LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-17-2019, 01:37 AM   #1
rbara
LQ Newbie
 
Registered: Sep 2019
Posts: 11

Rep: Reputation: Disabled
OpenSuse IP Masquerading not working


Hi All!

i have an OpenSuse server that acts like a master that has 2 network cards. one network card is connected to external network with internet access and the other one is configured as internal network and connected to a network hub. there are multiple other OpenSuse PC's that are connected to the network ,hub and they all act like slave PC's.

im trying to configure the network so the slave PC's could access internet through the master. i went through some articles and tried masquerading but still doesn't work. below is what i have done :

1) On the Master PC :
  1. yast2 -> Security and Users -> Firewall
    • - in the Interfaces section, selected the network card that is connected to internet and changed it to
      "External Zone" and select network card connected to the network hub to "Internal Zone".
    • - in the Masquerading section, checked the box labelled "Masquerade Network"
  1. yast2 -> system -> network settings
    • - in the rounting tab, "Enable IP Forwarding" box checked

2) On the Slave PC :
  1. yast2 -> Network Devices -> Network Settings
    • - on the Routing tab, set default gateway IP in this machine to the Internal IP of Master PC
    • - on the Hostname/DNS tab, set DNS server 1 IP to the Master PC's gateway IP (i also tried skipping this step but still doesn
      work)

below is the OS details about my Master :
NAME="openSUSE Leap"
VERSION="42.3"
ID=opensuse
ID_LIKE="suse"
VERSION_ID="42.3"
PRETTY_NAME="openSUSE Leap 42.3"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/opensuse:leap:42.3"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"

below is the OS details about my Slave :
NAME=openSUSE
VERSION="13.2 (Harlequin)"
VERSION_ID="13.2"
PRETTY_NAME="openSUSE 13.2 (Harlequin) (x86_64)"
ID=opensuse
ANSI_COLOR="0;32"
CPE_NAME="cpe:/opensusepensuse:13.2"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://opensuse.org/"
ID_LIKE="suse"

can please help to advise what i'm missing here? i still couldnt be able to ping to external IP add

Last edited by rbara; 09-17-2019 at 02:33 AM.
 
Old 09-17-2019, 02:48 AM   #2
ferrari
Senior Member
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 3,841

Rep: Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657
It would be helpful to post IP adddressing and routing tables for both machines
Code:
ip address
Code:
ip route
Code:
grep name /etc/resolv.conf
Even if you don't have internet connectivity from a given machine you can still capture the output to a text file and transfer via a memory stick to a machine that does have internet connectivity.

BTW, I assume from you mentioning of YaST that you're not using NetworkManager for either host. Correct?
 
Old 09-17-2019, 03:01 AM   #3
rbara
LQ Newbie
 
Registered: Sep 2019
Posts: 11

Original Poster
Rep: Reputation: Disabled
thank you for replying!

yes im not using NetworkManager for either host.

below are the IP addressing output for both machines :

Master PC :
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 80:18:44:ec:6b:74 brd ff:ff:ff:ff:ff:ff
3: em2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 80:18:44:ec:6b:75 brd ff:ff:ff:ff:ff:ff
inet 10.91.220.225/21 brd 10.91.223.255 scope global em2
valid_lft forever preferred_lft forever
inet6 fe80::8218:44ff:feec:6b75/64 scope link
valid_lft forever preferred_lft forever
4: em3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 80:18:44:ec:6b:76 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.100/24 brd 10.10.10.255 scope global em3
valid_lft forever preferred_lft forever
inet6 fe80::8218:44ff:feec:6b76/64 scope link
valid_lft forever preferred_lft forever
5: em4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 80:18:44:ec:6b:77 brd ff:ff:ff:ff:ff:ff
inet 192.168.250.100/24 brd 192.168.250.255 scope global em4
valid_lft forever preferred_lft forever
inet6 fe80::8218:44ff:feec:6b77/64 scope link
valid_lft forever preferred_lft forever

Slave PC :
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 127.0.0.2/8 brd 127.255.255.255 scope host secondary lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 0c:c4:7a:9c:9f:d0 brd ff:ff:ff:ff:ff:ff
3: eth7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 0c:c4:7a:9c:9f:d1 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.111/24 brd 10.10.10.255 scope global eth7
valid_lft forever preferred_lft forever
inet6 fe80::ec4:7aff:fe9c:9fd1/64 scope link
valid_lft forever preferred_lft forever

below are the IP route output for both machines :

Master PC :
default via 10.91.216.1 dev em2
10.10.10.0/24 dev em3 proto kernel scope link src 10.10.10.100
10.91.216.0/21 dev em2 proto kernel scope link src 10.91.220.225
192.168.250.0/24 dev em4 proto kernel scope link src 192.168.250.100

Slave PC :
default via 10.10.10.100 dev eth7
10.10.10.0/24 dev eth7 proto kernel scope link src 10.10.10.111

below are the resolve.conf output for both machines :

Master PC :
nameserver 10.86.1.1
nameserver 10.86.2.1

Slave PC :
nameserver 10.91.216.1

thanks!

Last edited by rbara; 09-17-2019 at 03:03 AM.
 
