DIY router not replying to most requests

Question

I am trying to setup a router on a machine with Ubuntu server 18.04. The server how one NIC on the motherboard and two PCI network cards with 4 interfaces each. I have setup a DHCP server and DNS server on the same machine. I used this tutorial. My network setup is as follow:

When I execute ping 192.168.1.1 from 192.168.1.2 everything works fine, however when I try to ping the ip of google using ping 172.217.17.36 I get no replies. nslookup google.com 192.168.1.1 times out as well. However when I execute nslookup google.com 192.168.0.113 from my laptop I do get the expected reply. Executing ping google.com on the ubuntu router works fine as well.

My netplan setup is as follows:

network:
    ethernets:
        eno1:
            dhcp4: true
        enp9s0:
            addresses:
            - 192.168.1.1/24
            dhcp4: false
            nameservers:
                addresses:
                - 127.0.0.1
                search: []
        enp10s0:
            addresses:
            - 192.168.1.1/24
            dhcp4: false
            nameservers:
                addresses:
                - 127.0.0.1
                search: []
        enp11s0:
            addresses:
            - 192.168.1.1/24
            dhcp4: false
            nameservers:
                addresses:
                - 127.0.0.1
                search: []

...same for other interfaces...
    version: 2

My ip tables setup is as follows:

iptables -P INPUT  ACCEPT
iptables -P FORWARD  ACCEPT
iptables -P OUTPUT ACCEPT

iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE

My dhcp.conf is as follows:

option domain-name "example.com";
option domain-name-servers 127.0.0.1;

default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;

authoritative;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
     range 192.168.1.2 192.168.1.254;
     option subnet-mask 255.255.255.0;
     option routers 192.168.1.1;
     option broadcast-address 192.168.1.255;
}

I am using pi-hole for my DNS server.

ifconfig on the ubuntu router results in:

eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.113  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::12c3:7bff:fe6c:c81b  prefixlen 64  scopeid 0x20<link>
        inet6 2a02:1812:d38:c300:274d:5b5:ce56:bdf6  prefixlen 64  scopeid 0x0<global>
        inet6 2a02:1812:d38:c300:12c3:7bff:fe6c:c81b  prefixlen 64  scopeid 0x0<global>
        ether 10:c3:7b:6c:c8:1b  txqueuelen 1000  (Ethernet)
        RX packets 13961  bytes 1287100 (1.2 MB)
        RX errors 0  dropped 9010  overruns 0  frame 0
        TX packets 2150  bytes 372856 (372.8 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xdfd00000-dfd20000

enp10s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::2e0:4cff:fe68:873e  prefixlen 64  scopeid 0x20<link>
        ether 00:e0:4c:68:87:3e  txqueuelen 1000  (Ethernet)
        RX packets 1041  bytes 233462 (233.4 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1427  bytes 460072 (460.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp11s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 00:e0:4c:68:87:3f  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

...

enp9s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 00:e0:4c:68:87:3d  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 8029  bytes 524899 (524.8 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8029  bytes 524899 (524.8 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

How can I figure out why my router is not replying to ping and dns requests for external IP's when they are coming from 192.168.1.2 ?

Let me know if you would like me to post additional information.

score 3 · Accepted Answer · answered Sep 14 '19 at 16:54

I see multiple unrelated problems in this setup:

Unable to ping external IPs from 192.168.1.2. Things you should check:
1. Does 192.168.1.2 have appropriate routes configured? Check the output of ip route to contain a default route with 192.168.1.1 as gateway (as configured in dhcp.conf)
2. Does 192.168.1.1 have appropriate routes configured? Again, check ip route here too. But since you can ping google.com from there this should be the case.
3. Is ip_forward enabled on the router? This is my guess.
  - check the output of cat /proc/sys/net/ipv4/ip_forward
  - echo 1 > /proc/sys/net/ipv4/ip_forward to enable
Unable to resolve DNS requests:

In your dhcp.conf you have

option domain-name-servers 127.0.0.1;

But this should be

option domain-name-servers 192.168.1.1;

Otherwise the Desktop tries to use 127.0.0.1 i.e. itself as DNS server.

This is most probably the issue here. Additionally you can test to resolve a DNS request explicitly specifying the DNS server, execute

host example.org 192.168.1.1

on the Desktop and on the router. Also check which DNS server is effectively configured via DHCP on both hosts: * on the Desktop this is probably now 127.0.0.1, see above, but should be 192.168.1.1 * on the router this is probably 192.168.0.1 i.e. the upstream router, configured via DHCP. Therefore: even if you can successfully resolve DNS request on the router - as a client - this does not imply that the DNS daemon - as a server - is configured and working correctly.

The same subnet on all interfaces: this problem didn't bite you yet but may well become a problem as soon as you connect more than one cable to the router.

Currently you have 192.168.1.1/24 configured on all downstream interfaces which are configured as layer 3 interfaces. With more than one of these interfaces active the OS will have trouble to decide on which of them to route packages to the 192.168.1.0/24 subnet to.

Instead you should connect all the physical interfaces to a virtual bridge device and assign the IP address to that bridge. This was the physical interface act as layer 2 switch interfaces connected to each other.

my money is on ip_forward being disallowed in sysctl. Start with the ping of an internal address first, then 8.8.8.8 (a google dns ip that will respond to ping), then figure out DNS. FWIW there's no need to run a dns server just to be able to do dns and routing, but nothing wrong with that either. Your internet router might be able to be configured with different routes in which case you can dispense with masquerade too, and just run pure routing, if you want to. — erik258, Sep 15 '19 at 00:56
I have it working now, the ip_forward was indeed disabled. I currently replaced the configured DNS server with google's 8.8.8.8 . I also setup the virtual bridge as acran suggested by following this [netplan example](https://netplan.io/examples#configuring-network-bridges). Thank you very much @acran and Daniel Farrell ! — Anton, Sep 15 '19 at 08:44
It also turns out my DNS server was not listening on all interfaces, I fixed it using `pihole -a -i all` . — Anton, Sep 15 '19 at 09:59

DIY router not replying to most requests

1 Answers1