I have a linux server with Debian and I have set a VPN. This is the route output
10.129.21.229 * 255.255.255.255 UH 0 0 0 tun0
10.129.0.1 10.129.21.229 255.255.255.255 UGH 0 0 0 tun0
167.114.184.0 * 255.255.255.0 U 0 0 0 venet0
default * 0.0.0.0 U 0 0 0 venet0
For yet I can use this command after launched the VPN to pass all the connection for a single ip through the vpn
route add -net 37.187.134.184 netmask 255.255.255.255 dev tun0
but i want to pass through the VPN all the web requirements (all the ip with port 80).
I can't pass all my traffic because if I do that than I couldn't no more connect to my server using SSH.
I can't think of how to do this with a single interface. You could try plumbing up a virtual interface and then do your routing that way.
Basically, create a new interface with something along the lines of
ifconfig eth0:1 10.0.0.10
and then take a look at this page here.
http://www.linuxhorizon.ro/iproute2.html
There is a pretty good walkthrough there. Set up your VPN route over the virtual interface and direct ports 80 and 443 to that. The rest should be able to default route. You can add ports as you find they're needed, like for IM.
-mS
Related
Setup :
I have a raspi OS (v10) with a Sixfab IOT hat for NBIOT connections. The Sixfab works over PPP0, which is a USB link.
Issue:
I have DNS issues with my LTE connection when the module is already connected and working.
My internet connection is established and I test using the following parameters.
ping 8.8.8.8
Returns ICMP packets
ping google.com
ping: google.com: Name or service not known
I don't get why my DNS wont connect so I went and manually assigned DNS network to google.
sudo nano /etc/resolv.conf
*** File editor
nameserver 8.8.8.8
nameserver 1.1.1.1
On checking my routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
0.0.0.0 192.168.174.233 0.0.0.0 UG 304 0 0 wlan0
10.8.0.1 10.8.0.13 255.255.255.255 UGH 0 0 0 tun0
10.8.0.13 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
169.254.0.0 0.0.0.0 255.255.0.0 U 225 0 0 wwan0
192.168.174.0 0.0.0.0 255.255.255.0 U 304 0 0 wlan0
If my routing table did not work I would not be able to ping. I tried changing the default route to wwan0 interface using sudo IP route add 0.0.0.0/0 dev wwan0 but that just makes the internet unreachable ( makes sense as it has to go through the point protocol)
My route lists
pi#raspberrypi:~ $ ip route
default dev ppp0 scope link
10.8.0.1 via 10.8.0.13 dev tun0
10.8.0.13 dev tun0 proto kernel scope link src 10.8.0.14
10.64.64.64 dev ppp0 proto kernel scope link src 10.200.143.221
169.254.0.0/16 dev wwan0 scope link src 169.254.198.107 metric 225
Just on a side note, the 10.8.0.1 is set by an OpenVPN client that I am running to connect to a server, that is a private VPS(On testing i see that the openVPN when disconnected my DNS issues are resolved).
Narrowing the issue:
Seems like the OpenVPN client has some kind of issue that does not automatically skip it, to go and resolve on the public network.
After a ton of troubleshooting, i had dig deeper into the OpenVPN configurations.
On the Server End on OpenVPN-server configuration file add the following line, this makes sure that the DNS option is set even after connecting to the private network i use 8.8.8.8 that is google DNS
# DNS Push
push "dhcp-option DNS 8.8.8.8"
I've a virtual NIC of type NAT on my Ubuntu 20.04 virtual machine which connects it to the internet via host. For some processing, I need to route all incoming and outgoing packets via a program I've to write. For example, assume that I've to drop some packets and don't let them go out of the VM.
For this, I created a dummy interface with the following:
modprobe dummy
ip link add tun0 type dummy
ifconfig tun0 up
For all traffics not to go directly through the NIC, I added:
ip route add default dev tun0
Now everything is ok. For example when I
ping 4.2.2.4
, I see that the ping is not answered when my program is not running and is answered properly when it's running. The program works like a bridge between enp0s3 and tun0 for now. The whole traffic is routing through my program. Just a problem exists, name resolution. That's when I
ping google.com
, the name can't be resolved. The route table now is as follows:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
0.0.0.0 10.0.2.2 0.0.0.0 UG 20100 0 0 enp0s3
10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp0s3
Of couse if I
sudo route del default
, the name resolution takes place via the NAT adapter through the host properly. Please let me know what's wrong with the name resolution in this situation.
I have a VM in Azure with Ubuntu 19.04 and 4 NICs, each one has a public IP attached to it, as an example, this is the second NIC:
As you can see, it has public IP 191.234.186.19.
My objective is to be able to access the internet from each NIC with a different IP address, but inside the VM I'm only able to access it with the first network eth0.
