Network Diagram

[ISP] <-> [gateway] <-> (lan 1) <-> [Debian 10 desktop] <-> (lan 2) <-> [DNS Box]

• Lan 1: 192.168.0.X/24

• Lan 2: 192.168.1.X/24

• DNS Box has static IP 192.168.1.8/24

• It is connected via a crossover ethernet cable to my Debian 10 desktop, using its native eth port/interface and a USB eth interface on the Debian 10 box

• The Debian 10 box is then connected to the lan 1 network using its native eth interface/port

• Lan 1 contains a bunch of switches, all which connect to my ISP provided router, which is the gateway to the WAN

Typical Setup, reason why this one is different/weird

Typically my DNS box is on the same network as Lan 1. Usually I just plug it into the switch, then tell my Debian 10 machine to look for the DNS info at the ip 192.168.1.8. Usually I am on a network where all the devices are connected via switches, and are all on network 192.168.1.X.

However I temporarily moved elsewhere where the local lan is on 192.168.0.X, so I can't plug the DNS box into a switch.

Hence I set up a new static network to connect it to the Debian 10 box, using a spare USB adapter. I can ssh into it.

However it is not working as a DNS server. This is probably because:

• although DNS requests may currently being sent to it (I don't know if they are or not as I don't know how to test this)
• I don't think the DNS box knows how to access DNS servers on the WAN / wider internet, because it probably does not have a route to the wider internet
• In order to get this it probably needs me to set up my Debian 10 box as a router, to route traffic from the network 192.168.1.X/24 to 192.168.0.X/24

However please note the first bullet in that list, I am not sure if my hunch is correct here. It might be the case that what I am trying to do is impossible.

My current config / what I tried

• Debian 10 box has 2 wired network interfaces, they are connected as follows

  • Interface A: "Eth DHCP"
  • "Automatic (DHCP) Addresses Only"
  • 192.168.0.22/24

  • DNS Servers: 192.168.1.8

  • Interface B: "Eth DNS Box Static"

  • "Manual"
  • 192.168.1.1/24
  • Gateway: left blank (?)
  • DNS Servers: blank/none

Next steps

At present I am not currently sure what diagnostics steps I should take.

Solution

• Change to root user and run echo 1 > /proc/sys/net/ipv4/ip_forward

Setup iptables as follows:

• sudo iptables -L (currently blank)
• sudo iptables --table nat --append POSTROUTING --out-interface enp3s0f2 -j MASQUERADE
• sudo iptables --append FORWARD --in-interface enx0050b668976b0j ACCEPT

This command failed because the network interface name enx0050b668976b0j is too long

• Tried changing this with a udev rule - that didn't appear to work

• Info here: https://unix.stackexchange.com/questions/396382/how-can-i-show-the-old-eth0-names-and-also-rename-network-interfaces-in-debian-9#396383

• Changed using iproute2, this may be temporary, not sure at the present time

• sudo ip link set enx0050b668976b down
• sudo ip link set enx0050b668976b name eth1
• sudo ip link set eth1 up

Then ran

• sudo iptables --append FORWARD --in-interface eth1 -j ACCEPT

Info for iptables from https://www.howtoforge.com/nat_iptables

Testing

• ssh'd into my DNS server, pinged 192.168.1.1 (next hop / debian box), 192.168.0.1 (next next hop / ISP router), 8.8.8.8 and google.com, all working ok
• Changed some settings on debian network config, including interface names, due to renaming interface to eth1, other than this all settings were fine
• Went to a few websites on the debian machine, all working ok

Output from sudo iptables -L

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere