1

I work at home and have work equipment.

They are installed in the work LAN, on a switch, itself connected to a server with a DHCP server (on 10.7.37.0/24) and routing with the personal LAN.

The internet comes from a router which is a DHCP server (on 192.168.0.0/24). This LAN is for personal equipment.

Now the equipments on the work LAN can't reach the internet. I've run tcpdump at the equipment, at the work/personal LAN router, at the WAN/personal LAN router, and the remote server on the internet.

I can see the packets leaving the equipment, passing through the first router and through the second router. However I don't see them reaching the online server.

I also don't see the packets coming back from the internet.

Equipments in work LAN can ping the personal equipments just fine.

Where would be the routing issue?

Here's the network map:

   Device
eth0 10.7.37.2
  |
  |
eth1 10.7.37.1 (DHCP server)
   Router 1 - DHCP server for devices on 10.7.37.0/24
wls1 192.168.0.14 (DHCP client)
  |
  |
br0 192.168.0.1
   Router 2 - DHCP server for devices on 192.168.0.0/24
vlan2 xx.xx.xx.xx public internet IP
  |
  |
Internet

Routing table on router 1:

default via 192.168.0.1 dev wls1
default via 10.7.37.10 dev eth1 metric 1
10.7.37.0/24 dev eth1 proto kernel scope link src 10.7.37.10
192.168.0.0/24 dev wls1 proto kernel scope link src 192.168.0.14

On router 2:

default via xx.xx.xx.1 dev vlan2
10.7.37.0/24 via 192.168.0.14 dev br0
xx.xx.xx.0/24 dev vlan2  proto kernel  scope link  src 47.152.241.191
127.0.0.0/8 dev lo  scope link
169.254.0.0/16 dev br0  proto kernel  scope link  src 169.254.255.1 192.168.0.0/24 dev br0  proto kernel  scope link  src 192.168.0.1

On device:

default via 10.7.37.10 dev eth0 
9.9.9.9 via 10.7.37.10 dev eth0 
10.7.37.0/24 dev eth0  proto kernel  scope link  src 10.7.37.20 
10.7.37.10 dev eth0  scope link 
192.168.0.14 via 10.7.37.10 dev eth0
Benoit Duffez
  • 164
  • To get a precise answer, you would need to provide all configurations - IP of the NICs, gateways, access control lists on the routers, NATing rules on the routers. – ETL Sep 12 '19 at 23:52
  • A simple diagram would be helpful too – Ron Trunk Sep 13 '19 at 00:09
  • Of course guys sorry. I have added some information. – Benoit Duffez Sep 13 '19 at 00:19
  • Why do you have such a setup? Wouldn't it be easier to have all of the machines on the same network or to use VLAN's if you need to keep them segregated? – joeqwerty Sep 13 '19 at 01:44
  • @joequerty I don't know it didn't seem that hard. Also I went to understand why this works and how to make it work, if possible – Benoit Duffez Sep 13 '19 at 02:08

1 Answers1

1

Routing seems to be OK and you are saying that tcpdump shows packets passing trough the routers R1 and R2. Only issue i can see here is the NAT, you have to SNAT or MASQUERADE on R2. If its a linux box with something like:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
vx3r
  • 408
  • What is eth0 in your example? It not in my routing tables of R2 and I don't believe it's physically plugged to the internal Network. Do you mean br0? Neither work :( – Benoit Duffez Sep 13 '19 at 03:38
  • Also there is no POSTROUTING chain in iptables -nL, is this some kind of virtual chain that is not listed? – Benoit Duffez Sep 13 '19 at 03:50
  • eth0 in my example is your vlan2, internet facing interface – vx3r Sep 13 '19 at 04:00
  • That was it thank you so much. I guess I need to read about MASQUERADE. Thank you so much, I will learn something today. – Benoit Duffez Sep 13 '19 at 04:10