1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • Re: IP Masquerade failing

    From john doe@21:1/5 to Timothy M Butterworth on Thu Oct 31 09:50:02 2024
    On 10/31/24 07:17, Timothy M Butterworth wrote:
    3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
    state DOWN
    mode DEFAULT group default qlen 1000
    link/ether 52:54:00:78:fb:ce brd ff:ff:ff:ff:ff:ff
    4: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN
    mode DEFAULT group default qlen 1000
    link/ether 00:00:00:00:11:f1 brd ff:ff:ff:ff:ff:ff


    Note "<NO-CARRIER," for eth0 and the bridge!

    cat /proc/sys/net/ipv4/ip_forward
    1


    Why do you need to do it manually?

    I would think that the front-end that you use would do that.

    sudo firewall-cmd --zone=drop --query-masquerade
    yes

    ip addr

    4: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN
    group default qlen 1000
    link/ether 00:00:00:00:11:f1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 scope global eth0
    valid_lft forever preferred_lft forever


    [snip]

    ping -4I eth0 www.google.com
    PING www.google.com (64.233.180.105) from 192.168.1.1 eth0: 56(84) >
    bytes of
    data.
    --- www.google.com ping statistics ---
    16 packets transmitted, 0 received, 100% packet loss, time 15349ms
    pipe 4

    As you can see here pinging google from eth0 fails. If masquerading was working then ping would be successful.

    Is your interface properly connected/configured?

    You are using a virtual bridge, which might implies that the
    masquerading by Libvirt


    I am able to ping www.google.com from my virtual machine which is also
    setup with ip masquerading.


    How so?

    Are you doing double masquerading?


    Can ip masquerading work on two different interfaces at the same time?

    Yes.


    HTH.

    --
    John Doe

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Anssi Saari@21:1/5 to Timothy M Butterworth on Thu Oct 31 09:50:02 2024
    Timothy M Butterworth <[email protected]> writes:

    As you can see here pinging google from eth0 fails. If masquerading was working then ping would be successful.

    Well, if it helps, I don't have external accress on my router via the
    inside interface either. Works from the LAN hosts though.

    Can ip masquerading work on two different interfaces at the same time?

    At least for two external interfaces it works fine. I don't see why it
    wouldn't work for internal ones too. But what's really the question here?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From [email protected]@21:1/5 to Anssi Saari on Thu Oct 31 10:10:01 2024
    On Thu, Oct 31, 2024 at 10:48:52AM +0200, Anssi Saari wrote:
    Timothy M Butterworth <[email protected]> writes:

    As you can see here pinging google from eth0 fails. If masquerading was working then ping would be successful.

    I'm late to the party, but did you take into account that masquerading
    ICMP (ping) is not necessarily the same than masquerading TCP?

    Cheers
    --
    t

    -----BEGIN PGP SIGNATURE-----

    iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZyNImwAKCRAFyCz1etHa RiF0AJ48x3/rqkX8iPVPcdzH0OzxBxlPlgCfQtEykE3rv+lNyr3tMBxeHeQBzgU=
    =Rau2
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Wright@21:1/5 to [email protected] on Thu Oct 31 15:40:01 2024
    On Thu 31 Oct 2024 at 10:06:42 (+0100), [email protected] wrote:
    On Thu, Oct 31, 2024 at 10:48:52AM +0200, Anssi Saari wrote:
    Timothy M Butterworth <[email protected]> writes:

    As you can see here pinging google from eth0 fails. If masquerading was working then ping would be successful.

    I'm late to the party, but […]

    Seriously?!

    The OP posted at 06:17, and this was posted at 09:06, (UTC).
    That's quarter past one and four o'clock in the middle of the night here.

    Cheers,
    David.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)