Old 09-17-2019, 03:04 AM   #4
rbara
LQ Newbie
 
Registered: Sep 2019
Posts: 11

Original Poster
Rep: Reputation: Disabled
FYI, im using static IP for my MasterPC for external network and internal network
 
Old 09-17-2019, 03:24 AM   #5
ferrari
Senior Member
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 3,841

Rep: Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657
Ok, thanks for the additional information.

Can ping the gateway address ok?
Code:
ping 10.10.10.100
Can you ping a well-known internet address?
Code:
ping 8.8.8.8
If not, examine routing path via traceroute eg
Code:
/usr/sbin/traceroute 8.8.8.8
 
Old 09-17-2019, 03:26 AM   #6
ferrari
Senior Member
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 3,841

Rep: Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657
If this is only a name resolution issue (as opposed to IP or firewall issue), then you might try assigning a well-known public DNS instead eg OpenDNS 208.67.222.222
 
Old 09-17-2019, 03:36 AM   #7
rbara
LQ Newbie
 
Registered: Sep 2019
Posts: 11

Original Poster
Rep: Reputation: Disabled
Hi,

actually the problem im facing here is, i cant even ping to a known external IP add. im not sure if i have name resolution issue as of yet. however, from the SlavePC, i can ping to the Master PC internal IP and external IP. But not to other known external IP add. Also, this machines are under my company domain. i wont be able to use Open DNS.

below is the result i got from the traceroute to a know external IP add

traceroute to 10.91.217.196 (10.91.217.196), 30 hops max, 60 byte packets
1 10.10.10.100 (10.10.10.100) 0.211 ms 0.208 ms 0.204 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

thanks!
 
Old 09-17-2019, 03:49 AM   #8
ferrari
Senior Member
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 3,841

Rep: Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657
I would have preferred you to have demonstrated a ping to an internet address, rather than a private external IP address within your network. I guess you have no route back from that network you tried to reach.
 
Old 09-17-2019, 04:08 AM   #9
rbara
LQ Newbie
 
Registered: Sep 2019
Posts: 11

Original Poster
Rep: Reputation: Disabled
Hi There,

sorry, below is the traceroute output when i tried with 8.8.8.8 :

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 10.10.10.100 (10.10.10.100) 0.242 ms 0.240 ms 0.234 ms
2 10.91.216.1 (10.91.216.1) 0.877 ms 0.870 ms 0.847 ms
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

it seems like the slave couldnt access the master network..

thanks!
 
Old 09-17-2019, 04:15 AM   #10
ferrari
Senior Member
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 3,841

Rep: Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657
Ok, so you can reach the internet gateway at least.

FWIW, I have a number of subnets behind a router, which itself is behind a internet-facing firewall router at my place of work. All networks that require internet connectivity are actually configured for that (ie masquerading) in the firewall itself. As long as the routing behind that is ok, there should be no problem with internet connectivity, or being able to reach internal hosts as required.
 
Old 09-17-2019, 04:30 AM   #11
rbara
LQ Newbie
 
Registered: Sep 2019
Posts: 11

Original Poster
Rep: Reputation: Disabled
is there anything wrong with the way i configured my network on master and slave side?
 
Old 09-17-2019, 05:05 AM   #12
ferrari
Senior Member
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 3,841

Rep: Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657
Can you share your current /etc/sysconfig/SuSEfirewall2 configuration?
 
Old 09-17-2019, 08:13 PM   #13
rbara
LQ Newbie
 
Registered: Sep 2019
Posts: 11

Original Poster
Rep: Reputation: Disabled
Hi!

Attached master's SuSEfirewall2 file and slave's SuSEfirewall2 file. please open attached file in wordpad or notepad++.

thank you!
Attached Files
File Type: txt SuSEfirewall2_master.txt (34.2 KB, 2 views)
File Type: txt SuSEfirewall2_slave.txt (33.9 KB, 2 views)
 
Old 09-17-2019, 08:53 PM   #14
ferrari
Senior Member
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 3,841

Rep: Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657Reputation: 657
The master firewall config is as expected. Can you confirm that ip-forwarding is enabled? (I see that it is enabled in the firewall, but just want to check actual kernel setting.)
Code:
cat /proc/sys/net/ipv4/ip_forward
 
Old 09-17-2019, 09:09 PM   #15
rbara
LQ Newbie
 
Registered: Sep 2019
Posts: 11

Original Poster
Rep: Reputation: Disabled
the result of the command is "1" in the master and "0" on the slave. we dont need to enable ip forwarding for slave right?
is the SuSEfirewall2 configuration correct for the slave side?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Qmail masquerading is not working rdharmalingam Linux - Server 0 01-12-2009 12:24 PM
Masquerading not working ryedunn Linux - Networking 0 12-27-2008 12:04 AM
sendmail masquerading not working with mail/mutt Hcman Linux - Software 0 11-10-2004 07:57 AM
cant tell if masquerading is on and working. bripage Linux - Networking 3 04-24-2003 02:50 AM
router not routing/masquerading. Why? Pcghost Linux - Networking 1 03-24-2003 10:30 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration