Score:1

Ubuntu

Connecting a ubuntu to the internet via one interface and to an internal network via another

Braininfection

11/25/23, 11:50 PM

I have a computer running Ubuntu 20.04 LTS with two interfaces. On interface is connected to an router which is connected to the internet and the other interface is connected to an internal gateway which is connected to the PC of interest. Schematic overview

Because of restrictions I am not able to to change configurations of any other device than the Ubuntu PC. To give some background: The 192.168.1.0 Network has a security policy that does not allow traffic to a cloud environment. For a PoC I got an permission to connect an external device to the network which is connected to the internet to bypass the security policy. If the PoC is successful we will change the policy.

I tried to use netplan to configure the Ubuntu PC so that all traffic is routet to the interface connected to the internet except for the IP of the PC of interest (192.168.1.100).

network:
  version: 2
  renderer: networkd
  ethernets:
    ens3:
      addresses:
       - 192.168.0.2/24
      dhcp4: no
      routes:
       - to: default
         via: 192.168.0.1
    ens5:
      addresses:
       - 192.168.1.2/24
      dhcp4: no
      routes:
       - to: 192.168.1.100/24
         via: 192.168.1.1

Unfortunately, that didn't worked. To be honest I am pretty new to the topic networks and ubuntu.

421

1 + 4

networking

network-bridge

gateway

netplan

dummyuser

11/26/23, 10:56 AM

Your schema leaves a question open: the server in the lower left corner – does it have 2 network interfaces? According to the Drawing yes – according the IP-Addressing no. – so is the PC of interest in the same network like your Ubuntu server with the network interface IP `19.168.1.2`? The configuration of ens5 does not make sense the connected Network is `192.168.1.0/24` and you configured an additional Route for this network.

Braininfection

11/26/23, 11:06 AM

You mean the 192.168.1.1? It's actually the router of the second network. So to answer your question: yes. They are in the same network. Maybe netplan is the wrong tool but how do I make sure that "my computer" uses ens3 for all traffic except the one to the computer of interest?

dummyuser

11/26/23, 1:18 PM

please remove the route from ens5, you do not need a router if you ubuntu server and the PC of interest are in the same subnet. execute `ping -c3 192.168.1.100` on the ubuntu server you should get a response. if not please do a `arp -an` on the ubuntu server and check if you have a valid entry for `192.168.1.100`

slangasek

11/26/23, 5:03 PM

The previous comment assumes a standard subnet topology, which may or may not be what you have here. It is worth trying. If your network topology DOES require you to go through 192.168.1.1, then the problem may be in the configuration of that machine and out of your control.

Score:0

Ubuntu

Hannu

11/26/23, 8:37 AM

You're trying a "complex" setup with 192.168.0.2 acting as a router in your LAN.

If you have DHCP and a blacklist-option in 192.168.0.1, then you might find it easier to connect all gear to it (possibly "adding LAN-ports" with any simple switch in between).

The DHCP will then be the central point of administration, with MAC-locked IP assignments, assuming the DHCP-server has that.

Then using the blacklist (again with the MAC) to block "192.168.1.100" (as shown in the diagram) from internet access.

If you want to use device names instead of IP-addresses, create relevant /etc/hosts -file entries for those, and copy the hosts file to all devices.

+ 4

Braininfection

11/26/23, 10:13 AM

Thanks a lot but this is not working for me. The diagram is just an simple abstraction of a complex network.

Hannu

11/26/23, 10:25 AM

Ok: the text "Because of restrictions I am not able to to change configurations of any other device than the Ubuntu PC." should have been there from the beginning, I would not have written my answer then. I'll leave it as an optional answer. e.g. for people in a simpler situation.

Braininfection

11/26/23, 10:34 AM

I have added some background information to make the problem clearer. Your input is still very valuable.

Hannu

11/26/23, 10:40 AM

I'm in a similar situation, my solution is to use only VM:s to connect to the "side-network", interconnecting the networks would be a policy violation for me (a complete no-no).

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Connecting a ubuntu to the internet via one interface and to an internal network via another

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.