disconnected
That is because there is no connection defined (yet) that would activate the interface.
What does happen if you do run the:
nmcli con add con-name lan ifname enp2s0 type ethernet ipv6.method disabled ip4 192.168.5.254/24
(Do replace the 192.168.5.254/24 with whatever the lan interface should have.)
If I turn on enp2s0, then enp3s0 turns off and vice versa. Network Manager cannot connect them together.
nmcli con add con-name lan ifname enp2s0 type ethernet ipv6.method disabled ip4 10.44.0.0/16
Connection ‘lan’ (6f784242-48a7-4e7a-b1a7-71f635fed326) successfully added.
After this action nmcli shows that everything is in order witch both card (I show enp2s0):
enp2s0: connected to lan
“Intel 82574L”
ethernet (e1000e), 00:E0:81:BD:60:AE, hw, mtu 1500
inet4 10.44.0.0/16
route4 10.44.0.0/16 metric 115
but in the Network Manager (GUI) there is complete chaos: both cards with the same external address 100.100.100.235 etc etc
Maybe need to disable GUI Network Manager and configure network cards only in the command line ?I have a hard drive with freebsd 14 without a graphical shell and everything works without problems on this computer when I put it here.In Сentos 6 with iptables everything was normal even with a graphical shell
I don’t use the GUI. I did just peek what GUI shows on my desktop. It says “off”.
In reality there are three VLAN and three bridges active on top of the “off” interface.
Useless.
That ain’t right. If the subnet is 10.44.0.0/16,
then 10.44.0.0 is the network address
and 10.44.255.255 is the broadcast address.
The IP address cannot be 10.44.0.0 like you have.
Addresses in range 10.44.0.1 … 10.44.255.254 are possible.
But I will go for exemple 10.44.7.77 via lan gateway 10.44.1.1 to external ip address, I have networks from 10.44.1.1/24 10.44.2.1/24 etc to 10.44.7.1/24 via gateway 10.44.1.1 . For example, for computer 10.44.7.77 I set the mask 255.255.0.0 (16) and the gateway 10.44.1.1
None of that makes any sense to me.
For example “10.44.1.1/24” is not a network. 10.44.1.0/24 is a network,
where 10.44.1.0 is a “network address” – not a host – and 10.44.1.255 is the broadcast address.
The 10.44.1.1 is address of one host within the 10.44.1.0/24.
If you have a prefix 16 is one of the 10.44.x.y hosts, then all 10.44.x.y hosts must have prefix 16 and are in one network: 10.44.0.0/16.
If your machine is the router (for all of them), then its address should be the 10.44.1.1.
Fine. I have computers with IP addresses 10.44.1.1 10.44.1.2 10.44.1.3 …10.44.1.254 (or 10.44.1.1-255 or 10.44.1.1/24) -the same 10.44.7.1 10.44.7.2, etc.- They are all connected through a lan gateway 10.44.1.1
Something seems messed up with your config, because it is 100% possible to configure two network cards and have them active at the same time with Network Manager:
[rocky@rocky-fw ~]$ nmcli conn show
NAME UUID TYPE DEVICE
enp2s0 548c6adc-6c4a-3b62-bc96-b188e64293c6 ethernet enp2s0
enp1s0 852ad6f4-1b66-3493-affd-9f25473e4816 ethernet enp1s0
lo d004ded4-f550-429e-b4be-3778fd02606b loopback lo
[rocky@rocky-fw ~]$ nmcli d s
DEVICE TYPE STATE CONNECTION
enp2s0 ethernet connected enp2s0
enp1s0 ethernet connected enp1s0
lo loopback connected (externally) lo
[rocky@rocky-fw ~]$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:23:61:96 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.254/24 brd 192.168.100.255 scope global noprefixroute enp1s0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe23:6196/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:7a:5a:f9 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.254/24 brd 192.168.122.255 scope global noprefixroute enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe7a:5af9/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Now:
If you click on the gear on the right, then where it says LAN there are ip range 10.44.0.0/16 and where Profile 1 is - one external address
And it was
<href=“Screenshot-from-2024-03-13-08-32-02 hosted at ImgBB — ImgBB”>
I did already note that the GUI output is probably nonsense and that
the ip4 10.44.0.0/16 was an error – you should have given the IP address and prefix there.
