Ubuntu as a Router/Gateway - Unable to access WAN

Question

I am currently trying to set up a home router using a machine running Ubuntu 12.04. The machine has two ethernet ports. eth0 is LAN and eth1 is WAN.

I have set eth0 to a static ip and have eth1 request an ip via DHCP.

/etc/network/interface

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
  address 10.1.1.10
  netmask 255.255.255.0
  gateway 10.1.1.10
  dns-nameservers 10.1.1.1 10.1.1.10

auto eth1
iface eth1 inet dhcp

This allows me to ping LAN computers, but I am unable to ping or access any external hosts. The modem is giving eth1 a valid ip address. The machine is setting it's LAN ip to 10.1.1.10 (to be moved to 10.1.1.1 when everything is working).

I have added the following to /etc/bind/named.conf.options:

    forwarders {
            8.8.8.8;
            8.8.4.4;
    };

net.ipv4.ip_forward=1 has been added to /etc/sysctl.conf.

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         Vanir.local     0.0.0.0         UG    100    0        0 eth0
10.1.1.0        *               255.255.255.0   U     0      0        0 eth0
98.162.168.0    *               255.255.252.0   U     0      0        0 eth1
link-local      *               255.255.0.0     U     1000   0        0 eth0

Does anybody see what I'm missing in order to allow both WAN and LAN traffic on my machine?

can you give an output of pinging an external host name and external ip. — wlraider70, Apr 11 '13 at 01:58
I have added route output to the OP. ifconfig reports eth0 with my internal LAN address and eth1 as my external WAN address, as stated. — earthmeLon, Apr 11 '13 at 19:25

earthmeLon · Accepted Answer · 2015-10-27T16:08:16.863

I was able to resolve this issue by editing /etc/udev/rules.d/70-persistent-net.rules. By making eth0 my WAN NIC, linux automatically used it's gateway as the default gateway.

/etc/udev/rules.d/70-persittent-net.rules:

# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x10ec:/sys/devices/pci0000:00/0000:00:1c.4/0000:03:00.0 (r8169)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="FF:FF:FF:FF:FF:F0", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

# PCI device 0x10ec:/sys/devices/pci0000:00/0000:00:1c.5/0000:04:00.0/0000:05:01.0 (r8169)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="FF:FF:FF:FF:FF:F1", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"

# PCI device 0x10ec:0x8169 (r8169)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="FF:FF:FF:FF:FF:F2", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2"

maybe add the output/content of the file in /etc/udev/.. to your answer for thoroughness, please? — ILMostro_7, Oct 24 '15 at 07:27

vidarlo · Answer 2 · 2020-06-24T20:49:12.137

Even though you may have solved this by reordering the interfaces, this is not the real source of the problem.

The real source of the problem is this:

auto eth0
iface eth0 inet static
  address 10.1.1.10
  netmask 255.255.255.0
  gateway 10.1.1.10
  dns-nameservers 10.1.1.1 10.1.1.10

Here you're saying that if you have a packet to some entity which is not on the 10.1.1.0/24 subnet, it should be sent to 10.1.1.10, which will know how to deal with it. But 10.1.1.10 is the local computer. The packet is not destined for this computer, so it looks up in it's routing table, and decides to forward the packet to 10.1.1.10... It's a routing loop on one computer.

If you only have a single router at home (likely), the local interface(s) should not have any gateway defined, as all IP's within the subnet is reachable locally. If you have multiple routers at home, you should set up specific routes to the networks handled by those routers. The only time it makes sense with two default routes is if you actually have two different routes to the internet.

In your setup, only the interface pointing towards the internet should have a default gateway defined. Thus, the config should be

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
  address 10.1.1.10
  netmask 255.255.255.0
  dns-nameservers 10.1.1.1 10.1.1.10
auto eth1
iface eth1 inet dhcp

This would have worked.

If you have multiple routers at home, it's probably because of a homelab or similar, and you'd probably be employing a routing protocol to handle it, but it could be configured statically with the post-up route add 192.168.1.0/24 gw 10.1.1.20 for instance.

Routes are applied approximately in the following order.

Locally reachable - addresses that can be reached directly wins over anything that has to go through a router.
Lighter routes wins over heavier oens.
More specific routes wins over less specific.
Higher bandwidth interfaces wins over lower bandwidth interfaces.

In this case, both gateways are default gateways (e.g. 0.0.0.0/0, as unspecific as possible). Route weight is user specifiable, in this case both had weight 0 (metric).

In short; the two routes are identical, except for order. Thus, the first one wins, and in your case that formed a routing loop.

The fact that reordering interfaces worked for you is merely coincidental, probably due to the ordering of the routing table. Your configuration is still wrong.

Ubuntu as a Router/Gateway - Unable to access WAN

2 Answers2

Linked