Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Igor S2016-03-25 16:33:21
linux
Igor S, 2016-03-25 16:33:21

How to organize direct access between two interfaces?

Firework!
There is a CentOS 7 server with three network cards:
wan - 11.11.11.11
lan0 - 172.16.0.1/24
lan1 - 172.16.1.1/24
net.ipv4.ip_forward = 1
FirewallD manages everything

external (active)
  interfaces: wan
  sources: 
  services: http https ssh
  ports: ...
  masquerade: yes
  forward-ports:...
  icmp-blocks: timestamp-reply timestamp-request
  rich rules

internal (default, active)
  interfaces: lan0 lan1
  sources: 
  services: dhcpv6-client http https ipp-client mdns mountd nfs rpc-bind samba-client ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: timestamp-reply timestamp-request
  rich rules:

route-n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         11.11.11.22       0.0.0.0         UG    100    0        0 wan
11.11.11.11    0.0.0.0         255.255.255.248 U     100    0        0 wan
172.16.0.0      0.0.0.0         255.255.252.0   U     0      0        0 lan0
172.16.1.0     0.0.0.0         255.255.255.0   U     0      0        0 lan1

local interfaces go "to the world" without problems
but do not have access to each other, while from, for example, 172.16.0.0/24 networks, I can only ping 172.16.1.1 and, accordingly, vice versa.
I feel like I forgot something, but I can't figure out what.
Tell me what I didn’t finish, otherwise I’ve been fighting for 2 days and I won’t get it

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vladimir, 2016-03-25
@xarek1986

try adding
ip ra 172.16.0.0/24 dev lan0 src 172.16.0.1
ip ra 172.16.1.0/24 dev lan1 src 172.16.1.1
and check just in case that
cat /proc/sys/net/ipv4/ip_forward
will return 1

Report
I
Igor S, 2016-03-27
@xarek1986

Gentlemen, everything turned out to be much more prosaic. It turned out that my "provider" has a private network 172.16.0.0/24, and therefore there were conflicts of ip addresses, which I did not notice due to deep inattention. After changing the subnet everything worked.

Similar questions
L
LexLoveG2019-12-11 04:38:10
How to edit .sav files? 3Reply
Z
zvl2016-10-25 08:13:17
What file system should I choose for virtual machine storage? 2Reply
D
Dmitry2016-10-25 10:13:42
Migration from LXC to VMWARE. Advantages and disadvantages? 3Reply
Q
q2zoff2019-03-23 23:54:49
How to set static DNS servers in debian 9? 1Reply
M
Max2019-03-24 03:11:18
How to hide PHP code on the server, provided that it needs to be edited? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question