You say that you have a host with address 10.44.7.2. What is its prefix? Is it 24 (i.e. netmask 255.255.255.0), 16 (i.e. netmask 255.255.0.0), or something else?
Mantra: Machines do not have network – network has machines.
I have LAN host 10.44.7.77 (ArchLinux) netmask 255.255.0.0 gateway 10.44.1.1. Gateway is on computer (10.44.1.1) witн NAT on card enp2s0 (RockyLinux). LAN has other computers : segment 10.44.1.1 ,10 44.1.2 ,…1.255 segment 10.44.2.1, 10.44.2.2…2.255 etc So that all these segments are visible on a com.puter with NAT (10.44.1.1)) I write 10.44.0.0./16 or netmask 255.255.0.0. If I wrote 10.44.1.1/24 (instead of 10.44.0.0/16) then NAT with address 10.44.1.1 would not see the computer 10.44.2.1 or 10.44.4.1
!!!But this is a completely different question.The question is how can I see two connected and working network cards at the same time in the Network Manager or remove NM altogether and configure the cards only using ifconfig or something else.
!!!
Absolutely right, so I write 10.44.0.0/16 so that NAT on computer 10.44.1.1 can see computers on the networks 10.44.1.0, 10.44.2.0, 10.44.3.0 10.44.7.0, etc. 10.44.0.0/16 combines all these networks into one network
don’t know what’s missing, I installed the system from usb- stick and initially in NM only one card was working and the second one was automatically turned off if the first one was connected and vice versa
In the network manager I set only the network card IP, network mask, gateway and DNS server . What does the name of the subnets have to do with it? But in this case, I cannot configure the second card using NM. And adding a second network card on the command line completely ruins NM.That’s the problem. Maybe I need to reinstall or remove NM?
Reinstalling:
NetworkManager x86_64 1:1.44.0-5.el9_3 baseos 2.2 M
Total 1.7 MB/s | 2.2 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: NetworkManager-1:1.44.0-5.el9 1/2
Reinstalling : NetworkManager-1:1.44.0-5.el9 1/2
Running scriptlet: NetworkManager-1:1.44.0-5.el9 1/2
Running scriptlet: NetworkManager-1:1.44.0-5.el9 2/2
Cleanup : NetworkManager-1:1.44.0-5.el9 2/2
Running scriptlet: NetworkManager-1:1.44.0-5.el9 2/2
Verifying : NetworkManager-1:1.44.0-5.el9 1/2
Verifying : NetworkManager-1:1.44.0-5.el9 2/2
Reinstalled:
NetworkManager-1:1.44.0-5.el9_3.x86_64
Complete!
[pal@rocky ~]
You know with this image of NM-settings NAT works!!! Incredible!! I should have tried it yesterday. And I took up verbiage because the settings seemed strange to me .It’s obviously not a matter of reinstalling the NM. These are yesterday’s settings.This means that the NM did not collapse, probable this is its normal appearance when a second card is connected in an unusual way from the command line .To be honest, this is the first time I’ve encountered such a NM setting, and I work with all types of Linux except Gentoo.Usually all network cards are already visible and connected to the NM. You just need to configure them
ping from 10.44.7.77
ping -a google.com
PING google.com (216.58.208.206) 56(84) bytes of data.
64 bytes from waw07s02-in-f14.1e100.net (216.58.208.206): icmp_seq=1 ttl=119 time=15.0 ms
64 bytes from waw07s02-in-f14.1e100.net (216.58.208.206): icmp_seq=2 ttl=119 time=14.6 ms
64 bytes from waw07s02-in-f14.1e100.net (216.58.208.206): icmp_seq=3 ttl=119 time=14.5 ms
The GUI is not NetworkManager. The GUI, the nmtui, and the nmcli are three tools that one can use to talk to NetworkManager.service.
