trouble with nat in debian 10

doughyi8u · 12-01-2019, 07:49 PM

I have a Debian firewall running nat. I can connect to the internet from the firewall and can hit the outside network from a windows pc connected to the second (internal) interface of the firewall. The problem is, when I try to use a Linux computer (I have a pc and a laptop both running Debian)I can only ping the address of the inside card of the firewall but not anything past it. Traceroute will fail before it even gets to the firewall.

pan64 · 12-02-2019, 02:47 AM

there are 2 cases:
1. need to configure network on the linux box
2. need to configure the router.
But without details hard to say anything.

doughyi8u · 12-02-2019, 08:17 AM

That's what's confusing me. Everything is right when I have a windows computer running to the Linux firewall but when I use one of two Linux computers it fails. So I know the firewall is configured right. I have changed nothing between the tests of windows or Linux.

michaelk · 12-02-2019, 08:28 AM

How are the debian systems configured? DHCP or static IP address.

Can you ping outside your LAN using an IP address versus URL? Try ping google i.e
ping 172.217.12.78

doughyi8u · 12-02-2019, 08:34 AM

Static, the same as the windows computers. And yes, I'm able to ping the inside interface on the Linux router. I looked at the routing tables in the Linux computers and still same results. I checked that it's not DNS too by pinging ip addresses on the internet instead of hostnames.

michaelk · 12-02-2019, 08:54 AM

Did you configure the static IP address using network manager or the interfaces file?

doughyi8u · 12-02-2019, 08:56 AM

interfaces file

michaelk · 12-02-2019, 09:09 AM

If network manager is still running it could override the interfaces file.

doughyi8u · 12-02-2019, 09:13 AM

I checked that network manager wasn't running and still get the same results

michaelk · 12-02-2019, 09:36 AM

Please post your interfaces file.

doughyi8u · 12-02-2019, 09:47 AM

Code:

auto lo
iface lo inet loopback

allow-hotplug eno1
iface eno1 inet static
    address 192.168.1.2
    netmask 255.255.255.0
    gateway 192.168.0.1

allow-hotplug ens2
iface ens2 inet static
    address 192.168.0.2
    netmask 255.255.255.0
    gateway 192.168.0.1

michaelk · 12-02-2019, 09:53 AM

I assume that is the firewall? What about your debian PC and laptop?

You only need the gateway defined on the WAN interface.

In my other posts I did not specify which computer I was referencing.

doughyi8u · 12-02-2019, 10:03 AM

the interface file from the last post was from the PC that is connected to the inside of the firewall. It's frustrating because it will work fine with windows and then when I simply remove the ethernet cable from the windows computer and plug it into any of the debian computers on the inside it will ping the interface of the firewall fine but nothing past it. So I know the firewall is right, or at least assume it is since it works fine with the windows pc.

michaelk · 12-02-2019, 10:53 AM

I would disable the unused network adapter and see what happens.
Post the output of the command
ip route show

TedHornsby84 · 12-02-2019, 11:34 PM

Maybe you don't have nft rules setup to handle incoming packets from your Debian desktop?

Is netfilter configured to recognize all traffic coming from within your internal LAN subnet the same or solely based on specific IP addresses?