[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

IP Masquerade failing

hello,

I am trying to get ip masquerading working with no luck. Interface wlo1 is in the drop zone and is the internet facing network interface. Interface eth0 is in the public zone and is the internal facing interface.

ip link
2: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
   link/ether d8:c0:a6:f4:cb:fd brd ff:ff:ff:ff:ff:ff
   altname wlp2s0
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
   link/ether 52:54:00:78:fb:ce brd ff:ff:ff:ff:ff:ff
4: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
   link/ether 00:00:00:00:11:f1 brd ff:ff:ff:ff:ff:ff

cat /proc/sys/net/ipv4/ip_forward
1

sudo firewall-cmd --zone=drop --query-masquerade
yes

ip addr

4: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
   link/ether 00:00:00:00:11:f1 brd ff:ff:ff:ff:ff:ff
   inet 192.168.1.1/24 scope global eth0
      valid_lft forever preferred_lft forever

ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.073 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.113 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.113 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.115 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=0.112 ms
^C
--- 192.168.1.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4072ms
rtt min/avg/max/mdev = 0.073/0.105/0.115/0.016 ms

ping -4 www.google.com
PING www.google.com (64.233.180.106) 56(84) bytes of data.
64 bytes from on-in-f106.1e100.net (64.233.180.106): icmp_seq=1 ttl=51 time=185 ms
64 bytes from on-in-f106.1e100.net (64.233.180.106): icmp_seq=2 ttl=51 time=247 ms
64 bytes from on-in-f106.1e100.net (64.233.180.106): icmp_seq=3 ttl=51 time=182 ms
64 bytes from on-in-f106.1e100.net (64.233.180.106): icmp_seq=4 ttl=51 time=249 ms
64 bytes from on-in-f106.1e100.net (64.233.180.106): icmp_seq=5 ttl=51 time=687 ms
^C
--- www.google.com ping statistics ---
6 packets transmitted, 5 received, 16.6667% packet loss, time 5003ms
rtt min/avg/max/mdev = 182.048/309.982/687.217/190.777 ms

ping -4I eth0 www.google.com
PING www.google.com (64.233.180.105) from 192.168.1.1 eth0: 56(84) bytes of data.
--- www.google.com ping statistics ---
16 packets transmitted, 0 received, 100% packet loss, time 15349ms
pipe 4

As you can see here pinging google from eth0 fails. If masquerading was working then ping would be successful.

I am able to ping www.google.com from my virtual machine which is also setup with ip masquerading.

Can ip masquerading work on two different interfaces at the same time?

Thanks

Tim
--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀
Reply to: