Configuring Linux Mint as a Gateway

Question

My trusty Slackware box died, and I had to replace it with an already built Linux Mint v18. I was hoping this would be a drop-in replacement, but routing has changed over the years with iproute2. I was hoping just adding "route add default gw 192.168.1.1 eth1" would work - and it does - but the issue is my gateway computer can't establish a connection to anything on eth0.

Simplified layout:

|192.168.0.0/24|---|Gateway|---|192.168.1.0/24|
                                     |
                                     ---|ROUTER 192.168.1.1|---|Internet|

The Gateway has eth0, and eth1, and is a firewall for everything on 192.168.0.0/24. The router generally handles WiFi devices on 192.168.1.0/24.

Current configuration, I let KDE network manager bring up the interfaces, and just added the gw command as stated above:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eth1
192.168.0.0     0.0.0.0         255.255.255.0   U     1      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     1      0        0 eth1

This is working; all devices on 192.168.0.0/24 are routed properly, and I can connect to the gateway from 192.168.1.0/24 and the internet without issue.

However, I can't initiate so much as a ping from the gateway to anything on 192.168.0.0/24. I ran tcpdump, and found the source IP was changed to 192.168.1.2 (eth1). So this tells me the packets are going out the wrong interface, even though I set the metric for the gateway line to be higher than the others, and therefore not considered first.

I've read a number of stackexchange posts, and a few sites such as policy routing, and linux-ip, but I just can't seem to find a solution.

I'm not terribly familiar with iproute2, but what I've been able to pull together, just to get 192.168.0.0/24 working is:

echo "1 admin" >> /etc/iproute2/rt_tables
ip rule add from 192.168.0.0/24 priority 1 table admin
ip rule add to 192.168.0.0/24 priority 1 table admin
ip route add 192.168.0.0/24 table admin dev eth0
ip route cache flush

This makes sense to me; create a table which has higher priority than the defaults, create a rule from/to, then add a route on the same table to send it over eth0. But, this is not working.

It seems like there is something I'm missing, but I can't find it.

# uname -a
Linux neXuss2 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Answer 1

You should not need iproute2 for such a simple case.

However, you should check that the master switch for IP routing is on: make sure your /etc/sysctl.conf includes the line

net.ipv4.ip_forward=1

and then run sudo sysctl -p to make it take effect immediately.

The default value for net.ipv4.ip_forward sysctl is 0, which disables all IPv4 routing functionality completely.

Also, you should check the basics: verify that the eth0 interface actually has a link and is not producing errors. ethtool eth0 to verify link state and ethtool -S eth0 to view the statistics counters in the NIC driver.