Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Igor S2016-03-25 16:33:21
linux
Igor S, 2016-03-25 16:33:21

How to organize direct access between two interfaces?

Firework!
There is a CentOS 7 server with three network cards:
wan - 11.11.11.11
lan0 - 172.16.0.1/24
lan1 - 172.16.1.1/24
net.ipv4.ip_forward = 1
FirewallD manages everything

external (active)
  interfaces: wan
  sources: 
  services: http https ssh
  ports: ...
  masquerade: yes
  forward-ports:...
  icmp-blocks: timestamp-reply timestamp-request
  rich rules

internal (default, active)
  interfaces: lan0 lan1
  sources: 
  services: dhcpv6-client http https ipp-client mdns mountd nfs rpc-bind samba-client ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: timestamp-reply timestamp-request
  rich rules:

route-n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         11.11.11.22       0.0.0.0         UG    100    0        0 wan
11.11.11.11    0.0.0.0         255.255.255.248 U     100    0        0 wan
172.16.0.0      0.0.0.0         255.255.252.0   U     0      0        0 lan0
172.16.1.0     0.0.0.0         255.255.255.0   U     0      0        0 lan1

local interfaces go "to the world" without problems
but do not have access to each other, while from, for example, 172.16.0.0/24 networks, I can only ping 172.16.1.1 and, accordingly, vice versa.
I feel like I forgot something, but I can't figure out what.
Tell me what I didn’t finish, otherwise I’ve been fighting for 2 days and I won’t get it

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vladimir, 2016-03-25
@xarek1986

try adding
ip ra 172.16.0.0/24 dev lan0 src 172.16.0.1
ip ra 172.16.1.0/24 dev lan1 src 172.16.1.1
and check just in case that
cat /proc/sys/net/ipv4/ip_forward
will return 1

Report
I
Igor S, 2016-03-27
@xarek1986

Gentlemen, everything turned out to be much more prosaic. It turned out that my "provider" has a private network 172.16.0.0/24, and therefore there were conflicts of ip addresses, which I did not notice due to deep inattention. After changing the subnet everything worked.

Similar questions
A
alexnem2020-09-26 09:46:45
Big time using a new laptop? 5Reply
C
crdrads2018-12-10 21:31:08
Why is it said that clip and mask are better for SVG than native CSS? 6Reply
G
German2018-07-22 21:02:40
How to properly install the Linux bootloader so that it can boot Windows as well? 3Reply
N
Nikita Filatov2016-03-03 19:57:57
How to fix missing captions in photoshop? 1Reply
V
VolkZubamiSchelk2016-03-04 13:55:07
INPUT -j DROP blocks outgoing traffic. What to do? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question