I'm testing a new server for my organization that has NAT and pppoe conection from my provider. The problem is that I can ping from server to any domains but I cannot ping from lan devices to any domains, but I can ping to ip like 8.8.8.8 from lan devices.
So here some output syslog
Nov 9 09:51:59 ubuntu pppd[4187]: Plugin rp-pppoe.so loaded.
Nov 9 09:51:59 ubuntu pppd[4188]: pppd 2.4.9 started by admin1, uid 0
Nov 9 09:52:00 ubuntu pppd[4188]: PPP session is 3391
Nov 9 09:52:00 ubuntu pppd[4188]: Connected to ac:1f:6b:9e:af:08 via interface eth1
Nov 9 09:52:00 ubuntu pppd[4188]: Using interface ppp0
Nov 9 09:52:00 ubuntu pppd[4188]: Connect: ppp0 <--> eth1
Nov 9 09:52:00 ubuntu systemd-udevd[4189]: Using default interface naming scheme 'v249'.
Nov 9 09:52:02 ubuntu dhclient[1070]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9 (xid=0x965fad40)
Nov 9 09:52:03 ubuntu pppd[4188]: PAP authentication succeeded
Nov 9 09:52:03 ubuntu pppd[4188]: peer from calling number AC:1F:6B:9E:AF:08 authorized
Nov 9 09:52:03 ubuntu pppd[4188]: local IP address xxx.yyy.www.zzz(my public ip)
Nov 9 09:52:03 ubuntu pppd[4188]: remote IP address 10.0.0.1
Nov 9 09:52:03 ubuntu pppd[4188]: primary DNS address 193.231.252.1
Nov 9 09:52:03 ubuntu pppd[4188]: secondary DNS address 213.154.124.1
Nov 9 09:52:03 ubuntu pppd[4188]: local LL address xxxx::yyyy:kkkk:wwww:zzzz(ipv6 public ip)
Nov 9 09:52:03 ubuntu pppd[4188]: remote LL address fe80::0000:0000:0000:0001
Then I made an experiment, I used one of the lan machines as pppoe server, so you see can bellow that pppoe server has 172.16.0.1, and new server(the one that does not resolve) has 172.16.0.2.
And it works! I can ping domains from that experimental lan.
Nov 9 12:35:56 ubuntu pppd[6213]: Plugin rp-pppoe.so loaded.
Nov 9 12:35:56 ubuntu pppd[6214]: pppd 2.4.9 started by admin1, uid 0
Nov 9 12:35:56 ubuntu pppd[6214]: PPP session is 2
Nov 9 12:35:56 ubuntu pppd[6214]: Connected to 00:8c:fa:ad:b7:b1 via interface eth0
Nov 9 12:35:56 ubuntu pppd[6214]: Using interface ppp1
Nov 9 12:35:56 ubuntu pppd[6214]: Connect: ppp1 <--> eth0
Nov 9 12:35:56 ubuntu pppd[6214]: CHAP authentication succeeded: Access granted
Nov 9 12:35:56 ubuntu pppd[6214]: CHAP authentication succeeded
Nov 9 12:35:56 ubuntu pppd[6214]: peer from calling number 00:8C:FA:AD:B7:B1 authorized
Nov 9 12:35:56 ubuntu systemd-udevd[6218]: Using default interface naming scheme 'v249'.
Nov 9 12:35:56 ubuntu pppd[6214]: replacing old default route to ppp0 [0.0.0.0]
Nov 9 12:35:56 ubuntu pppd[6214]: local IP address 172.16.0.2
Nov 9 12:35:56 ubuntu pppd[6214]: remote IP address 172.16.0.1
Nov 9 12:35:56 ubuntu pppd[6214]: primary DNS address 4.2.2.1
Nov 9 12:35:56 ubuntu pppd[6214]: secondary DNS address 4.2.2.3
And I noticed that from my provider there is that ipv6
Nov 9 09:52:03 ubuntu pppd[4188]: local LL address xxxx::yyyy:kkkk:wwww:zzzz(ipv6 public ip)
Nov 9 09:52:03 ubuntu pppd[4188]: remote LL address fe80::0000:0000:0000:0001
So I disabled from sysctl with
net.ipv6.conf.ppp0.disable_ipv6 = 1
And still it did not worked, I only got this log
Nov 10 08:19:01 ubuntu pppd[3442]: sif6addr: ioctl(SIOCSIFADDR): Permission denied (line 2986)
Nov 10 08:19:01 ubuntu pppd[3442]: cif6addr: ioctl(SIOCDIFADDR): No such address
Now here is my all network configuration:
I switched to ifupdown and disabled some services and netplan with:
apt update
apt install ifupdown
systemctl stop systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
apt-get --assume-yes purge nplan netplan.io
/etc/network/interfaces
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
auto dsl-provider
iface dsl-provider inet ppp
pre-up /bin/ip link set eth0 up # line maintained by pppoeconf
provider dsl-provider
auto eth0
iface eth0 inet manual
auto eth1
iface eth1 inet static
address 192.168.3.1
netmask 255.255.255.0
broadcast 192.168.3.255
ip addr output
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 3c:ec:ef:70:3d:00 brd ff:ff:ff:ff:ff:ff
altname enp4s0
altname eno1
inet6 fe80::3eec:efff:fe70:3d00/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 3c:ec:ef:70:3d:01 brd ff:ff:ff:ff:ff:ff
altname enp5s0
altname eno2
inet 192.168.3.1/24 brd 192.168.2.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::3eec:efff:fe70:3d01/64 scope link
valid_lft forever preferred_lft forever
77: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1480 qdisc fq_codel state UNKNOWN group default qlen 3
link/ppp
inet xxx.yyy.www.zzz(public ip) peer 10.0.0.1/32 scope global ppp0
valid_lft forever preferred_lft forever
inet6 fe80::524c:dc6 peer fe80::1/128 scope link
valid_lft forever preferred_lft forever
/etc/dhcp/dhcpd.conf
subnet 192.168.3.0 netmask 255.255.255.0 {
range 192.168.3.110 192.168.3.254;
option routers 192.168.3.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.3.1;
option broadcast-address 192.168.3.255;
default-lease-time 3600;
max-lease-time 86400;
}
After I tried only with systemd-resolved I used resolvconf
/etc/resolv.conf (/run/resolvconf/resolv.conf)
nameserver 193.231.252.1
nameserver 213.154.124.1
nameserver 127.0.0.53
I even tested with a static network configuration on a lan machine, it does not work.
If I manually add dns from my provider or even 8.8.8.8 to those lan machines it works, It's like the server does not add dns to lan machines.