2
Network Diagram
[ISP] <-> [gateway] <-> (lan 1) <-> [Debian 10 desktop] <-> (lan 2) <-> [DNS Box]
- Lan 1: 192.168.0.X/24
Lan 2: 192.168.1.X/24
DNS Box has static IP 192.168.1.8/24
It is connected via a crossover ethernet cable to my Debian 10 desktop, using its native eth port/interface and a USB eth interface on the Debian 10 box
The Debian 10 box is then connected to the lan 1 network using its native eth interface/port
Lan 1 contains a bunch of switches, all which connect to my ISP provided router, which is the gateway to the WAN
Typical Setup, reason why this one is different/weird
Typically my DNS box is on the same network as Lan 1. Usually I just plug it into the switch, then tell my Debian 10 machine to look for the DNS info at the ip 192.168.1.8. Usually I am on a network where all the devices are connected via switches, and are all on network 192.168.1.X.
However I temporarily moved elsewhere where the local lan is on 192.168.0.X, so I can't plug the DNS box into a switch.
Hence I set up a new static network to connect it to the Debian 10 box, using a spare USB adapter. I can ssh into it.
However it is not working as a DNS server. This is probably because:
- although DNS requests may currently being sent to it (I don't know if they are or not as I don't know how to test this)
- I don't think the DNS box knows how to access DNS servers on the WAN / wider internet, because it probably does not have a route to the wider internet
- In order to get this it probably needs me to set up my Debian 10 box as a router, to route traffic from the network 192.168.1.X/24 to 192.168.0.X/24
However please note the first bullet in that list, I am not sure if my hunch is correct here. It might be the case that what I am trying to do is impossible.
My current config / what I tried
Debian 10 box has 2 wired network interfaces, they are connected as follows
- Interface A: "Eth DHCP"
- "Automatic (DHCP) Addresses Only"
- 192.168.0.22/24
DNS Servers: 192.168.1.8
Interface B: "Eth DNS Box Static"
- "Manual"
- 192.168.1.1/24
- Gateway: left blank (?)
- DNS Servers: blank/none
Next steps
At present I am not currently sure what diagnostics steps I should take.
Solution
- Change to root user and run
echo 1 > /proc/sys/net/ipv4/ip_forward
Setup iptables as follows:
sudo iptables -L
(currently blank)sudo iptables --table nat --append POSTROUTING --out-interface enp3s0f2 -j MASQUERADE
sudo iptables --append FORWARD --in-interface enx0050b668976b0j ACCEPT
This command failed because the network interface name enx0050b668976b0j
is too long
- Tried changing this with a udev rule - that didn't appear to work
Changed using
iproute2
, this may be temporary, not sure at the present timesudo ip link set enx0050b668976b down
sudo ip link set enx0050b668976b name eth1
sudo ip link set eth1 up
Then ran
sudo iptables --append FORWARD --in-interface eth1 -j ACCEPT
Info for iptables from https://www.howtoforge.com/nat_iptables
Testing
- ssh'd into my DNS server, pinged
192.168.1.1
(next hop / debian box),192.168.0.1
(next next hop / ISP router),8.8.8.8
andgoogle.com
, all working ok - Changed some settings on debian network config, including interface names, due to renaming interface to
eth1
, other than this all settings were fine - Went to a few websites on the debian machine, all working ok
Output from sudo iptables -L
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Thanks for this, changed some stuff in my
/etc/dhcpcd.conf
file on the DNS box. Looks like the default route is ok now. How do I write a 1 to/proc/sys/net/ipv4/ip_forward
? Surely this is not a permanent change? Tried opening it with vim but that didn't work. Not sure how I should interact with this file. – user3728501 – 2019-12-25T19:30:50.347Not sure about Debian but
sysctl.conf
ansysctl
man page should help for persistent setting. Useecho 1 > /proc/sys/net/ipv4/ip_forward
for immediate and non-persistent change. – Tomek – 2019-12-25T19:45:58.233Strange, tried that and just got an error
bash: /proc/sys/net/ipv4/ip_forward: Permission denied
. – user3728501 – 2019-12-25T20:09:08.050with
sudo
by the way – user3728501 – 2019-12-25T20:09:22.377Just a guess~ Chmod 777 /proc/sys/net/ipv4/ip_forward (change it back to normal when you are finished) – Tim_Stewart – 2019-12-25T20:25:08.133
Do it as root. And
sudo
would only apply toecho
but not to redirection which is done in current shell as current user. And I am also not sure chmod would work on any file in /proc. – Tomek – 2019-12-25T20:44:16.387Ok that seems to be working - do you have any advice regarding how to get started with NAT on my debian system? Even if it's just some potential software I can use for this. I couldn't find any guides online, it's a tricky thing to search for since most of the info is regarding nat problems on routers. You were right, my ISP router doesn't seem to have the required options. – user3728501 – 2019-12-26T00:18:13.000
Hey, it works, I will add a bit more info to my question – user3728501 – 2019-12-26T00:42:35.583