3 NICs configuration

lebernd · 30. Juni 2015

Hello,

I made this setup:
- one NIC is connected to my internet gateway with a static LAN address, let's say 192.168.10.5
- the two other NICs are a configured as BOND connected to my desktop computer.
- I have configured this interface (OMV) as, let's say, 192.168.20.1/255.255.255.252, the desktop: 192.168.20.2/...

Like this I have to enable wlan on my desktop to reach the 192.168.10.x network and the internet.

Question: what would be the best way to configure the setting so that I don't have to enable the wlan on my desktop?

Thank you,
Bernd

subzero79 · 30. Juni 2015

I would first try by defining the default route in the desktop.

Like
ip route add default via 192.168.20.1 dev bond0

see if you can ping 8.8.8.8, if not I guess you need forwarding iptables rule
to the exit internet nic at omv.

lebernd · 30. Juni 2015

Thank you!

I get easily confused with the routes...

- I already thought of a forwarding rule on OMV, but all my search results so far get me to a real gateway configuration which seams unnecessary to me as I have a gateway installed and the different LANs can be connected without further security features. You have a code suggestion for one or two simple forwarding roles?

I have uncommented in '/etc/sysctl.conf' the line

Code

net.ipv4.ip_forward=1

- but I guess that it is not enough?

- I don't really understand your proposal of a desktop route though. The bond0 is prioritized already... and there is no gateway defined in OMV?!

- A perhaps stupid question: would it be possible to just assign static LAN1 addresses like 192.168.10.6/7 on OMV and the desktop? But that too, I would get confused with the netmasks I guess...

lebernd · 30. Juni 2015

something like this?

Code

iptables -I FORWARD -i eth0 -o bond0 -j ACCEPT
iptables -I FORWARD -i bond0 -o eth0 -j ACCEPT

I did, but I missed something, it's not working.

subzero79 · 1. Juli 2015

Zitat von lebernd

but I guess that it is not enough?

You probably need to restart

Zitat von lebernd

- I don't really understand your proposal of a desktop route though. The bond0 is prioritized already... and there is no gateway defined in OMV?!

Prioritised in line, but is the default ? default mean internet exit. In OMV if you set a static ip you also need to define the exit gateway to the internet (router ip usually).
This about giving internet through the bond0 interface to the desktop right ?

lebernd · 16. Juli 2015

I'm reading the iptables tutorial and a LINUX Book... I guess I need something like:

Code

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

to add?

Well I added a picture of my network - perhaps it is clarifying something...

Help still appreciated.

BTW: I installed iptables-permanent, will it conflict with the OMV scripts?

subzero79 · 17. Juli 2015

Zitat von lebernd

I installed iptables-permanent, will it conflict with the OMV scripts?

Which scripts? the iptables UI in omv is pretty limited i wouldn't use it. Use custom script

Zitat von lebernd

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

You need also a FWD rule

IF LAN2 (10.10.10.0/24) and LAN2 (10.10.20.0/24)

iptables -t filter -A FORWARD -s 10.10.10.0/24 -d 10.10.20.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -d 10.10.20.0/24 -j MASQUERADE

But i still don't know, i don't have esxi, is complex not being the one setting up the network. There is in IRC freenode a channel called #networking and #Netfilter (iptables), you can probably have more luck there

lebernd · 11. September 2015

well just if someone will run into this:

after a few weeks not bothering I found this:
https://www.debian-administrat…p_a_simple_Debian_gateway
the script has some (two) mistakes I guess:
- one I've found myself, so you will too
- with the other one helped: https://forum.ubuntuusers.de/t…les-problem-bad-argument/

https://forum.ubuntuusers.de/t…les-problem-bad-argument/so that worked for me. I have to restart the script manually on reboot right now. I will figure it out in some months...

Jetzt mitmachen!