BOFFBOY Posted Wednesday at 12:44 PM Posted Wednesday at 12:44 PM Hello fellow Linux gurus, Seeking for some assistance on this. I have NIC1 on 192.168.100.1/24 network with gateway set as 192.168.100.254 < this cant be changed. with a few PC’s connected to this. And NIC2 on 10.10.10.1/24 with a few devices on this. I want to be able to ping from PC1 connected to NIC1 on 192.168.100.100/24 to devices connected to NIC2 on 10.10.10.100/24 Could someone advise on the route settings I need to configure to make this work please ? 0 Quote
djurny Posted 16 hours ago Posted 16 hours ago Hi there, Not sure if your question is complete, are both NIC1 and NIC2 in the same PC1 ? (NIC being network interface controller/card.) If NIC1 and NIC2 are both in the same computing node, the routes should be there already, if the configuration is plain and not something funky. Can you share the output of `ip a s` and `ip route` ? Also, do you have any firewall enabled? Gr, 0 Quote
BOFFBOY Posted 15 hours ago Author Posted 15 hours ago (edited) Hi there, the 2 NICs are on my RPi Armbian. ip route output. > modified it abit to match but concept is below. default via 10.10.10.254 dev enp4s0 proto static metric 100 169.254.0.0/16 dev enp4s0 scope link metric 1000 192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.10 metric 101 10.10.10.10/24 dev enp4s0 proto kernel scope link src 10.10.10.2 metric 100 I have only PC1 connected to NIC1 with 192.168.100.101 GW - 192.168.100.254 This PC1 can NOT be changed. Device1 on NIC2 10.10.10.100/24 < this have no Gateway as its only a slave device. I need to reach Device1 on NIC2 from the PC1 on NIC1..how is this achieved? I tried /etc/sysctl.conf net.ipv4.ip_forward=1 still missing something… I failed to mention is that I can only modify settings within the Linux box containing the 2 NICs. I need some sort of interlinking NIC1 on 192.168 to forward packets to 10.10 network… Edited 15 hours ago by BOFFBOY 0 Quote
djurny Posted 4 hours ago Posted 4 hours ago Hi there, The `net.ipv4.ip_forward=1` will make the packets coming in on NIC1 be routed/sent to NIC2 due to the destination fitting in the network, but the device on NIC2 will not know how to send return packets to 192.168.100.*/24 as it does not have any fitting directly connected networks. Usually you could use default gateway/route to point them back to the Pi, but you said you cannot configure that. Try the following on the Pi: sudo iptables -t nat -A POSTROUTING -j MASQUERADE -o enp4s0 That should enable NAT on NIC2, which will masquerade any packet sent from NIC2 with "source address" 10.10.10.*/24 which it does know how to talk to. Btw, can you confirm the following was indeed the output of `ip route`: 10.10.10.10/24 dev enp4s0 proto kernel scope link src 10.10.10.2 metric 100 One would expect 10.10.10.0/24 as network instead of 10.10.10.10/24. Groetjes, 0 Quote
BOFFBOY Posted 4 hours ago Author Posted 4 hours ago (edited) Hi all. Thank you all for helping on this. I have created a diagram. - Armbian not rocky. the red box is what I CAN NOT change - no access. I do have access to the Linux box - so I want to be able to ping from PC 1 to Device 1 on 10.10.10.2. Device 1 - do have access to it and configure whatever it needs. Edited 4 hours ago by BOFFBOY 0 Quote
djurny Posted 4 hours ago Posted 4 hours ago Hi there, Ah that diagram changes things a little. You would need to add a route to PC1, so that it knows to send packets for device 1 via 'rocky linux'. sudo route add -net 10.10.10.0/24 gateway 192.168.100.101 That will make sure packets with destination 10.10.10.0/24 will be sent to 'rocky linux'. Then on 'rocky linux' the forwarding should handle forwarding those packages from NIC1 to NIC2. You will have NIC2 masquerade outgoing packets as 10.10.10.1 instead of the real source address 192.168.100.102, so 'device 1' will respond to 10.10.10.1 instead of 192.168.100.102 - as 'device 1' has no default route. Then on 'device 1', packets will arrive from "masqueraded" NIC2 10.10.10.1 and it should respond accordingly. Then on 'rocky linux' responses from 'device 1' will be received on NIC2, conntrack will know where the packet originally came from and send stuff back to 'PC1' This should work, but this is a little messy 🙂 Do ping back here! Groetjes, 0 Quote
