Name resolution for dummy interfaces - linux

I've a virtual NIC of type NAT on my Ubuntu 20.04 virtual machine which connects it to the internet via host. For some processing, I need to route all incoming and outgoing packets via a program I've to write. For example, assume that I've to drop some packets and don't let them go out of the VM.
For this, I created a dummy interface with the following:
modprobe dummy
ip link add tun0 type dummy
ifconfig tun0 up
For all traffics not to go directly through the NIC, I added:
ip route add default dev tun0
Now everything is ok. For example when I
ping 4.2.2.4
, I see that the ping is not answered when my program is not running and is answered properly when it's running. The program works like a bridge between enp0s3 and tun0 for now. The whole traffic is routing through my program. Just a problem exists, name resolution. That's when I
ping google.com
, the name can't be resolved. The route table now is as follows:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
0.0.0.0 10.0.2.2 0.0.0.0 UG 20100 0 0 enp0s3
10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp0s3
Of couse if I
sudo route del default
, the name resolution takes place via the NAT adapter through the host properly. Please let me know what's wrong with the name resolution in this situation.

Related

Linux Raspi OS, DNS lookup fails despite internet connection with OpenVPN private VPS

Setup :
I have a raspi OS (v10) with a Sixfab IOT hat for NBIOT connections. The Sixfab works over PPP0, which is a USB link.
Issue:
I have DNS issues with my LTE connection when the module is already connected and working.
My internet connection is established and I test using the following parameters.
ping 8.8.8.8
Returns ICMP packets
ping google.com
ping: google.com: Name or service not known
I don't get why my DNS wont connect so I went and manually assigned DNS network to google.
sudo nano /etc/resolv.conf
*** File editor
nameserver 8.8.8.8
nameserver 1.1.1.1
On checking my routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
0.0.0.0 192.168.174.233 0.0.0.0 UG 304 0 0 wlan0
10.8.0.1 10.8.0.13 255.255.255.255 UGH 0 0 0 tun0
10.8.0.13 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
169.254.0.0 0.0.0.0 255.255.0.0 U 225 0 0 wwan0
192.168.174.0 0.0.0.0 255.255.255.0 U 304 0 0 wlan0
If my routing table did not work I would not be able to ping. I tried changing the default route to wwan0 interface using sudo IP route add 0.0.0.0/0 dev wwan0 but that just makes the internet unreachable ( makes sense as it has to go through the point protocol)
My route lists
pi#raspberrypi:~ $ ip route
default dev ppp0 scope link
10.8.0.1 via 10.8.0.13 dev tun0
10.8.0.13 dev tun0 proto kernel scope link src 10.8.0.14
10.64.64.64 dev ppp0 proto kernel scope link src 10.200.143.221
169.254.0.0/16 dev wwan0 scope link src 169.254.198.107 metric 225
Just on a side note, the 10.8.0.1 is set by an OpenVPN client that I am running to connect to a server, that is a private VPS(On testing i see that the openVPN when disconnected my DNS issues are resolved).
Narrowing the issue:
Seems like the OpenVPN client has some kind of issue that does not automatically skip it, to go and resolve on the public network.
After a ton of troubleshooting, i had dig deeper into the OpenVPN configurations.
On the Server End on OpenVPN-server configuration file add the following line, this makes sure that the DNS option is set even after connecting to the private network i use 8.8.8.8 that is google DNS
# DNS Push
push "dhcp-option DNS 8.8.8.8"

