networking - Forward packets from bonded LAN interface to WAN - Ask Ubuntu


i not able route packets between lan side of ubuntu server , wan side. i'm looking assistance. have 5 ethernet ports on server - 1 onboard (eth0, used wan) , 4 in pci card (eth1-eth4, bonded bond0, used lan). appreciated. in advance.

some ping tests directly-connected windows machine obtained ip via dhcp.

c:\users\mike>ipconfig

windows ip configuration   ethernet adapter ethernet:     connection-specific dns suffix  . : servo.firewall    link-local ipv6 address . . . . . : fe80::ec54:579a:a4b5:991f%9    ipv4 address. . . . . . . . . . . : 10.10.10.108    subnet mask . . . . . . . . . . . : 255.255.255.0    default gateway . . . . . . . . . : 10.10.10.1  ethernet adapter bluetooth network connection:     media state . . . . . . . . . . . : media disconnected    connection-specific dns suffix  . :  wireless lan adapter wi-fi:     media state . . . . . . . . . . . : media disconnected    connection-specific dns suffix  . : hsd1.pa.comcast.net  tunnel adapter teredo tunneling pseudo-interface:     media state . . . . . . . . . . . : media disconnected    connection-specific dns suffix  . :  tunnel adapter isatap.servo.firewall:     media state . . . . . . . . . . . : media disconnected    connection-specific dns suffix  . : servo.firewall

c:\users\mike>ping 10.10.10.1 <- server

pinging 10.10.10.1 32 bytes of data: reply 10.10.10.1: bytes=32 time=15ms ttl=64 reply 10.10.10.1: bytes=32 time<1ms ttl=64 reply 10.10.10.1: bytes=32 time=1ms ttl=64 reply 10.10.10.1: bytes=32 time<1ms ttl=64  ping statistics 10.10.10.1:     packets: sent = 4, received = 4, lost = 0 (0% loss), approximate round trip times in milli-seconds:     minimum = 0ms, maximum = 15ms, average = 4ms

c:\users\mike>ping 10.0.0.1 <- current gateway address on wan

pinging 10.0.0.1 32 bytes of data:  control-c ^c

c:\users\mike>ping yahoo.com <- dns test

ping request not find host yahoo.com. please check name , try again.

c:\users\mike>ping 8.8.8.8 <- public ip test

pinging 8.8.8.8 32 bytes of data: request timed out. request timed out. request timed out.  request timed out.  ping statistics 8.8.8.8:     packets: sent = 4, received = 0, lost = 4 (100% loss),

below information edited attempt working.

/etc/default/ufw

default_forward_policy="accept"

/etc/ufw/sysctl.conf

net.ipv4.ip_forward=1 net/ipv6/conf/default/forwarding=1 net/ipv6/conf/all/forwarding=1

/etc/ufw/before.rules

# nat table rules *nat :postrouting accept [0:0]  # forward traffic through eth0 - change match out-interface -a postrouting -s 10.10.10.0/24 -o eth0 -j masquerade  # don't delete 'commit' line or these nat table rules won't # processed commit

/etc/network/interfaces

auto lo iface lo inet loopback  auto eth0 iface eth0 inet dhcp  auto eth1 iface eth1 inet manual bond-master bond0  auto eth2 iface eth2 inet manual bond-master bond0  auto eth3 iface eth3 inet manual bond-master bond0  auto eth4 iface eth4 inet manual bond-master bond0  auto bond0 iface bond0 inet static address 10.10.10.1 netmask 255.255.255.0 bond-mode broadcast bond-miimon 100 bond-slaves eth1 eth2 eth3 eth4 post-up iptables-restore < /etc/iptables.up.rules post-up ip6tables-restore < /etc/ip6tables.up.rules