BOFFBOY Posted 3 hours ago Author Posted 3 hours ago root@rpi4b:~# sudo route add -net 10.10.10.0/24 gateway 192.168.100.101 sudo: route: command not found root@rpi4b:~# Do i need to add dev eth0 or enp4s0 ? 0 Quote
BOFFBOY Posted 3 hours ago Author Posted 3 hours ago (edited) I have also installed firewalld any ports or routing i should allow ? eg : sudo firewall-cmd --zone=public --add-masquerade ? Edited 3 hours ago by BOFFBOY 0 Quote
djurny Posted 3 hours ago Posted 3 hours ago Hi there, Not sure about the syntax of `firewall-cmd`, but you should only masquerade on the NIC connected to the 10.10.10.0/24 network, as masquerading does have some performance impact to/from that NIC. Seems you need to check which `zones` are defined and create a `zone` to only cover NIC2 on 'rocky linux'. For the `route` command, you can use the "new" `ip route` way: # type on PC1 sudo ip route add 10.10.10.0/24 via 192.168.100.101 This will tell PC1 to throw packets that are destined to reach the 10.10.10.0/24 network towards 'rocky linux''s NIC1. Quote any ports or routing i should allow ? No, masquerading is done on the destination address of the IP packet, it will not change any source/destination port number. Masquerade here uses NAT, port is not translated. Groetjes, 0 Quote
BOFFBOY Posted 2 hours ago Author Posted 2 hours ago (edited) Arhhh still no good. PC1 still can NOT ping 10.10.10.2 root@rpi4b:~# ip route show default via 192.168.100.254 dev eth0 proto static metric 101 10.10.10.0/24 dev enp4s0 proto kernel scope link src 10.10.10.1 metric 100 169.254.0.0/16 dev enp4s0 scope link metric 1000 192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.101 metric 101 root@rpi4b:~# anything needed for ? net.ipv4.ip_forward=1 ? note: NIC2 and Device 1 have no gateway.. dont think it matters right ? Edited 2 hours ago by BOFFBOY 0 Quote
djurny Posted 2 hours ago Posted 2 hours ago Hi there, Ah so PC1 is windows based? You need to set the route to 'rocky linux' on that box. Some googling shows you can add a route on windows: https://www.howtogeek.com/22/adding-a-tcpip-route-to-the-windows-routing-table/. I do not have any Windows PCs around to test this out though. Is your goal to only ping 'device 1' ? I presume that you have other things in mind that just pinging 'device 1' ? Another route you can try is to connect from PC1 to a specific port on 'rocky linux' and then have that port traffic forwarded/NATed to 'device 1'. Have not done that myself ever, but let's see. Groetjes, 0 Quote
djurny Posted 2 hours ago Posted 2 hours ago Hi there, To make it more clear: On PC1: [As administrator] Add a route/hop via 'rocky linux' for packets destined for 10.10.10.0/24 https://www.howtogeek.com/22/adding-a-tcpip-route-to-the-windows-routing-table/ route ADD 10.10.10.0 MASK 255.255.255.0 192.168.100.101 On 'rocky linux' Raspberry Pi: Enable IPv4 forwarding: sudo sysctl -w net.ipv4.ip_forward=1 Add masquerading for NIC2 (10.10.10.1): sudo iptables -t nat -A POSTROUTING -j MASQUERADE -o enp4s0 Or use the firewall-cmd thing, which you posted: sudo firewall-cmd --zone=public --add-masquerade Then try to ping 'device 1' from PC1 once more. The traceroute should show nexthop to be 'rocky linux' for any IP address in the range 10.10.10.0/24 if you configured the route/hop on PC1 correctly. Groetjes, 0 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.