0

I'm trying to configure a Linux machine as a "middlebox router" that allows a connecting client machine to use the internet connection of the machine itself. It has two physical ethernet interfaces, let's call them eth0 and eth1. eth0 is the internet connection for the middlebox (connects to a switch) and the internet connection tests as working correctly. The LAN subnet for the internet connection is 192.168.0.0/24 with a gateway of 192.168.1.1. I configured a different subnet for the middlebox, shown below in the config file.

I tried to configure the other ethernet interface eth1 to basically share the internet connection, but I'm getting an error message Internet Connection Failed to Initialize and the client does not connect to the internet.

What I tried to do to setup this middlebox is this:

 1. Installed isc-dhcp-server 2. Configured DHCP and a static IP address for the client interface eth1 3. Enabled IPv4 forwarding on the middlebox systemctl -w net.ipv4.ip_forward=1 4. iptables rules: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i etho0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT 5. Set the internet connection interface (eth0) as the default route on the middlebox. IFF it's not already set to eth0, I run these commands to set the new default gateway route to eth0 (and printing the default route table shows the gateway is set to the right interface eth0 and the ip address for eth0, as expected): GW_IP=`route -n | grep -E "^0.0.0.0 .+UG .+eth0" | awk '{print $2}'` route del default $OTHER_INTERFACE route add default gw $GW_IP eth0

/etc/dhcp/dhcpd.conf

interface eth1 static ip_address=192.168.34.1/24 authoritative; subnet 192.168.34.0 netmask 255.255.255.0 { range 192.168.34.10 192.168.34.250; option broadcast-address 192.168.34.255; option routers 192.168.34.1; default-lease-time 600; max-lease-time 7200; option domain-name "local-network"; option domain-name-servers DNS_SERVER_IP1, DNS_SERVER_IP2; }

/etc/default/isc-dhcp-server

INTERFACESv4="eth1"

I'm not sure what I'm missing, but I was thinking this would allow "client" connections on eth1 to use the same gateway and internet connection as eth0 for the middlebox. Does anyone see what I'm missing or doing wrong?

Improve this question
2
  • You do not mention where you are seeing this error message. Commented Feb 7, 2022 at 6:38
  • There's a GUI popup on the (Ubuntu) client machine that indicates the internet connection failed to initialize. Commented Feb 7, 2022 at 6:55

1 Answer 1

Reset to default
0

I figured it out after tinkering and setting back up from scratch again. I had 3 problems with my initial configurations that prevented the middlebox from working:

  1. the middlebox needed to set FORWARDING ACCEPT on the client interface, not just enable ipv4 packet forwarding in the kernel
  2. the subnet setup by DHCP on the middlebox did not match the subnet on the client machine; the middlebox interface connected to the client and the client interface both need to be on the same subnet
  3. the client machine also needs a default gateway route set pointing to the subnet IP address of the middlebox interface connected to the client machine

NOTE: middlebox has two ethernet interfaces (eth0 connecting to the router/main LAN network and eth1 connecting to the client), and the client has one ethernet interface eth0. Further, the primary LAN network is 192.168.1.0/24 and the "middlebox LAN" subnet I changed to 192.168.0.0/24.

modified /etc/dhcp/dhcpd.conf on middlebox

interface eth1 static ip_address=192.168.0.1 subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.1 192.168.0.250; } option broadcast-address 192.168.0.255; option routers 192.168.1.1; # gateway for internet connecting interface default-lease-time 600; max-lease-time 7200; option domain-name "local-network"; option domain-name-servers 192.168.1.1. # use router/gateway for DNS

Assuming the middlebox itself is successfully connected to a primary LAN and has internet access and DNS working over ethernet interface eth0 ...

Steps to setup middlebox

ifconfig eth1 192.168.0.1 netmask 255.255.255.0 # Confirm the gateway is 192.168.1.1, or add it on dev eth1 if not # Configure DNAT on middlebox: ## IPv4 forwarding sysctl -w net.ipv4.ip_forward=1 ## masquerade between interfaces going out on eth0 so incoming routes back iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE ## enable forwarding from the client interface eth1 iptables -A FORWARD -i eth1 -j ACCEPT

Steps to setup client

ifconfig eth0 down # same subnet but different ip address on middlebox DHCP LAN ifconfig eth0 192.168.0.2 netmask 255.255.255.0 # set default gateway route to the ip address of the connected middlebox interface route del -net default route add default gw 192.168.0.1 # client DNS configuration (multiple options, I chose router DNS) echo "nameserver 192.168.1.1" >> /etc/resolv.conf

Testing Steps

Check subnet/address communication works:

  1. (from middlebox) $ ping 192.168.0.2
  2. (from client) $ ping 192.168.0.1
  3. (from client) $ ping 8.8.8.8

Check DNS resolution works:

  1. (from client) $ ping google.com OR dig google.com
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.