Join Log in
Score:0
avatar Ubuntu

Can't access the machine through the second interface

in flag
Alex

I just recently started exploring the Ubuntu OS. My goal was to install Squid-server on Ubuntu Server 18.04 LTS. Squid has been successfully installed and launched. The problem is different.

There is Ubuntu Server 18.04 LTS with two physical interfaces ens32 and ens34.

ens32 has IP 192.168.11.32 and is connected to 192.168.11.0 network.

ens34 has IP 192.168.9.4 and is connected to 192.168.9.0 network.

There is a properly configured and working mikrotik router (IP 192.168.11.1 and 192.168.9.1), which connects networks.

The 192.168.11.0 and 192.168.9.0 networks have client computers that must connect to the Squid-server. The task is for the computers on the 192.168.11.0 network to connect to the server via 192.168.9.4 (ens34) interface. And computers on the 192.168.9.0 network to connect to the server via 192.168.11.32 (ens32) interface.

Picture with a lan diagram

Computers on the 192.168.11.0 network can access and ping 192.168.11.32, and computers on a 192.168.9.0 network can access 192.168.9.4.

Computers on the 192.168.11.0 network cannot access and ping 192.168.9.4, and computers on a 192.168.9.0 network cannot access 192.168.11.32.

If I disable the ens32(192.168.11.32) interface, then computers from 11.0 start to see and ping 9.4.

UFW is disabled! I get access to internet via 192.168.9.1.

netplan:

# This is the network config written by 'subiquity'
network:
  ethernets:
    ens32:
      dhcp4: no
      addresses:
      - 192.168.11.32/24
      routes:
        - to: 192.168.0.0/16
          via: 192.168.11.1
    ens34:
      dhcp4: no
      addresses:
      - 192.168.9.4/24
      gateway4: 192.168.9.1
      nameservers:
        addresses:
        - 8.8.8.8
        - 8.8.4.4
  version: 2

ifconfig:

ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.11.32  netmask 255.255.255.0  broadcast 192.168.11.255
        inet6 fe80::20c:29ff:fe53:39b4  prefixlen 64  scopeid 0x20<link>
        ether **  txqueuelen 1000  (Ethernet)
        RX packets 38982  bytes 5854389 (5.8 MB)
        RX errors 0  dropped 2680  overruns 0  frame 0
        TX packets 24167  bytes 23330654 (23.3 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.9.4  netmask 255.255.255.0  broadcast 192.168.9.255
        inet6 fe80::20c:29ff:fe53:39be  prefixlen 64  scopeid 0x20<link>
        ether *  txqueuelen 1000  (Ethernet)
        RX packets 23046  bytes 20437510 (20.4 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10334  bytes 3645617 (3.6 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 563  bytes 131661 (131.6 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 563  bytes 131661 (131.6 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

iproute:

default via 192.168.9.1 dev ens34 proto static
192.168.0.0/16 via 192.168.11.1 dev ens32 proto static
192.168.9.0/24 dev ens34 proto kernel scope link src 192.168.9.4
192.168.11.0/24 dev ens32 proto kernel scope link src 192.168.11.32

route -n:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.9.1     0.0.0.0         UG    0      0        0 ens34
192.168.0.0     192.168.11.1    255.255.0.0     UG    0      0        0 ens32
192.168.9.0     0.0.0.0         255.255.255.0   U     0      0        0 ens34
192.168.11.0    0.0.0.0         255.255.255.0   U     0      0        0 ens32

iptables:

*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [24023:22943845]
-A INPUT -i lo -j ACCEPT
-A INPUT -i ens32 -j ACCEPT
-A INPUT -i ens34 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.9.0/24 -d 192.168.11.0/24 -j ACCEPT
-A FORWARD -s 192.168.11.0/24 -d 192.168.9.0/24 -j ACCEPT
-A FORWARD -i ens32 -o ens34 -j ACCEPT
-A FORWARD -i ens34 -o ens32 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
COMMIT
# Completed on Thu Nov 18 09:33:48 2021
# Generated by iptables-save v1.6.1 on Thu Nov 18 09:33:48 2021
*nat
:PREROUTING ACCEPT [4193:489395]
:INPUT ACCEPT [3585:418607]
:OUTPUT ACCEPT [637:40980]
:POSTROUTING ACCEPT [637:40980]
-A PREROUTING -s 192.168.11.0/24 -p tcp -m multiport --dports 80,8080 -j REDIRECT --to-ports 3128
-A PREROUTING -s 192.168.11.0/24 -p tcp -m multiport --dports 443 -j REDIRECT --to-ports 3129
-A PREROUTING -s 192.168.9.0/24 -p tcp -m multiport --dports 80,8080 -j REDIRECT --to-ports 3128
-A PREROUTING -s 192.168.9.0/24 -p tcp -m multiport --dports 443 -j REDIRECT --to-ports 3129
COMMIT

If I replace Ubuntu Server with a Windows OS computer with similar interfaces - client computers see them.

What am I missing when setting up Ubuntu?

39
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.