Join Log in
Score:0
avatar Ubuntu

Problem accessing internet from a virtual LAN

jp flag
Eduardo Gutierrez

I want to make this setup:

enter image description here

It's in Spanish, but quite self explanatory. In the institute where I work, every student has a PC. The host is a Windows 10 PC with virtualbox 6.1.26 and extension pack.

I created a Ubuntu 18.04 virtual machine which would act as a firewall/router with two network adapters -- the first to get the IP dynamically from the institute and access to internet, and other for the internal network called cognom.

The config of network in Ubuntu "firewall":

auto lo
iface lo inet loopback
# enp0s3: # Interfície 1
# enp0s8: # Interfície 2

#  se activan cuando se producen eventos hotplug en las intefaces de red, como la detección de la tarjeta por parte del kernel,
#la conexión del cable de red, etc
allow-hotplug enp0s3 enp0s8

# enp0s3: # Interfície 1
auto enp0s3
iface enp0s3 inet dhcp

auto enp0s8
iface enp0s8 inet static
   address 192.168.0.1
   netmask 255.255.255.0
   network 192.168.0.0

# enp0s3: # Interfície 1
up iptables -t nat -A POSTROUTING -o enp0s3 -s 192.168.0.0/24 -j MASQUERADE
down iptables -t nat -D POSTROUTING -o enp0s3 -s 192.168.0.0/24 -j MASQUERADE

Every client machine, regardless of being Linux or Ubuntu, has the config:

Static ip address: 192.168.0.X ( where x is a number >1 and <255)
Netmask: 255.255.255.0
Gateway: 192.168.0.1

When I connect from a client in LAN, I can ping to the other machine, and the gateway (192.168.0.1..), but I can't ping or access internet.

How can I do this? Somehow NAT isn't working. To make things easy, we can suppose that the client is also an Ubuntu 18.04 machine.

An example of client network config could be:

auto lo
iface lo inet loopback
# enp0s3: # Interfície 1

allow-hotplug enp0s3

auto enp0s3
iface enp0s3 inet static
   address 192.168.0.5
   netmask 255.255.255.0
   gateway 192.168.0.1
   network 192.168.0.0

My idea is that a client could access internet.

77
0 + 0
Doug Smythies avatar
gn flag
Doug Smythies
Please edit your question to include your entire iptables rule set in "up" mode and after some attempts to access internet from your VMs. Please use `sudo iptables -xvnL` and `sudo iptables -t nat -xvnL`. We may or may not be able to help with that additional information, not sure. I want to see the packet counters and default policies, which those command will provide. Has packet forwarding been enabled? `cat /proc/sys/net/ipv4/ip_forward`.
0
Reply
jp flag
Eduardo Gutierrez
Tomorrow id update the answer with you information. The ip forward bit is set ok. Some people says that in enp0s8 in Firewall should put a gateway pointing to the "other side" the enp0s3... As far as i know as iptables are in /etc/network/interfaces... they are not permanent and every time you reboot the iptables are set from zero. I havent touched iptables anywhere else or made any instructions a part of this lines in the file.
0
Reply
Doug Smythies avatar
gn flag
Doug Smythies
Then with the default iptables policies of ACCEPT, I do not know what is wrong.
0
Reply
jp flag
Eduardo Gutierrez
Gateway is correct ?? As said some people said it has to be 192.168.0.1, others it has to be no gateway at all and others that gateway should point to wnp0s3. to the other network interface...so this is the first thing to consider...as said tomorrow id update the question with your help
0
Reply
Doug Smythies avatar
gn flag
Doug Smythies
You have not previously mentioned wnp0s3. The gateway of 192.168.0.1 is correct, at least for a non-virtual environment. I am not certain for a virtual environment like yours.
0
Reply
jp flag
Eduardo Gutierrez
I mean the gateway in the enp0s8 network interface, the second in the firewall/router system. Many people told me that it shouldnt be there. And others point that the gateway should point to the enps03 ( the bridged connection, in the first network interface) also in the firewall. Firewall as far as i know in ubuntu have defatult values as i didnt change anything... Id try tomorrow to edit question, my student didnt send me the result
0
Reply
Score:0
avatar Ubuntu
jp flag
Eduardo Gutierrez

My solution was to apply this config to the network in the router/firewall of Ubuntu;

# interfaces file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

allow-hotplug eth0

auto enp0s3
iface enp0s3 inet dhcp

auto enp0s8
iface enp0s8 inet static
        address 192.168.0.1
        netmask 255.255.255.0

#up iptables -a FORWARD -j ACCEPT
up iptables -t nat -A POSTROUTING -o enp0s3 -s 192.168.0.0/24 -j MASQUERADE
down iptables -t nat -a POSTROUTING -o enp0s3 -s 192.168.0.0/24 -j MASQUERADE

Finally worked it out... we had to delete the gateway from enp0s8. Another possible cause could be using eth0 and eth1 instead of enp0s3 and enp0s8. We needed to restart the service again after all the changes with

sudo systemctl restart networking
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.