Cannot access the internet

muhammadtoffaha · February 16, 2021, 5:52pm

Hi all,

I have an issue with my setup
Version: VyOS 1.2.1

vyos@vyos:~$ show interfaces*
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down*
Interface        IP Address                        S/L  Description*
---------        ----------                        ---  -----------*
eth0             172.16.0.1/24                     u/u  Trunked PG*
                 10.0.0.1/24***
eth0.13          172.27.13.1/24                    u/u*
eth1             -                                 u/u  Uplink 1*
eth1.11          172.27.11.1/24                    u/u*
eth2             -                                 u/u  Uplink 2*
eth2.12          172.27.12.1/24                    u/u*
eth3             172.16.35.222/24                  u/u  Public***

eth3 is my internet interface and I need any VM with 10.0.0.1/24 has access to the internet.

I did the following configuration for NATing

vyos@vyos# show nat
source {
    rule 100 {
       outbound-interface eth3
       source {
            address 10.0.0.0/24
        }
        translation {
        address masquerade

also, a static route to the eth3 gateway

route 0.0.0.0/0 {
  next-hop 172.16.35.1 {
     distance 1

but still unable to get internet access!

thanks in advance.
Muhammad

mod edit: I have fixed your formatting, but please use code tags when creating new posts.

Viacheslav · February 16, 2021, 7:42pm

Can you ping from LAN network 10.0.0.1?
Do you have any firewall rules?
Try to check any statistics.

show nat source translations
show nat source statistics
show ip route 0.0.0.0

muhammadtoffaha · February 16, 2021, 7:54pm

I am not able to ping 10.0.0.1 (weird)
No firewall rules

vyos@vyos:~$ show nat source translations
Pre-NAT              Post-NAT             Prot  Timeout
vyos@vyos:~$ show nat source statistics
rule   pkts    bytes   interface
----   ----    -----   ---------
100    51      3060    eth3


vyos@vyos:~$ show ip route 0.0.0.0
Routing entry for 0.0.0.0/0
  Known via "static", distance 1, metric 0, best
  Last update 04:17:12 ago
 172.16.35.1, via eth3

pirateghost · February 16, 2021, 8:19pm

Please use Code tags when posting command outputs.

pirateghost · February 16, 2021, 8:21pm

Why do you have an IP address of 10.0.0.1/24 on eth0?

muhammadtoffaha · February 16, 2021, 8:46pm

I am using it to be used on eth0 as mgmt subnet

do you think it may cause any issue?

a.srividya · February 18, 2021, 7:54am

Hi,

Can you share your network diagram for better understanding.

muhammadtoffaha · February 18, 2021, 9:03am

Hi,
This is my network diagram

also, the strange thing that from subnet 10.0.0.0/24 I am not able to ping 10.0.0.1!!

Viacheslav · February 18, 2021, 6:24pm

Can you ping 10.0.0.1 from the router itself?
Try to dump traffic on eth0 interface.
Send pings from VM to 10.0.0.1
On the router execute:

monitor traffic interface eth0 filter "proto ICMP"

muhammadtoffaha · February 18, 2021, 9:59pm

Yes I can ping 10.0.0.1 from vyos
> vyos@vyos# ping 10.0.0.1

PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.123 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.067 ms

monitor traffic interface eth0 filter “proto ICMP” output

vyos@vyos:~$ monitor traffic interface eth0 filter “proto ICMP”
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:52:49.010475 IP 10.0.8.102 > 10.0.8.103: ICMP echo request, id 4536, seq 431, length 91
21:52:49.010505 IP 10.0.8.102 > 10.0.8.103: ICMP echo request, id 4536, seq 431, length 91
21:52:49.010512 IP 10.0.8.102 > 10.0.8.101: ICMP echo request, id 4536, seq 431, length 91
21:52:49.010602 IP 10.0.8.102 > 10.0.8.101: ICMP echo request, id 4536, seq 431, length 91
21:52:49.010615 IP 10.0.8.102 > 10.0.8.104: ICMP echo request, id 4536, seq 431, length 91
21:52:49.010622 IP 10.0.8.102 > 10.0.8.104: ICMP echo request, id 4536, seq 431, length 91
21:52:49.010663 IP 10.0.8.103 > 10.0.8.102: ICMP echo reply, id 4536, seq 431, length 91
21:52:51.032302 IP 10.0.8.104 > 10.0.8.103: ICMP echo request, id 4540, seq 431, length 91
21:52:51.032343 IP 10.0.8.104 > 10.0.8.103: ICMP echo request, id 4540, seq 431, length 91
21:52:51.032349 IP 10.0.8.104 > 10.0.8.101: ICMP echo request, id 4540, seq 431, length 91
21:52:51.032352 IP 10.0.8.104 > 10.0.8.101: ICMP echo request, id 4540, seq 431, length 91
21:52:51.032356 IP 10.0.8.104 > 10.0.8.102: ICMP echo request, id 4540, seq 431, length 91
21:52:51.032361 IP 10.0.8.104 > 10.0.8.102: ICMP echo request, id 4540, seq 431, length 91
21:52:51.032425 IP 10.0.8.103 > 10.0.8.104: ICMP echo reply, id 4540, seq 431, length 91
21:54:45.139459 IP 172.16.35.166 > 8.8.8.8: ICMP 172.16.35.166 udp port 47678 unreachable, length 155
21:54:50.037111 IP 172.16.35.166 > 8.8.8.8: ICMP 172.16.35.166 udp port 48543 unreachable, length 155

Viacheslav · February 19, 2021, 9:22am

It looks like a problem on the device, which connected to the eth0 interface, I think that the device configured not properly, because 172.16.35.0/24 network on interface eth3, and you shouldn’t see such packets on eth0 interface.

Recheck configuration of eth0 and device, which connected to that port.