I’m trying to make a very specific setup to where I’m able to block specific IPs on a machine behind my actual router, and essentially isolate all of my computers behind that sub-router, and I’ve been having trouble getting things to work for the past two days or so. All of this is more convoluted than it needs to be, and after trying to research and coming up short, I just decided to ask here.
Essentially, anything on the LAN side of the sub-router receives no internet. I can ping the sub-routers WAN IP and LAN IP from a machine on the LAN side, and I can ping the LAN IP and a machine on the LAN side from the sub-router, but anything outside of that (such as trying to go to a website on the local machine) doesn’t work (And the first time I tested this, I connected the LAN to my network switch, and tried it from my main PC, but it was having some weird issue to where it only assigned one IP over DHCP to my Server PC, and I had to set a static IP for my main PC). As far as I’m aware, I have everything configured properly, and the only two things I really think would be the issue are the networking service erroring when restarting (I’ll show what it says), or iptables being configured incorrectly. I will provide everything I can such as the output of certain commands that list what's what, along with the contents of my configuration files.
Here are some command outputs:
Code:
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 88:c9:b3:bf:30:b5 brd ff:ff:ff:ff:ff:ff
altname enp1s0
inet 192.168.68.60/22 brd 192.168.71.255 scope global dynamic ens1
valid_lft 1463sec preferred_lft 1463sec
inet6 fe80::8ac9:b3ff:febf:30b5/64 scope link
valid_lft forever preferred_lft forever
3: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 4c:cc:6a:1d:30:c7 brd ff:ff:ff:ff:ff:ff
altname enp0s31f6
inet 192.168.0.1/24 brd 192.168.1.255 scope global eno1
valid_lft forever preferred_lft forever
inet6 fe80::4ecc:6aff:fe1d:30c7/64 scope link
valid_lft forever preferred_lft forever
Code:
ip r
default via 192.168.68.1 dev ens1
192.168.0.0/24 dev eno1 proto kernel scope link src 192.168.0.1
192.168.68.0/22 dev ens1 proto kernel scope link src 192.168.68.60
Code:
netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.68.1 0.0.0.0 UG 0 0 0 ens1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eno1
192.168.68.0 0.0.0.0 255.255.252.0 U 0 0 0 ens1
Here is my interfaces config:
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
auto ens1
iface ens1 inet dhcp
auto eno1
iface eno1 inet static
address 192.168.0.1
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.86.60
Here is my iptables config:
Code:
# This config is basically 1:1 (ignoring the loopback traffic) to my friends config, except I changed the interface names and added NEW
*nat
-A POSTROUTING -o eno1 -j MASQUERADE
# Added loopback traffic during research to see if it would fix anything
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A INPUT -i ens1 -j ACCEPT
-A INPUT -i eno1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT
Here is the error I get when restarting the networking service:
Code:
Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit networking.service has begun execution.
░░
░░ The job identifier is 4732.
Dec 06 14:37:56 kyron-router systemd[1]: networking.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit networking.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Dec 06 14:37:56 kyron-router ifup[3954]: RTNETLINK answers: File exists
Dec 06 14:37:56 kyron-router systemd[1]: networking.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit networking.service has entered the 'failed' state with result 'exit-code'.
Dec 06 14:37:56 kyron-router ifup[3941]: ifup: failed to bring up eno1
Dec 06 14:37:56 kyron-router systemd[1]: Failed to start Raise network interfaces.
░░ Subject: A start job for unit networking.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit networking.service has finished with a failure.
░░
░░ The job identifier is 4732 and the job result is failed.
Here is the output of uname -a so people know what version of Debian I’m using:
Code:
Linux kyron-router 5.10.0-26-amd64 #1 SMP Debian 5.10.197-1 (2023-09-29) x86_64 GNU/Linux
