Score:0

Ubuntu

Share two network interfaces on linux

Firouziam

5/12/24, 2:52 PM

I have a Linux PC (ubuntu 22.04) with a network layout as below:

Internet <-> Router <-> PC <-> edge device <-> Switch <-> APs <-> devices

And with two Lan interfaces as below:

eno1: Connected to the internet (directly connected to the router), gets IP: 192.168.1.165 from the router (DHCP)
enx3c: connected to an edge device and that edge device is connected to a switch, also so many devices are connected to that switch.

I want clients connected to enx3c to have access to the internet on eno1. And also I need to be able to directly communicate with devices under the enx3c interface.

I have followed suggestions in here and so many other tutorials and questions to see how to forward traffic from one interface to another using iptables as follows:

echo 1 > /proc/sys/net/ipv4/ip_forward 
sudo vim /etc/sysctl.conf 
net.ipv4.ip_forward=1
sudo sysctl -p 

iptables -A FORWARD -i eno1 -o enx3c -j ACCEPT 
iptables -A FORWARD -i enx3c -o eno1 -m state –state ESTABLISHED,RELATED -j ACCEPT 
iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE

After doing so, the edge device didn't get any IP, so I set up a DHCP server on the PC with the below steps:

sudo apt install isc-dhcp-server
sudo vim /etc/dhcp/dhcpd.conf 
    subnet 192.168.137.0 netmask 255.255.255.0 { 
    default-lease-time 600; 
    max-lease-time 7200; 
    authoritative; 
    range 192.168.137.1 192.168.137.200; 
    option routers 192.168.137.254; 
    option domain-name-servers 192.168.137.1, 192.168.137.2; 
}

sudo vim  /etc/default/isc-dhcp-server 
INTERFACESv4="enx3c" 
#so the DHCP server produces Ips for clients connected to the second interface

sudo systemctl start isc-dhcp-server

And the eno1 interface is set to DHCP to get dynamic IP from the router and enx3c is set to manual to get static IP (192.168.137.1).

After starting the DHCP server, the edge device gets an IP in the range, and nmap shows it among live hosts, But there is no access to it! I cannot ping it or ssh into it. And the edge device doesn't have any internet access.

I looked everywhere and it seems that this method must work but I don't know what I am doing wrong. I appreciate any suggestions.

Update: It's worth mentioning that using the answer in here, I used the share to other networks option in the network manager in Ubuntu on the second interface, and after that, it gets IP in a different range, 10.42.0.1/24, and also the edge device gets a new IP in this range, 10.42.0.162, But again, I cannot ping or ssh into this device.

Here is the output for routing tables:

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eno1
10.42.0.0       0.0.0.0         255.255.255.0   U     101    0        0 enx3c
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eno1
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eno1

250

0 + 7

iptables

network-manager

networking

port-forwarding

lan

Doug Smythies

5/12/24, 3:15 PM

If your default FORWARD policy is DROP, then your 2 FORWARD rules are backwards. They should be ACCEPT from enx3c to eno1 and ESTABLISHED,RELATED for the other direction. If the FORWARD default policy is ACCEPT, then it doesn't matter. That should provide internet access to the edge device. You will need specific port forward rules to be able to access the edge device from other devices attached to your router. Your DHCP router is 192.168.137.1 not 192.168.137.254. Exclude 192.168.137.1 from your pool, because you are using it. I do not know about the network manager method.

mpboden

5/12/24, 3:28 PM

Can you provide clarification on what your edge device is? At first glance, I wonder why you don’t connect the switch to the router and connect all other devices to that. They’d all be on the same subnet in this situation. But if you have more than one port on your router then you could divide into two subnets. Otherwise, if you had a managed switch and your router allowed it, you could setup two vlans. So ultimately, I’m trying to understand the need for this setup.

Firouziam

5/12/24, 3:36 PM

@mpboden, The reason for this setup is to capture the whole traffic coming from/going to the network. I want to capture (from that PC) all of the packets that devices in the LAN send/receive. That's why I put the PC in the middle to make sure that it can see all of the traffic.

Firouziam

5/12/24, 3:37 PM

@DougSmythies, I have tested with these rules as well, and no luck. `sudo iptables -A FORWARD -o eno1 -i enx3c18a041c3a0 -s 10.42.0.1/24 -m conntrack --ctstate NEW -j ACCEPT `sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT ` `sudo iptables -t nat -F POSTROUTING` `sudo iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE`

mpboden

5/12/24, 3:41 PM

Did you enable IP forwarding with: `sysctl net.ipv4.ip_forward=1`?

Firouziam

5/12/24, 3:45 PM

@mpboden, yes, using the below commands: `echo 1 > /proc/sys/net/ipv4/ip_forward sudo vim /etc/sysctl.conf net.ipv4.ip_forward=1 sudo sysctl -p`

Doug Smythies

5/12/24, 3:50 PM

I am only commenting on the original approach, not the updated method as I do not use network manager. You would need to reverse the original FORWARD rules and fix the DHCP server gateway (router) address. Perhaps post your entire iptables rule set, so readers know your default policies (for example). Suggest `sudo iptables -xvnL` and `sudo iptables -t nat -xvnL`.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Share two network interfaces on linux

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.