There are no “/24 segments” 10.44.1.1 , …1.255, 10.44.2.1 , …2.255, etc if the network segment is a “/16” 10.44.0.1 , …255.254.
The NAT is a separate issue.
If the IP address of the interface enp2s0 of this Rocky machine should have IP address 10.44.1.1, then you must give it address 10.44.1.1/16, Not 10.44.0.0.
NAT example:
10.44.7.77 sends a packet to forums.rocky. It resolves name of forums.rocky to address. Lets say a.b.c.d. A packet is created that has “SRC=10.44.7.77 DST=a.b.c.d”
The 10.44.7.77 has only two “routes”: to 10.44.0.0/16, and default via 10.44.1.1 (which uses the first route to find 10.44.1.1). The a.b.c.d is not within 10.44.0.0/16, so the dafault route is used.
The 10.44.1.1, “gw”, receives packet. Packet does not have DST=10.44.1.1 so it is not for gw.
The gw has three routes: to 10.44.0.0/16, to 100.100.100.224/28 and default via 100.100.100.225.
The a.b.c.d is in neither 10.44.0.0/16 nor 100.100.100.224/28, so it is forwarded to 100.100.100.225.
If there is no NAT, then packet would go forward until it reaches forums.rocky, and forums.rocky would create a reply with “SRC=a.b.c.d DST=10.44.7.77”.
Alas, 10.44.7.77 is a private address and no good router forwards such packets. Even if they would, nobody knows where that destination is.
Therefore, the gw must modify the outgoing packet before it leaves the enp3s0.
Replace "SRC=10.44.7.77 DST=a.b.c.d" with "SRC=100.100.100.235 DST=a.b.c.d".
The reply from forums.rocky thus has "SRC=a.b.c.d DST=100.100.100.235"
When the reply arrives to gw via enp3s0, the gw remembers that it did sNAT outgoing packet and does replace "SRC=a.b.c.d DST=100.100.100.235" with "SRC=a.b.c.d DST=10.44.7.77".
Looking at the routing table of gw, the packet is sent out via enp2s0, to 10.44.0.0/16, where 10.44.7.77 does receive it.
The point is that the proper “nat” occurs on outgoing, enp3s0, (the iptables had chain POSTROUTING in table nat), and not “on enp2s0”.
Furthermore, the FirewallD does set up NAT (which it calls ‘masquerade’) for you, if you use correct zone or modify zone correctly.
The enp2s0 and enp3s0 should not be on the same zone, because conceptually the “outside” and “inside” are different and should be treated differently.
I was happy early. It’s not clear why NAT started working with this configuration of network cards and it’s not clear why it stopped working. Not only did NAT crash again, but the Internet access was blocked. In order not to fool myself and you, I installed a hard drive with Debian 12 Mate. No problems with NM. Network cards are visible at the same time; I configured them in 5 minutes. For now I’ll leave it like this until better times GUI NM Rocky. In addition, iptable is also supported on Debian as in Centos 6 and Centos7 ( I deleted the firewalld in Centos7 and installed iptables,in my opinionCentos7 this is the latest stable and supported version) so NAT can be configured in 2 minutes by writing only 3 commands on the command line.By default, everything is allowed and connected in iptables, so there is no need to make a lot of unnecessary movements like in the firewalld.In addition, there is a utility UFW and GUFW that is very convenient for novice users
As a note:
The RHEL 7 was the last with legacy iptables. A point update of RHEL 7 did add support for nftables. While FirewallD was the default in RHEL 7, Red Hat docs did imply that FirewallD is not good “for real work”.
Starting with RHEL 8 the kernel has nftables and the tool “iptables” is a mere wrapper to nftables.
Red Hat docs did continue to recommend nftables.service over firewalld.service.
The version of FirewallD in RHEL 9 does finally have “proper” support for a router setup, but personally I do prefer nftables.service.
If I were you I would check whether the ‘iptables’ in Debian is the real legacy, or wrapper to nftables.
The upstream kernel has had nftables from version 3.13, so my bet is on the latter.
If Debian does use nftables under the hood, then it is better to learn that now.