Access internet with second (or multiple) NIC in Azure

I have a VM in Azure with Ubuntu 19.04 and 4 NICs, each one has a public IP attached to it, as an example, this is the second NIC:
As you can see, it has public IP 191.234.186.19.
My objective is to be able to access the internet from each NIC with a different IP address, but inside the VM I'm only able to access it with the first network eth0.
Looking at # route -n I get this output:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.1 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
168.63.129.16 10.0.0.1 255.255.255.255 UGH 100 0 0 eth0
169.254.169.254 10.0.0.1 255.255.255.255 UGH 100 0 0 eth0
I tried to add routes for the other NICs with the following commands:
sudo ip route add default via 10.0.0.1 dev eth1 metric 101
sudo ip route add default via 10.0.0.1 dev eth2 metric 102
sudo ip route add default via 10.0.0.1 dev eth3 metric 103
But again I still can't connect to the internet with these NICs, only eth0.
Am I missing something? Should I need to change/configure anything else to make this work?
For completeness, I'm using this command to test the connectivity:
curl --interface eth1 api.ipify.org?format=json -w "\n"
And my VM is the same as the one in this article: article
I suspect you might need to
1) define new routing tables for your 2nd, 3rd and 4th interface,
2) add default routes to those tables
3) and define rules to ensure return packets always get routed back into the same interface the originating packets were sent from.
There are a few examples out there for your reference (for example this and this).
I'll just point out a couple of points that you might find helpful when setting this up for your specific case:
iproute allows you to maintain multiple routeing tables. To instruct the OS to utilise different routing tables you need to define rules that in most simplistic form will enforce the use of routing table corresponding to the interface that initiated the connection.
It looks like only eth0 has a default gateway. You cannot comunicate outside the local network without a default gateway

Redirect only web requirements through VPN

I have a linux server with Debian and I have set a VPN. This is the route output
10.129.21.229 * 255.255.255.255 UH 0 0 0 tun0
10.129.0.1 10.129.21.229 255.255.255.255 UGH 0 0 0 tun0
167.114.184.0 * 255.255.255.0 U 0 0 0 venet0
default * 0.0.0.0 U 0 0 0 venet0
For yet I can use this command after launched the VPN to pass all the connection for a single ip through the vpn
route add -net 37.187.134.184 netmask 255.255.255.255 dev tun0
but i want to pass through the VPN all the web requirements (all the ip with port 80).
I can't pass all my traffic because if I do that than I couldn't no more connect to my server using SSH.
I can't think of how to do this with a single interface. You could try plumbing up a virtual interface and then do your routing that way.
Basically, create a new interface with something along the lines of
ifconfig eth0:1 10.0.0.10
and then take a look at this page here.
http://www.linuxhorizon.ro/iproute2.html
There is a pretty good walkthrough there. Set up your VPN route over the virtual interface and direct ports 80 and 443 to that. The rest should be able to default route. You can add ports as you find they're needed, like for IM.
-mS

Route setup for same destination through different gateway and different interface

I have the following routes for eth5 in my Redhat.
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.8.0 10.185.2.14 255.255.255.0 UG 0 0 0 eth5
10.0.10.0 10.185.2.14 255.255.255.0 UG 0 0 0 eth5
I need to add 3 routes to eth4.
10.0.8.0/24 via 10.185.130.14 dev eth4
10.0.10.0/24 via 10.185.130.14 dev eth4
10.0.12.0/24 via 10.185.130.14 dev eth4
The following command prompted the error message.
$ ip route add 10.0.8.0/24 via 10.185.130.14 dev eth4
RTNETLINK answers: File exists
What is the correct approach to set up those routes? Thanks in advance.
You already have a route to 10.0.8.0/24 and to 10.0.10.0/24. This causes error you're seeing.
So first, remove existing routes:
$ ip route del 10.0.8.0/24 via 10.185.2.14 dev eth5
$ ip route del 10.0.10.0/24 via 10.185.2.14 dev eth5

Cannot ping default gateway linux in vmware

I have a virtual network which is vmnet2 using the 10.0.2.0/24 network, I want my Linux server to be able to ping the default gateway.
I have set the Linux eth1 values to be
IPADDR="10.0.2.50"
NETMASK="255.255.255.0"
BOOTPROTO="none"
ONBOOT="yes"
In the etc/sysconfig/network
GATEWAY="10.0.2.1"
However, when I attempt to ping 10.0.2.1 the destination host is unreachable. I've restarted the network with service network restart but to no avail.
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.2.0 255.255.255.0 U 1 0 0 eth1
default 10.0.2.1 0.0.0.0 UG 0 0 eth1
The first row is the ipaddress and the second is the default gateway
Please make sure below,
Bridge the connection from your desktop .
You should be able to ping your Virtual machine IP from the parent machine where you have hosted the same.
Make sure you should not have any iptables rules configured that are constraing your connectivity.
This seems to enough , i have made similar setup recently.
Thanks,
Jain
You should add DEFROUTE=no in your eth1 configuration.

Resources