the title more descriptive. Thank you.
Re: Router
If the host you are pinging from sits in the 192.168.1.0/24 network and you expect the 192.168.0.0/24 network to be reachable, via 192.168.1.1, the host must know where to send packets intended for 192.168.0.0/24. I.e. it must have a route defined for that network.
Assuming you don't have any other router configured on your pinging host, you must configure the host either to have: of pinging host would be useful. Other than that, it is hard to comment any network layout or e.g. firewall related issues without more information.
Assuming you don't have any other router configured on your pinging host, you must configure the host either to have:
- 192.168.1.1 as default gateway, or
- static route to 192.168.0.0/24 via 192.168.1.1.
Code: Select all
ip r
Debian Trixie with sway
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
Re: (Machine to act as a) Router
ip r gives:
default via 192.168.0.1 dev eth0 onlink
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1
default via 192.168.0.1 dev eth0 onlink
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1
Re: (Machine to act as a) Router
A couple of people have commented about the different network definitions on the two ports. In that case how does a router to the internet ever work?
- RedGreen925
- Posts: 157
- Joined: 2024-05-16 02:56
- Has thanked: 1 time
- Been thanked: 29 times
Re: (Machine to act as a) Router
NAT or network address translation, a host machine with an IP on the same network segment as the machine(s) behind it translates the requests and forwards the packets along to the machine it has given their IP to. Part of the ip forwarding you tried to use with the firewall like iptables doing the connection routing and protecting the machine from being exploited. This is usually done with a DHCP server involved which tells the client machines that it serves what their IP, gateway IP and DNS servers are if it is not serving up the DNS itself. Then again you would know some of this by now if you had read even one of any of the articles in the search I linked too. Oh and the host machine acting as the router was assigned their settings by yet again another machine doing exactly the same thing, the whole process repeated for as many layers of it as is required to get it done to connect to the outside world. Each step it goes through is one closer to communicating with your destination sought. The output of the traceroute command shows you the path your packets travel going through this process to connect to a website, here it shows nine hops as they are called to get to the 8.8.8.8 address (Google DNS server)
Code: Select all
zeus@9600k:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b4:2e:99:63:13:53 brd ff:ff:ff:ff:ff:ff
altname enp0s31f6
inet 192.168.0.101/24 brd 192.168.0.255 scope global dynamic noprefixroute eno1
valid_lft 85938sec preferred_lft 85938sec
inet6 fe80::9cba:25ed:2435:cf3/64 scope link noprefixroute
valid_lft forever preferred_lft forever
zeus@9600k:~$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 asus.local (192.168.0.1) 0.475 ms 0.699 ms 0.866 ms
2 192.168.2.1 (192.168.2.1) 2.714 ms 2.775 ms 2.755 ms
3 10.178.218.5 (10.178.218.5) 5.908 ms 5.752 ms 5.818 ms
4 ae21-84.cr02.drmo.ns.aliant.net (142.166.39.157) 5.902 ms 6.313 ms 6.760 ms
5 hg-0-4-0-1-50.cr01.drmo.ns.aliant.net (142.166.218.65) 6.915 ms hg-0-4-0-0.cr01.hlfx.ns.aliant.net (142.166.211.73) 6.970 ms 6.764 ms
6 hg-0-4-0-0.cr01.hlfx.ns.aliant.net (142.166.211.73) 6.957 ms 5.810 ms be19.bx02.nycm.ny.aliant.net (207.231.227.62) 23.394 ms
7 74.125.119.154 (74.125.119.154) 24.686 ms be19.bx02.nycm.ny.aliant.net (207.231.227.62) 23.835 ms 74.125.119.154 (74.125.119.154) 24.104 ms
8 * * 74.125.119.154 (74.125.119.154) 22.212 ms
9 * dns.google (8.8.8.8) 22.653 ms *
Code: Select all
zeus@9600k:~$ whois 74.125.119.154
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2024, American Registry for Internet Numbers, Ltd.
#
NetRange: 74.125.0.0 - 74.125.255.255
CIDR: 74.125.0.0/16
NetName: GOOGLE
NetHandle: NET-74-125-0-0-1
Parent: NET74 (NET-74-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Google LLC (GOGL)
RegDate: 2007-03-13
Updated: 2012-02-24
Ref: https://rdap.arin.net/registry/ip/74.125.0.0
snip....
-
- df -h | grep > 20TiB
- Posts: 1529
- Joined: 2012-10-06 05:31
- Location: /dev/chair
- Has thanked: 106 times
- Been thanked: 255 times
Re: (Machine to act as a) Router
A firewall rule to do the address mangling/masquerading (NAT) perhaps?
Examples of appropriate rules abound on the 'net, and this very forum.
How we got to 4 replies waffling about routes without anyone mentioning this fairly important piece of the puzzle I don't know.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Re: (Machine to act as a) Router
I am making progress, but slowly. I think it is in the firewalling, but even that doesn't make much sense. The box does have ufw, which by default allows imcp packets through. Indeed I can see the rules in the 'before' file allow this, ans I certainly haven't added any rules of my own which affect pings. But disabling the firewall allows me to reach 192.168.0.2 (the port on the box which is destined for the internet), but not beyond, say the router at 192.168.0.1
I've struggled for too long with this, I'm going to grab my configuration files and do a fresh install - that is the only way to track this down without extra stuff, such as rather complex dhcpd, tftpd and other daemons.
I just wonder if there is hardware issue, in the same way that bridging sometimes won't work. Interestingly this question does appear on a variety of forums for various distributions, usually without a clear resolution.
I know that I need to be careful with web searches referring to prehistoric distributions (prehistoric can mean 4 years old) because so much changes, and it is impossible to keep a track of it all, I had a vague hope that this post might induce a "have you checked blah.blah.blah.conf? It's new since Deb 11" kind of reply.
I'll try to update, because I hate these pots that just fizzle out without a resolution.
I've struggled for too long with this, I'm going to grab my configuration files and do a fresh install - that is the only way to track this down without extra stuff, such as rather complex dhcpd, tftpd and other daemons.
I just wonder if there is hardware issue, in the same way that bridging sometimes won't work. Interestingly this question does appear on a variety of forums for various distributions, usually without a clear resolution.
I know that I need to be careful with web searches referring to prehistoric distributions (prehistoric can mean 4 years old) because so much changes, and it is impossible to keep a track of it all, I had a vague hope that this post might induce a "have you checked blah.blah.blah.conf? It's new since Deb 11" kind of reply.
I'll try to update, because I hate these pots that just fizzle out without a resolution.
Re: (Machine to act as a) Router
Seems you are missing the corresponding entries in IPTables....please see viewtopic.php?t=160994