ifconfig

bond0     link encap:ethernet  hwaddr 00:26:55:dc:d8:4f           inet addr:10.10.10.1  bcast:10.10.10.255  mask:255.255.255.0           inet6 addr: fe80::226:55ff:fedc:d84f/64 scope:link           broadcast master multicast  mtu:1500  metric:1           rx packets:3209 errors:0 dropped:0 overruns:0 frame:0           tx packets:1362 errors:0 dropped:2 overruns:0 carrier:0           collisions:0 txqueuelen:1000           rx bytes:439418 (439.4 kb)  tx bytes:148509 (148.5 kb)  docker0   link encap:ethernet  hwaddr 02:42:d7:46:11:85           inet addr:172.17.0.1  bcast:0.0.0.0  mask:255.255.0.0           inet6 addr: fe80::42:d7ff:fe46:1185/64 scope:link           broadcast running multicast  mtu:1500  metric:1           rx packets:8 errors:0 dropped:0 overruns:0 frame:0           tx packets:23734 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:0           rx bytes:536 (536.0 b)  tx bytes:1631564 (1.6 mb)  eth0      link encap:ethernet  hwaddr 44:8a:5b:cd:95:56           inet addr:10.0.0.201  bcast:10.0.0.255  mask:255.255.255.0           inet6 addr: fe80::468a:5bff:fecd:9556/64 scope:link            broadcast running multicast  mtu:1500  metric:1           rx packets:362525 errors:0 dropped:0 overruns:0 frame:0           tx packets:134713 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           rx bytes:91216243 (91.2 mb)  tx bytes:48392528 (48.3 mb)  eth1      link encap:ethernet  hwaddr 00:26:55:dc:d8:4f           broadcast slave multicast  mtu:1500  metric:1           rx packets:0 errors:0 dropped:0 overruns:0 frame:0           tx packets:0 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           rx bytes:0 (0.0 b)  tx bytes:0 (0.0 b)           interrupt:34 memory:fe920000-fe940000  eth2      link encap:ethernet  hwaddr 00:26:55:dc:d8:4f           broadcast slave multicast  mtu:1500  metric:1           rx packets:0 errors:0 dropped:0 overruns:0 frame:0           tx packets:0 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           rx bytes:0 (0.0 b)  tx bytes:0 (0.0 b)           interrupt:40 memory:fe900000-fe920000  eth3      link encap:ethernet  hwaddr 00:26:55:dc:d8:4f           broadcast slave multicast  mtu:1500  metric:1           rx packets:0 errors:0 dropped:0 overruns:0 frame:0           tx packets:0 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           rx bytes:0 (0.0 b)  tx bytes:0 (0.0 b)           interrupt:42 memory:fe720000-fe740000  eth4      link encap:ethernet  hwaddr 00:26:55:dc:d8:4f           broadcast slave multicast  mtu:1500  metric:1           rx packets:3209 errors:0 dropped:0 overruns:0 frame:0           tx packets:1362 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           rx bytes:439418 (439.4 kb)  tx bytes:148509 (148.5 kb)           interrupt:44 memory:fe700000-fe720000  lo        link encap:local loopback           inet addr:127.0.0.1  mask:255.0.0.0           inet6 addr: ::1/128 scope:host           loopback running  mtu:65536  metric:1           rx packets:48953 errors:0 dropped:0 overruns:0 frame:0           tx packets:48953 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1           rx bytes:8562847 (8.5 mb)  tx bytes:8562847 (8.5 mb)  vethdcf53dc link encap:ethernet  hwaddr 42:f9:a6:0e:bc:7a           inet6 addr: fe80::40f9:a6ff:fe0e:bc7a/64 scope:link           broadcast running multicast  mtu:1500  metric:1           rx packets:8 errors:0 dropped:0 overruns:0 frame:0           tx packets:23750 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:0           rx bytes:648 (648.0 b)  tx bytes:1634701 (1.6 mb)

sudo iptables -t nat -l -v

chain prerouting (policy accept 2629 packets, 1186k bytes)  pkts bytes target     prot opt in     out     source               destination  chain input (policy accept 125 packets, 32492 bytes)  pkts bytes target     prot opt in     out     source               destination  chain output (policy accept 368 packets, 32186 bytes)  pkts bytes target     prot opt in     out     source               destination  chain postrouting (policy accept 368 packets, 32186 bytes)  pkts bytes target     prot opt in     out     source               destination     0     0 masquerade   --     eth0    10.10.10.0/24        anywhere  chain docker (0 references)  pkts bytes target     prot opt in     out     source               destination

i able working following commands. guess ufw rules weren't sufficient. 

sudo iptables -a forward -i eth0 -o bond0 -j accept  sudo iptables -a forward -i bond0 -o eth0 -j accept  sudo iptables -t nat -a postrouting -o eth0 -j masquerade

Comments

Post a Comment

Popular posts from this blog

download - Firefox cannot save files (most of the time), how to solve? - Super User

this not full duplicate of this question or this question , though base question same. however, questions have no answers. for on half year have problems downloading files firefox. when click on download link, download dialog opened asking me do, save or open it. immediately, there error/warning pop-up (twice, can see 1 @ first) ok button. looks this message : "c:\users\%user%\appdata\local\temp\wbbdv9k8.zip.part not saved because source file not read. try again later or contact server administrator." replace '%user%' name of user trying download. after closing pop-up, download dialog disappears , have minimize firefox , open again, see other pop-up. downloading exact same file internet explorer work, not desired. i tried solutions here . tried solutions here . tried disabling extensions. tried fixing permissions on temp folder. tried making files , folder in profile directory non-readonly. tried running firefox administrator. tried ...
Read more

windows - "-2146893807 NTE_NOT_FOUND" when repair certificate store - Super User

i try repair certificate store in windows 10 doing c:\windows\system32>certutil -store -user ‎330000019dba8d5dddb98062a900000000019d "personal" certutil: -store command failed: 0x80090011 (-2146893807 nte_not_found) certutil: object not found. i have double check mmc, certificate details serial number of certificate. still fail repair certificate store. can please help? i getting same error when trying export pfx. turns out had export c:\cert.pfx instead of cert.pfx (it trying export file cert store ( cert:\localmachine\my ).
Read more