How to build routes correctly?

J

jajabin2021-03-30 11:16:47

linux

jajabin, 2021-03-30 11:16:47

There is a network 172.16.100.0/24 which needs to be given access to the Internet through the ens19 interface, its address is 10.0.88.111/24, the gateway is 10.0.88.254, I wrote the following:

default via 10.0.88.254 dev ens19
ip route add 172.16.100.0/24 via 10.0.88.111
iptables -A POSTROUTING -t nat -s 172.16.100.0/24 -o ens19 -j MASQUERADE

Forwarding is enabled, but packets are not visible when sniffing, there is Internet with ens19, what could be the problem?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

S-trace, 2021-03-31
@jajabin

Try like this:

echo > /etc/iproute2/rt_tables 200 ens19
ip rule add from 172.16.100.0/24 lookup ens19
ip route add default via 10.0.88.254 table ens19
iptables -A POSTROUTING -t nat -s 172.16.100.0/24 -o ens19 -j MASQUERADE

echo > /etc/iproute2/rt_tables 200 ens19 - create new ens19 routing table with priority 200
ip rule add from 172.16.100.0/24 lookup ens19 - create new routing rule where packets from 172.16.100.0/24 are routed through ens19
ip table route add default via 10.0.88.254 table ens19 - add default route to ens19 table
iptables -A POSTROUTING -t nat -s 172.16.100.0/24 -o ens19 -j MASQUERADE - packet masquerading
This should work.

D

Dmitry, 2021-03-30
@q2digger

what's in FORWARD? (iptables -L FORWARD -vnx)

A

Alexey Dmitriev, 2021-03-30
@SignFinder

You spelled it wrong.
The 172.16.100.0/24 network does not need to know anything about "ens19 interface, its address is 10.0.88.111/24, the gateway is 10.0.88.254"
For it, only an address from its own subnet can be a gateway, so this entry "ip route add 172.16. 100.0/24 via 10.0.88.111" is fundamentally wrong.
Describe the interfaces on the server in more detail.