Ubuntu: Correct routing settings for NICs to use Ubuntu 16.04 as a router



Question:

OK, so I'm having trouble getting this working. My home internal network is a wireless one, and what I want to do is have a small wired network on a different subnet connected to one of my Ubuntu machines. The devices on this subnet need static IP addresses so share this connection for my eth0 interface won't work. Ideally this wired network will be able to connect to the internet, but it's not essential.

I've read a few guides on how to get this up and running, but there are conflicting opinions on the correct way to do it. Much of it seems to recommend using iptables but one site I was on yesterday said this was outdated (unfortunately I cannot find the link)

Network topology

Currently I have enabled ipv4 forwarding on the "pc in the middle"

will@will-Inspiron-7520 ~ 15:27:52 $ sysctl net.ipv4.ip_forward  net.ipv4.ip_forward = 1  

and have set up a route on one of the pcs on the wireless network to route requests for the 192.168.1.0 subnet to 10.10.10.10 (the wlan0 interface on the routing pc)

root@ubuntuserver will 15:29:57 # netstat -nra  Kernel IP routing table  Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface  0.0.0.0         10.10.10.1      0.0.0.0         UG        0 0          0 wlan0  10.8.0.0        10.8.0.2        255.255.255.0   UG        0 0          0 tun0  10.8.0.2        0.0.0.0         255.255.255.255 UH        0 0          0 tun0  10.10.10.0      0.0.0.0         255.255.255.0   U         0 0          0 wlan0  172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0  192.168.1.0     10.10.10.10     255.255.255.0   UG        0 0          0 wlan0  

I've tried several different settings for the routing in the wlan0 interface on the router pc, but nothing seems to work. I can ping a (currently the only one) device on the 192.168.1.0 subnet from the router

will@will-Inspiron-7520 ~ 15:27:40 $ tracepath -n 192.168.1.91   1?: [LOCALHOST]                                         pmtu 1500   1:  192.168.1.91                                          0.887ms reached   1:  192.168.1.91                                          0.734ms reached       Resume: pmtu 1500 hops 1 back 1   

but trying the same thing from the wlan device results in this

root@ubuntuserver will 15:33:13 #  tracepath -n 192.168.1.91   1?: [LOCALHOST]                                         pmtu 1500   1:  10.10.10.10                                           3.480ms    1:  10.10.10.10                                           3.315ms    2:  no reply   3:  no reply   4:  no reply  

the tcp dump from the router during this operation looks like this

root@will-Inspiron-7520 /home/will 15:33:18 # tcpdump  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode  listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes  15:33:38.497861 IP ubuntuserver.ftb.59424 > 192.168.1.91.44446: UDP, length 1472  15:33:39.499752 IP ubuntuserver.ftb.59424 > 192.168.1.91.44447: UDP, length 1472  15:33:40.487270 IP 192.168.1.250.34039 > 239.255.255.250.1900: UDP, length 171  15:33:40.500022 IP ubuntuserver.ftb.59424 > 192.168.1.91.44448: UDP, length 1472  15:33:41.487966 IP 192.168.1.250.34039 > 239.255.255.250.1900: UDP, length 171  15:33:41.502207 IP ubuntuserver.ftb.59424 > 192.168.1.91.44449: UDP, length 1472  15:33:42.488416 IP 192.168.1.250.34039 > 239.255.255.250.1900: UDP, length 171  15:33:42.503148 IP ubuntuserver.ftb.59424 > 192.168.1.91.44450: UDP, length 1472  15:33:43.488986 IP 192.168.1.250.34039 > 239.255.255.250.1900: UDP, length 171  15:33:43.503342 IP ubuntuserver.ftb.59424 > 192.168.1.91.44451: UDP, length 1472  15:33:43.503741 ARP, Request who-has 192.168.1.91 tell 192.168.1.250, length 28  15:33:43.504546 ARP, Reply 192.168.1.91 is-at 00:80:45:55:12:e8 (oui Unknown), length 46  15:33:44.258714 IP 192.168.1.250.17500 > 192.168.1.255.17500: UDP, length 177  15:33:44.523228 IP ubuntuserver.ftb.59424 > 192.168.1.91.44452: UDP, length 1472  15:33:45.547240 IP ubuntuserver.ftb.59424 > 192.168.1.91.44453: UDP, length 1472  15:33:46.571280 IP ubuntuserver.ftb.59424 > 192.168.1.91.44454: UDP, length 1472  15:33:47.540967 IP ubuntuserver.ftb.59424 > 192.168.1.91.44455: UDP, length 1472  15:33:48.523486 IP ubuntuserver.ftb.59424 > 192.168.1.91.44456: UDP, length 1472  ^C  18 packets captured  18 packets received by filter  0 packets dropped by kernel  

the routing table on the router looks like this

root@will-Inspiron-7520 /home/will 15:33:49 # netstat -nra  Kernel IP routing table  Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface  0.0.0.0         10.10.10.1      0.0.0.0         UG        0 0          0 wlan0  10.10.10.0      0.0.0.0         255.255.255.0   U         0 0          0 wlan0  169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 wlan0  192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0  

