-1

I have issue achieving this: A-->B-->C-->internet (doing A--C-->internet is working)

  • A: client lan: 192.168.57.0/24 (example 192.168.57.50)
  • B: ubuntu GW eth0: 172.10.0.1 (/24, default gw:172.10.0.254) eth1: 192.168.57.1 (/24) eth3 10.152.152.0 (/18)
  • C: whonix-gw eth0: 10.0.0.1 eth1: 10.152.152.10

At the beginning I tried using ipbales and tried DNAT, MASQUERADE, etc. but was not able to achieve the goal. Then I tried with PBR (policy based routing), so created a new table and added the default gw and the policy with no luck.

echo 200 John >> /etc/iproute2/rt_tables
ip rule add from 192.168.57.1 table John  #tried also adding the subnet here
ip route add default via 10.152.152.10 dev eth3 table John
ip route flush cache
David Makogon
  • 2,768
  • 1
  • 20
  • 29
Mario Arancioni
  • 1
  • 1

1 Answers1

0

Can you provide the output of iptables --list-rules, ip addr and ip route on each of the three boxes please? It would also be helpful for you to provide a traceroute <<internet host>> and a traceroute C from box A when it is configured to connect via B.

Richard Vodden
  • 101
  • 1
  • At the moment iptables is set ACCEPT on all 3 chains. – Mario Arancioni May 10 '16 at 08:20
  • I can certainly help you with this, however without being able to see what's really going on I'll be flying blind. If you could please provide that output, i'll work hard to diagnose your issue. – Richard Vodden May 10 '16 at 08:30
  • First boxes (A) are windows machines. ip 192.168.57.50 netmask 255.255.255.0 gw 192.168.57.1 route: there is only the default gw 192.168.57.1 Ubuntu Box (B )At the moment iptables is set ACCEPT on all 3 chains. the ip route on B: default via 172.10.0.254 dev eth0 10.152.128.0/18 dev eth3 proto kernel scope link src 10.152.152.1 169.254.0.0/16 dev eth0 scope link metric 1000 172.23.0.0/24 dev eth0 proto kernel scope link src 172.23.0.1 192.168.57.0/24 dev eth1 proto kernel scope link src 192.168.57.1 – Mario Arancioni May 10 '16 at 08:43
  • whonix-gw (C) is working with no issues: eth0: 10.0.0.1 netmask 255.255.255.0 gw 10.0.0.254 eth1: 10.152.152.10 netmask 255.255.192.0 ip route: nothing to write here, normal default gw. tracert from A after 1 hop (192.168.57.1), timeout. – Mario Arancioni May 10 '16 at 08:43
  • I did many tries, so basically the question is not to troubleshoot but clean everything and restart from scratch with your help. So at the moment no FW rules and no modify to the routing tables. Thanks – Mario Arancioni May 10 '16 at 08:46