Looking at # route -n I get this output:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.1 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
168.63.129.16 10.0.0.1 255.255.255.255 UGH 100 0 0 eth0
169.254.169.254 10.0.0.1 255.255.255.255 UGH 100 0 0 eth0
I tried to add routes for the other NICs with the following commands:
sudo ip route add default via 10.0.0.1 dev eth1 metric 101
sudo ip route add default via 10.0.0.1 dev eth2 metric 102
sudo ip route add default via 10.0.0.1 dev eth3 metric 103
But again I still can't connect to the internet with these NICs, only eth0.
Am I missing something? Should I need to change/configure anything else to make this work?
For completeness, I'm using this command to test the connectivity:
curl --interface eth1 api.ipify.org?format=json -w "\n"
And my VM is the same as the one in this article: article
I suspect you might need to
1) define new routing tables for your 2nd, 3rd and 4th interface,
2) add default routes to those tables
3) and define rules to ensure return packets always get routed back into the same interface the originating packets were sent from.
There are a few examples out there for your reference (for example this and this).
I'll just point out a couple of points that you might find helpful when setting this up for your specific case:
iproute allows you to maintain multiple routeing tables. To instruct the OS to utilise different routing tables you need to define rules that in most simplistic form will enforce the use of routing table corresponding to the interface that initiated the connection.
It looks like only eth0 has a default gateway. You cannot comunicate outside the local network without a default gateway
I have 2 local networks (2 offices connected with openvpn)
Network 1:
network 192.168.1.0/24
gateway 192.168.1.101
Network 2:
network 192.168.2.0/24
gateway 192.168.2.10
in network 192.168.1.0/24 I have 2 servers - 192.168.1.180 and 192.168.1.183
first run on Debian 6 and second one on Archlinux (yes, I know it is bad choice for servers). I have no firewall on the servers.
everything works fine, clients from 192.168.2.0 can connect to computers in 192.168.1.0 and back. Except one of servers - 192.168.1.180 (Archlinux). I can't connect to it and can't connect from it to any computer in 192.168.2.0. No ping, no traceroute.
output from 192.168.1.180:
route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.101 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
i run tcpdump on the gateway (192.168.1.101) and ping on 192.168.1.180 and get this:
tcpdump src 192.168.1.180
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:23:57.354061 arp who-has 172.19.155.1 tell 192.168.1.180
14:23:58.357354 arp who-has 172.19.155.1 tell 192.168.1.180
...
why it looks for 172.19.155.1? I don't know what this strange IP means. I have no networks like this, no GW, nothing.
if I run ping on all other computer (for example ping from 192.168.1.183) I get:
tcpdump icmp
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:29:36.834731 IP 192.168.1.183 > 192.168.2.10: ICMP echo request, id 3216, seq 1, length 64
14:29:36.956211 IP 192.168.2.10 > 192.168.1.183: ICMP echo reply, id 3216, seq 1, length 64
No one looks for this strange IP except 192.168.1.180. I cleaned arp table on 192.168.1.180 but nothing helps.
it looks like you have a default gw configuration exists on your server x.180/24 which points to 172.19.155.1. So, the server assumes all the traffic has to go via 172.19.155.1 and trying to resolve the gw. Look for a default gw configuration in your system, something like this
0.0.0.0 0.0.0.0 172.19.155.1
use ip route xxx
You are able to see the packets in x.101/24 because it is an ARP request, which is broadcast MAC and you will see it on all directly connected devices.
Things I would do/check:
Make absolutely sure that I don't have a second interface going somewhere (ifconfig -a should do it)
I know, it's unlikely... but any chance a routing protocol is enabled on that server? You would see the routes in your routing table, though... which I understand is not the case.
Run a grep on /etc and wherever you have config files for 172.19.55.1
Just my 2c.
I've solved the problem. Not really solved, but at least it works now. The server must work 24/7 but it was my last chance and I rebooted it )) All work was stopped for 30 min but it was worthy of it.
I really don't understand wat happened with it. Some mystic problem.
I have a virtual network which is vmnet2 using the 10.0.2.0/24 network, I want my Linux server to be able to ping the default gateway.
I have set the Linux eth1 values to be
IPADDR="10.0.2.50"
NETMASK="255.255.255.0"
BOOTPROTO="none"
ONBOOT="yes"
In the etc/sysconfig/network
GATEWAY="10.0.2.1"
However, when I attempt to ping 10.0.2.1 the destination host is unreachable. I've restarted the network with service network restart but to no avail.
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.2.0 255.255.255.0 U 1 0 0 eth1
default 10.0.2.1 0.0.0.0 UG 0 0 eth1
The first row is the ipaddress and the second is the default gateway
Please make sure below,
Bridge the connection from your desktop .
You should be able to ping your Virtual machine IP from the parent machine where you have hosted the same.
Make sure you should not have any iptables rules configured that are constraing your connectivity.
This seems to enough , i have made similar setup recently.
Thanks,
Jain
You should add DEFROUTE=no in your eth1 configuration.