LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   VLAN users unable to ping LAN users (https://www.linuxquestions.org/questions/linux-networking-3/vlan-users-unable-to-ping-lan-users-4175651763/)

Winanjaya 04-09-2019 12:00 AM
VLAN users unable to ping LAN users
 
Hi All,

my LAN is on 10.100.100.0/24

my CentOS 7.6 configs:

eth0 -> 10.100.100.1/24
eth1.100 -> 192.168.100.0/24

VLAN users are able to ping to eth0 (10.100.100.1)
but they are not able to ping any host in LAN.

I tried to add a new static route to route-eth1.100 as follow:

10.100.100.0/24 via 10.100.100.1 dev eth1.100

but still no luck :(

ferrari 04-09-2019 02:37 AM
The address assigned to eth1.100 is not valid.

Post the complete picture using the output from these commands please.
Code:
ip address
Code:
ip route

berndbausch 04-09-2019 04:26 AM
Quote:
Originally Posted by Winanjaya (Post 5982728)
eth0 -> 10.100.100.1/24
eth1.100 -> 192.168.100.0/24

I tried to add a new static route to route-eth1.100 as follow:

10.100.100.0/24 via 10.100.100.1 dev eth1.100
You need to route via the interface that is connected to 10.100.100.0/24, i.e. eth0. You also need to set kernel parameter ip_forward to 1.

Winanjaya 04-09-2019 06:12 AM
ip address:

Code:
57: enp8s0.100@enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 50:3e:aa:04:e9:e9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 brd 192.168.100.255 scope global noprefixroute enp8s0.100
      valid_lft forever preferred_lft forever
    inet6 fe80::7fe5:411a:7cfb:c07e/64 scope link noprefixroute
      valid_lft forever preferred_lft forever
58: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 50:3e:aa:04:f3:e0 brd ff:ff:ff:ff:ff:ff
    inet 10.100.100.1/24 brd 10.100.100.255 scope global noprefixroute bond0
      valid_lft forever preferred_lft forever
    inet6 fe80::eb36:96d2:fbe9:abe1/64 scope link noprefixroute
      valid_lft forever preferred_lft forever
bond0 is connected to LAN
enp8s0.100 is the VLAN (192.168.100.0/24)


ip route

Code:
default via 10.100.100.6 dev bond0 proto static metric 300
default via 192.168.100.1 dev enp8s0.100 proto static metric 400
10.100.100.0/24 dev bond0 proto kernel scope link src 10.100.100.1 metric 300
192.168.100.0/24 dev enp8s0.100 proto kernel scope link src 192.168.100.1 metric 400
Last try:

Code:
add /etc/sysctl.conf
net.ipv4.ip_forward=1

vi /etc/sysconfig/network-script/route-vlan100
10.100.100.0/24 via 10.100.100.1 dev bond0
systemctl network restart
still no luck :(

problem:

VLAN users (192.168.100.0/24) are unable to ping any hosts in LAN (10.100.100.0/24)

please help

Winanjaya 04-09-2019 08:20 AM
I tried below from centos:

[root@fw network-scripts]# traceroute -s 192.168.100.1 10.100.100.3
traceroute to 10.100.100.3 (10.100.100.3), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *

and I thought it makes sense, since the source is not from 10.100.100.0/24 ..
hmmm, is it possible to route to ifcfg-bond0 if the destination to 10.100.100.0/24?

Winanjaya 04-09-2019 10:05 AM
Hi..
I have better progress :)

I use this:

firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o bond0 -j MASQUERADE
firewall-cmd --drect --add-rule ipv4 filter FORWARD 0 -i vlan100 -o bond0 -j ACCEPT

now, VLAN users are able to ping to LAN users..

but now, I have another problem..
my VLAN users are not unable to do DNS queries..

please help

berndbausch 04-09-2019 03:18 PM
Quote:
Originally Posted by Winanjaya (Post 5982875)
my VLAN users are not unable to do DNS queries..
How do the VLAN clients query DNS, and what happens when they do it?
How is DNS configured on the VLAN clients?

berndbausch 04-09-2019 03:26 PM
Quote:
Originally Posted by Winanjaya (Post 5982793)
ip route

Code:
default via 10.100.100.6 dev bond0 proto static metric 300
default via 192.168.100.1 dev enp8s0.100 proto static metric 400
10.100.100.0/24 dev bond0 proto kernel scope link src 10.100.100.1 metric 300
192.168.100.0/24 dev enp8s0.100 proto kernel scope link src 192.168.100.1 metric 400
I don’t think two default routes without further routing rules is a good idea.

ferrari 04-09-2019 06:00 PM
Only the first should take effect (with the lower metric)?

ferrari 04-09-2019 06:10 PM
Quote:
my VLAN users are not unable to do DNS queries..
You haven't told us how your vlan hosts are configured. Static IP's or DHCP assigned? If the latter what DNS IP is assigned? (You should be able to perform check the IP path with traceroute etc).

Winanjaya 04-09-2019 06:36 PM
Code:
sorry for typo (it should be my VLAN users are not able to do DNS queries)
it's DHCP assigned

my VLAN 192.168.100.0/24 (enps8.100)

DNS is: 10.100.100.6 (via bond0)

as mentioned above, I made change to firewalld:

Code:
firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o bond0 -j MASQUERADE
firewall-cmd --drect --add-rule ipv4 filter FORWARD 0 -i vlan100 -o bond0 -j ACCEPT
because I need to forward vlan100 to bond0 (since VLAN is on 192.168.100.0/24 and bond0 is 10.100.100.0/24


All times are GMT -5. The time now is 03:26 PM.