I'm trying to route traffic between different networks and have followed a guide I found here:
https://devconnected.com/how-to-add-route-on-linux/
Here is a diagram which I hope adequately depicts the arrangment i'm working with:
Windows 10 Ubuntu Linux
172.31.0.X <----------> 172.31.0.33 (eno1)
10.0.40.1 (enp2s0f0) <----------> 10.0.40.10
I have a persistant route set on the Windows PC to route any traffic for 10.0.40.0/24 via 172.31.0.33.
Route Print output
The Ubuntu machine is set up to route traffic destined for 10.0.40.0/24 via 10.0.40.1.
ip r output
Pinging 10.0.40.10 from the Ubuntu machine works as expected.
If I ping 10.0.40.10 from the Windows PC I can see the ICMP messages arrive at the 172.31.0.33 interface on the Ubuntu machine using tcpdump.
I don't see any traffic on the 10.0.40.1 interface on that machine. It appears that the Ubuntu machine is not routing the traffic as I would expect.
Can anyone shed any light on what I have missed?
Adding output of:
iptables -S
for Ubuntu machine:
sudo iptables -S
# Warning: iptables-legacy tables present, use iptables-legacy to see them
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i eno1 -j ACCEPT
-A FORWARD -i enp2s0f0 -j ACCEPT
adi@LabBuildServer:~$ sudo iptables-legacy -S
[sudo] password for adi:
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o br-e925d11be2da -m conntrack --ctstate RELATED,ESTABLISHED -j ACCE PT
-A FORWARD -o br-e925d11be2da -j DOCKER
-A FORWARD -i br-e925d11be2da ! -o br-e925d11be2da -j ACCEPT
-A FORWARD -i br-e925d11be2da -o br-e925d11be2da -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-e925d11be2da ! -o br-e925d11be2da -j DOCKER-IS OLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-e925d11be2da -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
Output of:
ip route
on Linux host:
ip route
default via 10.0.40.1 dev br-POE proto static
10.0.40.0/24 dev br-POE proto kernel scope link src 10.0.40.10
Ubuntu machine:
adi@LabBuildServer:~$ sudo iptables -t nat -L
[sudo] password for adi:
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination