Hi, first post here, I’m building a practice cluster but I’m having issues sharing Internet access through NAT on my main machine, right now I only have:
- 1 server with 2 NIC: 1 connected to a router (Archer C7) and 1 to LAN
- 1 client w/ 1 NIC connected to LAN
For the server NICs I have the next settings:
-
enp4s0 (Connected to a Router w/ Internet Access):
Address: 192.168.0.99 /24 (Arbitrary)
Gateway: 192.168.0.1 (Router’s Gateway)
DNS Server: 10.1.0.1 (Local enp3s0 address)
Metric: 101 (default)
IPv4 Method: Manual
*for the DNS I copied what’s working on our actual cluster, but changing it to our local DNS or Google’s DNS doesn’t make any difference, I can ping normally to the outside network from the server -
enp3s0 (Connected to LAN)
Address: 10.1.0.1 /16 (Arbitrary)
Metric: 200 *
IPv4 Method: Manual
*changed the metrics it in the sysconfig files since it was 100 by default and I couldn’t ping to the outside networks from the server
I already tried 2 methods of Internet sharing, one from the Ubuntu community guides and one from the Arch Linux wiki, which don’t seem to be that different one from another, both use iptables and I tried both methods unsuccessfully:
Ubuntu’s Community Method:
sudo iptables -A FORWARD -o enp4s0 -i enp3s0 -s 10.1.0.0/16 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o enp4s0 -j MASQUERADE
Arch Linux’s Wiki Method:
# iptables -t nat -A POSTROUTING -o enp4s0 -j MASQUERADE
# iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i enp3s0 -o enp4s0 -j ACCEPT
And I also enabled ipv4 forwarding via a sysctl.d conf file so it changes on boot with:
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.ip_forward = 1
My client server’s only NIC is configured like this:
- enp5s0 (Connected to LAN)
Address: 10.1.0.2 /16
Gateway: 10.1.0.1
DNS Server: 10.1.0.1 (Again just copied what’s working on our cluster nodes right now, but changing the DNS to our organization’s own or google’s doesn’t make any difference)
The thing that’s happening is that from my client computer I can ping my main server as before (10.1.0.1), my router and other devices connected to it even wirelessly (192.168.0.X), I can ping even my department’s org network devices (AAA.AAA.AAA.XXX) which are working with public IP addresses and which my router is receiving it’s WAN address from.
But I can’t ping anything that’s not connected to the router, like google, nor can I do anything Internet related, such as installing packages through dnf, etc.
I read on the Arch’s Wiki that this issue is common along Docker users, but I haven’t installed it, and I don’t believe that it’s bundled in Rocky 8.8. I could be overcomplicating things in my ignorance as I’m just starting to experience Linux as a whole.
Any help would be immensely appreciated