Join Log in
Score:-1
avatar Server

VM daisy chain with external Pi

aq flag
user89898989

This is for an assignment that I am working on. Pi is external while CentRelay, WinSvrRelay and CentClient are all VMs created using VMWare Workstation Pro 16.

------          -------------        ---------------        --------------
| Pi |<-------->| CentRelay |<------>| WinSvrRelay |<------>| CentClient |
------  bridged -------------  LAN1  ---------------  LAN2  --------------

Pi has wifi connected to my home network with firewall disabled and masquerading to provide internet connection and a bridged ethernet connection to my host.

WiFi IP: 192.168.0.99
Bridged: 172.168.1.1/24

CentRelay is using CentOS 8 Stream, firewall disabled and masquerading.

Bridged: 172.168.1.2/24
LAN 1: 192.168.2.1/27

WinSvrRelay is using Windows Server 2019, firewall disabled with RRAS set up for LAN routing and added NAT routing protocol.

LAN 1: 192.168.2.2/27
LAN 2: 192.168.2.33/27

CentClient is using CentOS 8 Stream, firewall disabled.

LAN 2: 192.168.2.34/27

All the VMs have internet connection but when I try to ping it is all one way. CentClient/WinSvrRelay can ping the Pi but the Pi can't ping them back. The Pi can ping CentRelay and CentRelay can ping the Pi, so I used Wireshark and noticed that there is no answer to ARP request when the Pi tries to ping WinSvrRelay. I have tried adding a route from CentRelay to WinSvrRelay with:

ip route add 192.168.2.32/27 dev ens224

This did nothing to help and I was wondering if I am missing something here. Any help would be appreciated and thank you! First time posting on forums so if I am missing any required information please let me know.

29
0 + 0
vidarlo avatar
ar flag
vidarlo
Why do you use NAT if the goal is end to end connectivity?
1
Reply
aq flag
user89898989
I initially only used LAN routing but CentClient wasn't getting internet connectivity then I watched a video on youtube and tried doing it this method and it worked. Would this be the cause of the problem?
0
Reply
vidarlo avatar
ar flag
vidarlo
Yes, it is the cause of your problem. Set up routing and ip forwarding on all systems.
1
Reply
aq flag
user89898989
Thank you for the help!
0
Reply
Score:0
vidarlo avatar Server
ar flag
vidarlo

So the problem is that you've configured masquerading NAT. This breaks end to end connectivity, but allows many systems to hide behind a single IP.

You should configure each VM to act as a router, without masquerading. In addition, you have to tell each router in your system how to reach the various networks you're using.

The Pi should have the following routing table:

DST Next hop
192.168.2.0/24 172.168.1.2

This tells your Pi that the entire 192.168.2.0/24 subnet can be reached by sending a packet to 172.168.1.2. The Pi doesn't need to know that the subnet is further subnettet downstream; routes can be aggregated.

The command to add such a route on Linux would be ip route add to 192.168.2.0/24 via 172.168.1.2

0 + 0
aq flag
user89898989
Thank you for the detailed explanation!
0
Reply
vidarlo avatar
ar flag
vidarlo
Please accept and consider upvoting the answer if it was helpful.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.