Join Log in
Score:0
avatar Server

No longer have access to server externally - network manager

gy flag
mangusbrother

I have just swapped over an ethernet interface on my ubuntu 20 server to be managed by network manager (the others were already managed by it, this was the straggler)

The issue now seems however that access is limited to/from this server

I have these subnets:

  • 10.0.3.x (where my dns server is)
  • 10.0.1.x (where my server is)
  • 10.0.21.x (where my personal pc is)

Everythign internally should have access to the 10.0.3.x subnet and the 10.0.21.x should have access to the 10.0.1.x subnet

Currently:

From my personal pc:

  • I cannot ping my server / access the hosted apps on it (port 8443) / ssh (22) to it
  • I can however access the gateway which is on the same subnet.

From my server:

  • I can ping 10.0.3.x
  • I cannot ping 10.0.21.x
  • I can ping (and resolve) google.com

From other devices on the 10.0.1.x network

  • Can successfully ping the server.

On the server i have the ufw disabled so that is not effecting, and before i migrated the interface to be managed by network manager i used to have access to this so while I do have a firewall in between this was not changed and has no new rules in effect.

Is there something maybe that I missed when migrating to the network manager that is needed to allow access to other subnets?

Note: The server has multiple adapters, including ones on 10.0.1.x and 10.0.3.x, so the routes printed by route already had mappings for those subnets. I used nmtui to add custom routes to 10.0.21.x to go through the 10.0.1.x adapter.

-- Some dumps that might help understanding ---

sudo ufw status

Status: inactive

ip link show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether ac:1f:6b:6e:0f:c2 brd ff:ff:ff:ff:ff:ff
3: eno4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether ac:1f:6b:6e:0f:c3 brd ff:ff:ff:ff:ff:ff
4: enx00e04c68024d: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:e0:4c:68:02:4d brd ff:ff:ff:ff:ff:ff
5: enx00e04c6802c0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:e0:4c:68:02:c0 brd ff:ff:ff:ff:ff:ff
6: enx0050b6bf0651: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:50:b6:bf:06:51 brd ff:ff:ff:ff:ff:ff
7: enx00e04c6802cd: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:e0:4c:68:02:cd brd ff:ff:ff:ff:ff:ff
8: enx00e04c6802cc: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:e0:4c:68:02:cc brd ff:ff:ff:ff:ff:ff
9: enx0050b6bf06c1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:50:b6:bf:06:c1 brd ff:ff:ff:ff:ff:ff
10: enx0050b6befcb3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:50:b6:be:fc:b3 brd ff:ff:ff:ff:ff:ff
11: enx0050b6bf070c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:50:b6:bf:07:0c brd ff:ff:ff:ff:ff:ff
12: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d8:cf:13 brd ff:ff:ff:ff:ff:ff
13: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d8:cf:13 brd ff:ff:ff:ff:ff:ff
14: br-7e213162e029: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
    link/ether 02:42:c5:b7:58:a5 brd ff:ff:ff:ff:ff:ff
15: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
    link/ether 02:42:a1:90:34:12 brd ff:ff:ff:ff:ff:ff
16: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:e3:66:84 brd ff:ff:ff:ff:ff:ff
17: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr1 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:e3:66:84 brd ff:ff:ff:ff:ff:ff
18: macvtap0@enx00e04c6802cc: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 500
    link/ether 52:54:00:4e:b9:ee brd ff:ff:ff:ff:ff:ff
19: macvtap1@enx0050b6bf070c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 500
    link/ether 52:54:00:50:04:24 brd ff:ff:ff:ff:ff:ff
20: macvtap2@enx00e04c68024d: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 500
    link/ether 52:54:00:4e:2a:55 brd ff:ff:ff:ff:ff:ff
21: macvtap3@enx00e04c6802cd: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 500
    link/ether 52:54:00:03:1d:21 brd ff:ff:ff:ff:ff:ff
22: macvtap4@enx0050b6bf06c1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 500
    link/ether 52:54:00:ed:71:0b brd ff:ff:ff:ff:ff:ff
23: macvtap5@enx0050b6befcb3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 500
    link/ether 52:54:00:68:40:57 brd ff:ff:ff:ff:ff:ff

route


Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    101    0        0 enx00e04c6802cd
default         _gateway        0.0.0.0         UG    102    0        0 enx00e04c6802cc
default         _gateway        0.0.0.0         UG    103    0        0 enx0050b6befcb3
default         _gateway        0.0.0.0         UG    105    0        0 eno3
default         _gateway        0.0.0.0         UG    106    0        0 enx0050b6bf06c1
default         _gateway        0.0.0.0         UG    107    0        0 enx0050b6bf070c
default         _gateway        0.0.0.0         UG    109    0        0 enx00e04c68024d
10.0.1.0        0.0.0.0         255.255.255.0   U     105    0        0 eno3
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 virbr1
10.0.3.0        0.0.0.0         255.255.255.0   U     106    0        0 enx0050b6bf06c1
10.0.3.0        0.0.0.0         255.255.255.0   U     107    0        0 enx0050b6bf070c
10.0.10.0       0.0.0.0         255.255.255.0   U     101    0        0 enx00e04c6802cd
10.0.20.0       0.0.0.0         255.255.255.192 U     5      0        0 eno3
10.0.21.0       0.0.0.0         255.255.255.192 U     5      0        0 eno3
10.0.60.0       0.0.0.0         255.255.255.0   U     109    0        0 enx00e04c68024d
10.0.70.0       0.0.0.0         255.255.255.0   U     103    0        0 enx0050b6befcb3
10.0.90.0       0.0.0.0         255.255.255.0   U     102    0        0 enx00e04c6802cc
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-7e213162e029
192.168.123.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

nmcli device status

DEVICE           TYPE      STATE         CONNECTION
enx00e04c6802cd  ethernet  connected     Wired connection 10
eno3             ethernet  connected     Wired connection 1
enx0050b6befcb3  ethernet  connected     Wired connection 3
enx0050b6bf06c1  ethernet  connected     Wired connection 5
enx0050b6bf070c  ethernet  connected     Wired connection 6
enx00e04c68024d  ethernet  connected     Wired connection 7
enx00e04c6802cc  ethernet  connected     Wired connection 9
br-7e213162e029  bridge    connected     br-7e213162e029
docker0          bridge    connected     docker0
virbr0           bridge    connected     virbr0
virbr1           bridge    connected     virbr1
eno4             ethernet  disconnected  --
enx0050b6bf0651  ethernet  disconnected  --
enx00e04c6802c0  ethernet  unavailable   --
lo               loopback  unmanaged     --
macvtap0         macvlan   unmanaged     --
macvtap1         macvlan   unmanaged     --
macvtap2         macvlan   unmanaged     --
macvtap3         macvlan   unmanaged     --
macvtap4         macvlan   unmanaged     --
macvtap5         macvlan   unmanaged     --
virbr0-nic       tun       unmanaged     --
virbr1-nic       tun       unmanaged     --
126
0 + 0
ssh
in flag
Mario
there are so many ways something go wrong, but you don't have any logs nor error messages shown to us. what do you mean by "I have just swapped over an ethernet interface" ?.. does that mean you use a new network interface ? What about IPForward ? Firewall rules don't effect the new network interface ?
0
Reply
gy flag
mangusbrother
I swapped the network interface under netplan from networkd to network manager No errors in the transition just getting timeouts on the described routes.
0
Reply
gy flag
mangusbrother
added more details
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.