Home / user-1130360

Crazy Polenta's questions

Martin Hope
Crazy Polenta
Asked: 2024-09-19 22:43:13 +0800 CST
  • 5

On my router (ubuntu/NFTables) I configured two WANs, one from each different ISP.

In the current configuration, I can ensure that any machine in the subnets can navigate using the first or second link, according to the rule in NFTables.

Note that it is not a specific LAN interface (any machine on any LAN interface can browse any of the two links with public IPs according to the rule in NFTables)

This is working, ok.

The problem I'm facing now is that the machines on the subnets should see each other and they're not even pinging each other.

Does anyone know how I can fix it so that, in addition to maintaining internet browsing like this, I can make machines connected to LAN1, LAN2, LAN3 and LAN4 able to talk to each other?

Below is the netplan configuration:

network:
ethernets:
    wan1:
        addresses:
        - 111.31.111.2/28
        - 111.31.111.3/28
        - 111.31.111.4/28
        - 111.31.111.5/28
        - 111.31.111.6/28
        - 111.31.111.7/28
        - 111.31.111.8/28
        - 111.31.111.9/28
        - 111.31.111.10/28
        - 111.31.111.11/28
        - 111.31.111.12/28
        - 111.31.111.13/28
        - 111.31.111.14/28
        nameservers:
            addresses:
            - 8.8.8.8
            - 8.8.4.4
            search: []
        routes:
        - to: default
          via: 111.31.111.1
          metric: 100
        - to: default
          via: 111.31.111.1
          metric: 100
          table: 100
        routing-policy:
        - from: 192.168.10.0/24
          table: 100
        - from: 192.168.20.0/24
          table: 100
        - from: 192.168.30.0/24
          table: 100
        - from: 192.168.40.0/24
          table: 100
    wan2:
        addresses:
        - 222.63.222.10/29
        - 222.63.222.11/29
        - 222.63.222.12/29
        - 222.63.222.13/29
        - 222.63.222.14/29
        nameservers:
            addresses:
            - 8.8.8.8
            - 8.8.4.4
            search: []
        routes:
        - to: default
          via: 222.63.222.9
          metric: 200
        - to: default
          via: 222.63.222.9
          metric: 200
          table: 200
        routing-policy:
        - from: 192.168.10.0/24
          table: 200
        - from: 192.168.20.0/24
          table: 200
        - from: 192.168.30.0/24
          table: 200
        - from: 192.168.40.0/24
          table: 200
    lan1:
        addresses:
        - 192.168.10.1/24
    lan2:
        addresses:
        - 192.168.20.1/24
    lan3:
        addresses:
        - 192.168.30.1/24
    lan4:
        addresses:
        - 192.168.40.1/24
version: 2

Following tables and rules:

userrouter1@router1:~$ ip route
default via 111.31.111.1 dev wan1 proto static metric 100 
default via 222.63.222.9 dev wan2 proto static metric 200 
192.168.10.0/24 dev lan1 proto kernel scope link src 192.168.10.1 
192.168.40.0/24 dev lan4 proto kernel scope link src 192.168.40.1 
111.31.111.0/28 dev wan1 proto kernel scope link src 111.31.111.2 
222.63.222.8/29 dev wan2 proto kernel scope link src 222.63.222.10

userrouter1@router1:~$ ip rule
0:  from all lookup local
32756:  from 192.168.30.0/24 lookup 200 proto static
32757:  from 192.168.40.0/24 lookup 200 proto static
32758:  from 192.168.20.0/24 lookup 200 proto static
32759:  from 192.168.10.0/24 lookup 200 proto static
32760:  from 192.168.30.0/24 lookup 100 proto static
32761:  from 192.168.10.0/24 lookup 100 proto static
32762:  from 192.168.40.0/24 lookup 100 proto static
32763:  from 192.168.20.0/24 lookup 100 proto static
32766:  from all lookup main
32767:  from all lookup default

userrouter1@router1:~$ ip route show table 100
default via 111.31.111.1 dev wan1 proto static metric 100 

userrouter1@router1:~$ ip route show table 200
default via 222.63.222.9 dev wan2 proto static metric 200 

userrouter1@router1:~$ ip rule show table 100
32760:  from 192.168.30.0/24 lookup 100 proto static
32761:  from 192.168.10.0/24 lookup 100 proto static
32762:  from 192.168.40.0/24 lookup 100 proto static
32763:  from 192.168.20.0/24 lookup 100 proto static

userrouter1@router1:~$ ip rule show table 200
32756:  from 192.168.30.0/24 lookup 200 proto static
32757:  from 192.168.40.0/24 lookup 200 proto static
32758:  from 192.168.20.0/24 lookup 200 proto static
32759:  from 192.168.10.0/24 lookup 200 proto static

As it currently stands, if I'm on machine 192.168.10.10 I can't PING 192.168.20.10, nor vice versa... I needed to resolve this issue, maintaining navigation to external IPs like this.

Can anyone help me?

ubuntu
Martin Hope
Crazy Polenta
Asked: 2024-09-03 01:21:09 +0800 CST
  • 5

I need to configure my router (Ubuntu Server 24/ NNFTables) so that computers connected to the lan1 and lan2 interfaces can browse the internet using the wan1 or wan2 interfaces, depending on the subnet IP.

I receive internet through 2 different providers.

ISP 1: Bloco ip: 111.11.111.0/28

ISP 2: Bloco ip: 222.22.222.8/29

config netplan yaml:

network:
    ethernets:
        wan1:
            addresses:
            - 111.11.111.2/28
            - 111.11.111.3/28
            - 111.11.111.4/28
            - 111.11.111.5/28
            - 111.11.111.6/28
            - 111.11.111.7/28
            - 111.11.111.8/28
            - 111.11.111.9/28
            - 111.11.111.10/28
            - 111.11.111.11/28
            - 111.11.111.12/28
            - 111.11.111.13/28
            - 111.11.111.14/28
            nameservers:
                addresses:
                - 8.8.8.8
                - 8.8.4.4
                search: []
            routes:
            -   to: default
                via: 111.11.111.1
        wan2:
            addresses:
            - 222.22.222.10/29
            - 222.22.222.11/29
            - 222.22.222.12/29
            - 222.22.222.13/29
            - 222.22.222.14/29
            nameservers:
                addresses:
                - 8.8.8.8
                - 8.8.4.4
                search: []
            routes:
            -   to: default
                via: 222.22.222.9                
        lan1:
            addresses:
            - 192.168.10.1/24
            nameservers:
                addresses: []
                search: []
        lan2:
            addresses:
            - 192.168.20.1/24
            nameservers:
                addresses: []
                search: []
    version: 2`

usertest@router1:~$ ip route
default via 111.11.111.1 dev wan1 proto static 
192.168.10.0/24 dev enp4s0 proto kernel scope link src 192.168.10.1 
192.168.20.0/24 dev enp5s0 proto kernel scope link src 192.168.20.1 
111.11.111.0/28 dev enp1s5 proto kernel scope link src 111.11.111.2 
222.22.222.8/29 dev enp8s0 proto kernel scope link src 222.22.222.9

Subnet stations and their respective public IPs that we like to browse:

192.168.10.101 ---> 111.11.111.11
192.168.10.102 ---> 111.11.111.12
192.168.10.201 ---> 222.22.222.11
192.168.10.202 ---> 222.22.222.12
192.168.20.10 ---> 222.22.222.10

I saw that I need to work with multiple routing tables using IP ROUTE, but all the configurations I tried failed...

Does anyone know how I can solve this?

I've already tried some nftables/ip route configurations... but I couldn't make it work... I've messed up so much that I don't even know everything I tried... Now the configuration looks like this:

$ ip route
default via 111.11.111.9 dev wan1 
192.168.10.0/24 dev lan1 proto kernel scope link src 192.168.10.1 
192.168.20.0/24 dev lan2 proto kernel scope link src 192.168.20.1 
111.11.111.0/28 dev wan1 proto kernel scope link src 111.11.111.2 
222.22.222.8/29 dev wan2 proto kernel scope link src 111.11.111.10

$ ip route show table 100
default via 111.11.111.1 dev wan1 proto static 

$ ip route show table 200
default via 222.22.222.9 dev wan2 proto static 

$ ip rule show
0:  from all lookup local
32764:  from 222.22.222.8/29 lookup 200 proto static
32765:  from 111.11.111.0/28 lookup 100 proto static
32766:  from all lookup main
32767:  from all lookup default
routing