Re-2: Ubuntu Server with 2 NICs, help with routing

Tue Mar 25 07:13:14 UTC 2014

Sehr geehrter Herr / Frau,

Mit freundlichen Grüßen / best regards
Kevin Olbrich
IT Support & Development

____________________________________________________
Dolphin IT-Systeme e.K., Peter Str. 69, D-42499 Hückeswagen
Telefon 02192 / 8549-0, Telefax 02192 / 8549-29
Telefon 02192 / 8549-120, Mobil 0151 / 51044766
Email: kolbrich at dolphin-it.de Internet: www.dolphin-it.de

Amtsgericht Köln: HRA 17285, USt.-IdNr: DE 228675548
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen.
 Wenn Sie nicht der richtige Adressat sind und/oder diese E-Mail irrtümlich 
erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie 
diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail 
ist nicht gestattet.

PBitte denken Sie an die Umwelt, bevor Sie diese E-Mail ausdrucken.

Just to make sure, did you enable ip forwarding?

http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/

Natting twice is bad but if you want your server to be a firewall, you must NAT 
twice to have a seperated network on your second network card.

Best regards,
Kevin

 Original Message processed by david®  

Re: Ubuntu Server with 2 NICs, help with routing (25-Mär.-2014 07:55)

From:   Crispin Wellington

To:
 Roland Hill (and 1 other) 
The traceroute shows your packets are getting to the 10.* network. What is 
probably happening is the NAT on your ADSL router is only set up to NAT 10.* 
address space. It needs to NAT incoming 10.* and 192.168.* traffic. You either 
need to set the NAT there to do that (the best solution), or NAT the 192.168 
addresses at the 10.* border (so your packets are NATed twice. Once to 10.*... 
once to the live IP. This is not the best way to do it.)

Crispin

On Sun, Mar 23, 2014 at 6:58 AM, Roland Hill <roland.lists at hillnet.co.nz> wrote:
Hi list,

 I'm running Ubuntu Server 13.10 on a Gigabyte Brix as a small home server.

 It has onboard ethernet (p3p1, ubuntu's naming) and a USB ethernet adapter (
eth0).

 The aim is to have the server "sit" between my ADSL modem/router and my
 network and run squid3 as a transparent caching proxy. The server already
 runs dnsmasq for DNS and DHCP services.

 I'll now do my best to simply describe the network:

 ASDL router: WAN side, IP etc assigned by ISP (PPoA)
              LAN side, IP 10.0.0.1/255.255.0.0, no DCHP, DNS or wireless

 (router is an all-in-one device, via Vodafone New Zealand)

 Server: eth0, IP 10.0.0.2/255.255.0.0
         p3p1, IP 192.168.0.1/255.255.255.0

 Clients: DHCP in range of 192.168.0.11 to 150, 255.255.255.0, assigned by
 dnsmasq from the server. No hosts connect to the 10.* network.

 Other information:
 - IPv4 forwarding is on (via /etc/sysctl.conf etc)
 - Static route in the ADSL router is set, dest: 192.168.0.0/24, gw
   10.0.0.2, iface LAN/br0
 - No iptable rules, apart from standard, have been configured.

 Problem:
 192.168.* clients cannot connect to the internet. Here is a cut from
 traceroute -

 roland at rh-mob:~$ traceroute 203.109.178.102
 traceroute to 203.109.178.102 (203.109.178.102), 30 hops max, 60 byte
 packets
  1  hillnet.localnet (192.168.0.10)  3.140 ms  3.542 ms  3.630 ms
  2  10.0.0.1 (10.0.0.1)  4.082 ms  4.681 ms  5.111 ms
  3  * * *
  4  * * *

 ..where rh-mob is a 192.168.* client.

 I've googled, reached out to my local LUG and spoken with collegues, but
 can seem to move forward. Any suggestions would be most appreciated.

 The result is the same even if I use another ADSL modem/router (trying to
 rule out if there were any issues with my Vodafone device).

 Networking is not my "sweet spot"...

 Let me know if I've missed any important relevant information.

 Thanks.

 --
 Regards,

 Roland

 PGP Key 0xDA39319B = BCF0 1214 BAE9 5A3D 46FC 21A6 360D 9398 DA39 319B

--
 ubuntu-users mailing list
ubuntu-users at lists.ubuntu.com
 Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/
ubuntu-users

 conf etc)
 - Static route in the ADSL router is set, dest: 192.168.0.0/24, gw
   10.0.0.2, iface LAN/br0
 - No iptable rules, apart from standard, have been configured.