I can't get 192.168.1.250 to go in as the gateway through the gui but when I run sudo route delete -net 192.168.1.0 netmask 255.255.255.0 gw 0.0.0.0 && sudo route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.250 my routing table changes to this

root@will-Inspiron-7520 /home/will 15:37:33 # netstat -nra  Kernel IP routing table  Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface  0.0.0.0         10.10.10.1      0.0.0.0         UG        0 0          0 wlan0  10.10.10.0      0.0.0.0         255.255.255.0   U         0 0          0 wlan0  169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 wlan0  192.168.1.0     192.168.1.250   255.255.255.0   UG        0 0          0 eth0  

Which in turn changes the tcpdump to this

root@will-Inspiron-7520 /home/will 15:39:35 # tcpdump  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode  listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes  15:39:40.490804 IP 192.168.1.250.46819 > 239.255.255.250.1900: UDP, length 171  15:39:40.553050 IP ubuntuserver.ftb.33901 > 192.168.1.91.44446: UDP, length 1472  15:39:41.491671 IP 192.168.1.250.46819 > 239.255.255.250.1900: UDP, length 171  15:39:41.554906 IP ubuntuserver.ftb.33901 > 192.168.1.91.44447: UDP, length 1472  15:39:42.492371 IP 192.168.1.250.46819 > 239.255.255.250.1900: UDP, length 171  15:39:42.555628 IP ubuntuserver.ftb.33901 > 192.168.1.91.44448: UDP, length 1472  15:39:43.493366 IP 192.168.1.250.46819 > 239.255.255.250.1900: UDP, length 171  15:39:43.557677 IP ubuntuserver.ftb.33901 > 192.168.1.91.44449: UDP, length 1472  15:39:44.365950 IP 192.168.1.250.17500 > 192.168.1.255.17500: UDP, length 177  15:39:44.659103 IP ubuntuserver.ftb.33901 > 192.168.1.91.44450: UDP, length 1472  15:39:45.581510 IP ubuntuserver.ftb.33901 > 192.168.1.91.44451: UDP, length 1472  15:39:46.605286 IP ubuntuserver.ftb.33901 > 192.168.1.91.44452: UDP, length 1472  15:39:47.628312 IP ubuntuserver.ftb.33901 > 192.168.1.91.44453: UDP, length 1472  15:39:48.652259 IP ubuntuserver.ftb.33901 > 192.168.1.91.44454: UDP, length 1472  15:39:49.697026 IP ubuntuserver.ftb.33901 > 192.168.1.91.44455: UDP, length 1472  15:39:50.599268 IP ubuntuserver.ftb.33901 > 192.168.1.91.44456: UDP, length 1472  15:39:51.622447 IP ubuntuserver.ftb.33901 > 192.168.1.91.44457: UDP, length 1472  15:39:52.563705 IP ubuntuserver.ftb.33901 > 192.168.1.91.44458: UDP, length 1472  15:39:53.669767 IP ubuntuserver.ftb.33901 > 192.168.1.91.44459: UDP, length 1472  15:39:54.594106 IP ubuntuserver.ftb.33901 > 192.168.1.91.44460: UDP, length 1472  15:39:55.616774 IP ubuntuserver.ftb.33901 > 192.168.1.91.44461: UDP, length 1472  15:39:56.640204 IP ubuntuserver.ftb.33901 > 192.168.1.91.44462: UDP, length 1472  

Can anyone tell me where I'm going wrong? As I said, it isn't essential that the 192.168.1.0 network can reach the internet (though it would be desirable) but the minimum would be the 10.10.10.0 subnet being able to see the 192.168.1.0 devices.


Solution:1

Well, I'm an idiot. I didn't have the gateway set up properly on the 192.168.1.x machine. It was still set up as 192.168.1.1 (which doesn't exist)

Once I changed this I can now ping both ways. And I have internet access on the 192.x.x.x network.


Solution:2

1.- Step: If you want to add wired equipment to your internal network, you must add a network card (eth1) and a switch of at least 5-8 ports.

2.- Install DHCP Server and make IP reservations for wired computers.

3.- Execute IPTables

#!/bin/sh    iptables -F  iptables -X  iptables -Z  iptables -t nat -F  iptables --delete-chain  iptables --table nat --delete-chain      iptables -P INPUT ACCEPT  iptables -P OUTPUT ACCEPT  iptables -P FORWARD ACCEPT  iptables -t nat -P PREROUTING ACCEPT  iptables -t nat -P POSTROUTING ACCEPT    modprobe ip_conntrack  modprobe ip_conntrack_ftp  echo 1 > /proc/sys/net/ipv4/ip_forward    # Internet for Wireless   iptables -t nat -A POSTROUTING -s 192.168.1.X/X -o wlan0 -j MASQUERADE  # Internet for Wired  iptables -t nat -A POSTROUTING -s 192.168.2.X/X -o wlan0 -j MASQUERADE  


Solution:3

You very well may have this setup correctly and this may have something to do with the wireless interface you're using. Typically the way to do something like this is with a dedicated wireless access point you connect to a controller(in this case your server) via Ethernet. check out ubnt.com they have some good relatively cheap ones.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »