hello,
I am trying to get ip masquerading working with no luck. Interface wlo1 is
in the drop zone and is the internet facing network interface. Interface
eth0 is in the public zone and is the internal facing interface.
ip link
2: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode
DORMANT group default qlen 1000
link/ether d8:c0:a6:f4:cb:fd brd ff:ff:ff:ff:ff:ff
altname wlp2s0
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
state DOWN
mode DEFAULT group default qlen 1000
link/ether 52:54:00:78:fb:ce brd ff:ff:ff:ff:ff:ff
4: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN
mode DEFAULT group default qlen 1000
link/ether 00:00:00:00:11:f1 brd ff:ff:ff:ff:ff:ff
cat /proc/sys/net/ipv4/ip_forward
1
sudo firewall-cmd --zone=drop --query-masquerade
yes
ip addr
4: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN
group default qlen 1000
link/ether 00:00:00:00:11:f1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 scope global eth0
valid_lft forever preferred_lft forever
ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.073 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.113 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.113 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.115 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=0.112 ms
^C
--- 192.168.1.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4072ms
rtt min/avg/max/mdev = 0.073/0.105/0.115/0.016 ms
ping -4 www.google.com
PING www.google.com (64.233.180.106) 56(84) bytes of data.
64 bytes from on-in-f106.1e100.net (64.233.180.106): icmp_seq=1 ttl=51
time=185 ms
64 bytes from on-in-f106.1e100.net (64.233.180.106): icmp_seq=2 ttl=51
time=247 ms
64 bytes from on-in-f106.1e100.net (64.233.180.106): icmp_seq=3 ttl=51
time=182 ms
64 bytes from on-in-f106.1e100.net (64.233.180.106): icmp_seq=4 ttl=51
time=249 ms
64 bytes from on-in-f106.1e100.net (64.233.180.106): icmp_seq=5 ttl=51
time=687 ms
^C
--- www.google.com ping statistics ---
6 packets transmitted, 5 received, 16.6667% packet loss, time 5003ms
rtt min/avg/max/mdev = 182.048/309.982/687.217/190.777 ms
ping -4I eth0 www.google.com
PING www.google.com (64.233.180.105) from 192.168.1.1 eth0: 56(84) bytes of
data.
--- www.google.com ping statistics ---
16 packets transmitted, 0 received, 100% packet loss, time 15349ms
pipe 4
As you can see here pinging google from eth0 fails. If masquerading was
working then ping would be successful.
I am able to ping www.google.com from my virtual machine which is also
setup with ip masquerading.
Can ip masquerading work on two different interfaces at the same time?
Thanks
Tim
--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀
