NETPLAN — static route between interfaces, separate subnets --ubuntu 18.04
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
NETPLAN — static route between interfaces, separate subnets --ubuntu 18.04
I apologize if this sounds like a network noob or linux noob situation but the new netplan /static routes is currently driving me nuts
(and yes i know the class172 net is normally /16 but just like to have it this way for now)
Under Ubuntu 18.04:
interface0, WAN, ens18, 192.168.3.143 DHCP given from hw router 192.168.3.1 (DNS thru upstream 192.168.1.1 (which provides other 192.168.x.x nets)), internet facing
interface1, LAN (pxe/ltsp clients), ens20, 172.32.2.x/24, set as static 172.32.2.1, intranet facing
dnsmasq set as DHCP provider to LAN (works)
HOWEVER, unable to have internet /ping/DNS at LAN client side, even though dnsmasq is providing DHCP
I have tried netplan.io/examples, including google-fu, in trying to set static route between the interfaces, but 'example' lines with (any) 'combo' of IP /subnets(x.x.x.0/24) does not work.
I have also tried "ip route add IP/subnet via Gateway dev interface" but either get 'rule already exists' or that its incorrect.
Below are the current netplan and dnsmasq configs, and the routes
Can someone please help me tell me what is wrong and what the line(s)/configs should be? thank you SOOOO MUCH !
-------------------- #/etc/netplan/50-cloud-init.yaml
network:
ethernets:
# MAIN NETWORK WAN
ens18:
dhcp4: true
# PXE NETWORK LAN
ens20:
dhcp4: false
addresses: [172.32.2.1/24]
gateway4: 192.168.3.143
nameservers:
addresses: [192.168.3.1]
routes:
- to: 192.168.3.0/24
via: 192.168.3.143
metric: 100
version: 2
--------------------
# /etc/dnsmasq.conf
# manually added file- not autoinstalled
ip route show && route -n
default via 192.168.3.1 ens18 proto dhcp src 192.168.3.143 metric 100
172.32.2.0/24 dev ens20 proto kernel scope link src 172.32.2.1
192.168.3.0/24 dev ens18 proto kernel scope link src 192.168.3.143
192.168.3.1 dev ens18 proto dhcp scope link src 192.168.3.143 metric 100
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.3.1 0.0.0.0 UG 100 0 0 ens18
172.32.2.0 0.0.0.0 255.255.255.0 U 0 0 0 ens20
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 ens18
192.168.3.1 0.0.0.0 255.255.255.255 UH 100 0 0 ens18
I believe 172.32.X.X is not a private address and is routable via the internet.
According to what I have seen the private subnet in that range is 172.16.0.0/12 so anything from your address that could reach the internet would be sent far away instead of returned. Unless, of course, you were working in an organization that owned those internet IPs.
Last edited by computersavvy; 10-24-2020 at 12:56 PM.
172.32.x.x is still allowable class B network; had similar thought before posting question, tried again, same results; still able to ping 172.32.2.1, but nothing past that.
172.32.x.x is still allowable class B network; had similar thought before posting question, tried again, same results; still able to ping 172.32.2.1, but nothing past that.
Allowable class B is not the same as Private class B.
172.16.0.0/12 covers the IPs from 172.16.0.0 to 172.31.255.255 and that range is private and cannot be routed beyond the LAN. For private addresses dnsmasq and NAT are used when communicating with the internet. You are using 172.32.0.0 which is not a private subnet thus once the communication goes beyond your dhcp host it is lost to the internet.
be that as it may, then the "ONLY allowable" (sic- usable in the host and its protruding) networks you are telling me are 192.x's? if that is the case how is this being implemented in global enterprises? *found out yesterday some places are using ubuntu servers only as company firewall routers
im trying to wrap my head around what you said, as 2 yr ago i wiped and rebuilt my home routers,firewalls,routes, etc, which are being used, and so i comprehend a fair amount of this, and can say i understand 'translating' a completely different network (class A is my home lan, which has NO problem in this matter- i set that up at the main hw router (which offshoots other 192.168.x.x, with routes etc... )
please explain how "your dhcp host it is lost to the internet"... when by ping/traceroute the clients dont even reach the 192.168.3.143, which is ON the host (server) ?
and if this is still roundabout to the 192 situation ending, can you please provide the correct lines for use in the netplan and dnsmasq configs? im apparently already confused as it is? (BTW i just tried turning the 172 into 192.168.67.x per your suggestion, and same results.. ). the ltsp/pxe clients must be on different network than the internet interface, so there are netplan lines missing (for your NAT or otherwise?) or that are misconfigured. thank you
be that as it may, then the "ONLY allowable" (sic- usable in the host and its protruding) networks you are telling me are 192.x's? if that is the case how is this being implemented in global enterprises? *found out yesterday some places are using ubuntu servers only as company firewall routers
im trying to wrap my head around what you said, as 2 yr ago i wiped and rebuilt my home routers,firewalls,routes, etc, which are being used, and so i comprehend a fair amount of this, and can say i understand 'translating' a completely different network (class A is my home lan, which has NO problem in this matter- i set that up at the main hw router (which offshoots other 192.168.x.x, with routes etc... )
please explain how "your dhcp host it is lost to the internet"... when by ping/traceroute the clients dont even reach the 192.168.3.143, which is ON the host (server) ?
and if this is still roundabout to the 192 situation ending, can you please provide the correct lines for use in the netplan and dnsmasq configs? im apparently already confused as it is? (BTW i just tried turning the 172 into 192.168.67.x per your suggestion, and same results.. ). the ltsp/pxe clients must be on different network than the internet interface, so there are netplan lines missing (for your NAT or otherwise?) or that are misconfigured. thank you
LOL
Hardly. I provided the reference that tells you which subnets are private. If that is hard to understand then you are really dense.
Quit being obtuse and read what was said. I told you that 172.32.0.0 is an internet PUBLIC adress and that anything between 172.16.0.0 and 172.31.255.255 is private and provided the RFC 1918 reference that you can read. Since you are using an internet address in a private arena then you can hardly be surprised if things go awry.
DNS on ANY host on your network will attempt so send internet addresses outward unless EACH router in the path has a fixed routing table that overrides the default. Even then, once it passes the gateway router to the WAN replies would be lost.
Try switching your local lan from 172.32.2.0/24 to 172.31.2.0/24 and see if it works instead of arguing that I am wrong. Especially when I gave you the OFFICIAL information from IANA
Last edited by computersavvy; 10-25-2020 at 11:41 AM.
Can you ping an internet IP address like google from a client? i.e ping 142.250.113.101
Is this computer configured as a router? firewall rules, IP forwarding enabled etc.
Code:
#/etc/netplan/50-cloud-init.yaml
network:
ethernets:
# MAIN NETWORK WAN
ens18:
dhcp4: true
# PXE NETWORK LAN
ens20:
dhcp4: false
addresses: [172.32.2.1/24]
gateway4: 192.168.3.143
nameservers:
addresses: [192.168.3.1]
routes:
- to: 192.168.3.0/24
via: 192.168.3.143
metric: 100
version: 2
There should not be a gateway assigned to ens20. The gateway should be 192.168.3.1 which would automatically be configured when ens18 acquires an IP address.
Name servers should also be automatically assigned too.
Code:
dhcp-host=56:0c:e7:44:e0:23,172.32.2.1
You can not have the dhcp server assign itself an IP address. As a local DNS server you can put the server's IP address in the /etc/hosts which dnsmasq reads if configured which I believe is the default.
Why not use the server as a DNS for your clients?
computersavvy
sorry for your rattled cage. in NO MANNER was i arguing, esp as i noted after a week of working on this constantly i am confused with netplan etc. Your wording was abusive, regardless your belief of whatever. If you still feel that way PLEASE leave the discussion and i withdraw my question, and im NOT being obtuse etc. In case you DID NOT READ my reply, i tried 192.168.67.x and same results (which WOULD be in correlation to your class A/B/C - though again, at this point cant keep anything straight). I was going to post my attempts with adding NAT bridge,iptables masquerade, per something online i found about using ubuntu as router, but not anymore... oh and BTW-- i have a WAP router that DOES WORK attached to my main hw router and i wont tell you what class it uses.. :{ and yes im sure thats a 'violation' of INAA
michaelk
thank you for a more sensible response. adding to what i had before, yes i was confused about the GW /DNS. was under impression did not need to add chainlink DNS since it was already upstream once hitting 192.168.3.1 router point. The MAC addressing for the DHCP-host was per netplan's examples. The furthest icmp is able to go is the dhcp, it does not hit the 192 (yes because it is diff class, we ALL know that computersavvy, that is WHY im asking about static routes/ tables or NAT/iptable ! and if it was 192.168.x.0/24 vs 192.168.y.0/24 it would be diff network also with same 'issue'.. correct ? ).
will try rearrangement per suggestions a little later and get back. thank you.
-----
will also try to find iptables /config on the routers i setup a few years ago when i tried to learn networking which is NOT my normal 'area', since that may be needed too?
oh and if it 'helps' anyone i DO have a form of dyslexia, so there.. :<
ok, so i dont know what really happened unless the gw's were still hanging around in the system unflushed even after line removal and systemctl restarts. After review of my hw router from 4 yrs ago, and googling 'ubuntu router', i finally got this to work and the following are the final configs; and when it hits the 192.168.3.1 router the DNS kicks in properly also. No static routes were needed (these were set on the hw router for something else, and having used them alot there i think confused me (hey, it WAS many yrs ago and im not a network guy lol )). thank you for everyones inputs.
-----
#/etc/netplan/50-cloud-init.yaml
network:
ethernets:
WAN_eth:
match:
macaddress: 0a:90:ae:7c:88:41
set-name: WAN_eth
dhcp4: true
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
