Join Log in
Score:0
willdabeast avatar Ubuntu

Routing Table Modification on Ubuntu/Raspbian with VLAN Consideration

so flag
willdabeast

I had an issue with my Pi-Hole recently where after resolving I found my networks no longer had DNS resolution. After some troubleshooting I found the Unbound process (PI-Hole upstream) was sending DNS resolution requests to the internet over a virtual NIC (192.168.5.1) that was blocked by firewall for sending data over port 53. The only IP that can do this is the physical NIC on 192.168.3.47. I have opened up port 53 traffic on the Virtual interface temporarily. The reason I have these virtual interfaces is there are 2 processees running on the PI to forward UDP/IGMP broadcasts across VLAN's to enable Chromecast/screensharing and DLNA from some of my isolated VLAN's. It's essentially acting as a router for this type of traffic as my router that's managing the VLAN's isn't capabale of doing this. The devices are a NAS on VLAN1, TV's on VLAN5, and mobiles on VLAN 5. I want to set it so that all internet traffic on the PI goes out always through the physical NIC, 192.168.3.47 so I can revert the firewall changes and all internal traffic stays the same. I've been told best practice would be to modify the routing table somehow but not sure what to do.

Routing Table:

default via 192.168.3.1 dev eth0 src 192.168.3.47 metric 202 <--- physical NIC on VLAN3 - Port 53 traffic is allowed. PI-Hole sits on this IP and returns DNS to all VLANs via Inter-LAN routing with firewalls segregating traffic.

default via 192.168.5.1 dev eth0.5 proto dhcp src 192.168.5.47 metric 204 <--- Virtual NIC for UDP broadcast/Chromecast to isolated VLAN5 - Port 53 traffic is temporarily allowed. TV's and mobiles reside on this LAN.

default via 192.168.1.1 dev eth0.12 proto dhcp src 192.168.1.47 metric 205 <--- Virtual NIC for UDP/Chromecast to isolated VLAN1. NAS with DLNA sits on this subnet with firewalls open to TVs and mobiles on VLAN 5.

192.168.1.0/24 dev eth0.12 proto dhcp scope link src 192.168.1.47 metric 205 <--- VAN1.

192.168.3.0/24 dev eth0 proto dhcp scope link src 192.168.3.47 metric 202 <--- VLAN3

192.168.5.0/24 dev eth0.5 proto dhcp scope link src 192.168.5.47 metric 204 <---VLAN5.

Assuming I need to add a default route for all traffic through 192.168.3.47 interface. Then specify LAN scope for VLAN3/VLAN5 for LAN ranges only, negating internet traffic. I don't think this would affect the UDP/IGMP broadcasting. This should force all internet traffic to go through the 192.168.3.47 interface? Please can I get some advise on what needs to be modified here and how/why.

Any help much appreciated, Will

32
1 + 1
vidarlo avatar
om flag
vidarlo
Please provide routing table *as is*, and explanation separately. We're used to parsing the specific format used, and comments inline distracts from this.
0
Reply
Score:0
vidarlo avatar Ubuntu
om flag
vidarlo

You have three default routes according to the routing table you have provided.

What you observe is expected behavior. You should remove default routes (e.g. remove gateway) on interfaces that doesn't provide a default route.

+ 8
willdabeast avatar
so flag
willdabeast
If I remove the routes for 192.168.1.47 and 192.168.5.47 will the UDP broadcasting still work?
0
Reply
vidarlo avatar
om flag
vidarlo
Remove default routes. Not the interface specific routes (which you can't remove). And broadcast does not rely on routing at all; it's *always* on a specific L2 segment.
0
Reply
willdabeast avatar
so flag
willdabeast
thank you Vidarlo, can you give me an example command to execute please.
0
Reply
willdabeast avatar
so flag
willdabeast
I deleted the routes/gateways as you described and it seems to be working fine, thank you
0
Reply
willdabeast avatar
so flag
willdabeast
How do I make this persistant please? Pretty sure it will change on reboots.
0
Reply
vidarlo avatar
om flag
vidarlo
Remove the gateway definition in the configuration of the interface. This may be netplan, network manager or similar. Please consider marking it as accepted since it solved your problem.
0
Reply
willdabeast avatar
so flag
willdabeast
Thank you I have accepted, regarding removing the gateway plan, the addressing is set by DHCP with IP/Mac address binding, will I have to change to static for the VLAN's to configure the gateway, at the moment it just says DHCP with no interface options set.
0
Reply
vidarlo avatar
om flag
vidarlo
If you don't have a functioning default route, the DHCP server should *not* send a default gateway setting.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.