Cannot route traffic to internet

General questions
1

I’m frustrated and cannot figure this out – I spent a lot of time, maybe you can help me out:

I’ve got 4 network interfaces on one VyOS Router in VirtualBox:

eth0, 172.16.0.1/24
eth1, 10.0.0.1/24
eth2, 192.168.10.1/24
eth3, [see comments, 192.168.1.82/24, ‘outside’]

All my VM’s can ping each of the interfaces, but I can’t figure out how to route to the internet.

eth3 is supposed to be my “OUTSIDE” connection. I have tried using VirtualBox’s NAT, Nat Service and Bridge mode. Right now, I’m using Bridge mode, which goes direct to my home router… I’m using a static IP on eth3.

In my previous Cisco classes, they said you had to add a Default Route to get traffic to the internet…

I tried:

set protocols static route 0.0.0.0/0 next-hop 192.168.1.82 distance ‘1’

(because that’s eth3’s actual IP address).

However, the router itself doesn’t know how to get out. If I ping google or 4.2.2.1, it says destination host unreachable.

Is there a better way? What’s wrong with my default route?

Why did this work in Cisco class, but not here?

===UPDATE===

So, I changed the ip of eth3 to 192.168.1.1. That seemed to help, because now I can ping IPs, but I’m not getting any DNS resolution. Am I going to have to configure NAT on eth3 or something??

2

Yes you have to configure NAT.

Try :

set nat source rule 100 outbound-interface eth3
set nat source rule 100 translation address 192.168.1.82

3

I don’t know why this happens, but with VirtualBox I tend to get a lot of issues with the internal NAT system. Whenever I try assigning my own subnet (e.g., 10.0.1.0/24 rather than the default 10.0.3.0/24) to the NAT, it may or may not work. But that is besides the point, since you have bridge mode working.

[quote]In my previous Cisco classes, they said you had to add a Default Route to get traffic to the internet…

I tried:

set protocols static route 0.0.0.0/0 next-hop 192.168.1.82 distance ‘1’

(because that’s eth3’s actual IP address).

However, the router itself doesn’t know how to get out. If I ping google or 4.2.2.1, it says destination host unreachable.

Is there a better way? What’s wrong with my default route?

Why did this work in Cisco class, but not here?

===UPDATE===

So, I changed the ip of eth3 to 192.168.1.1. That seemed to help, because now I can ping IPs, but I’m not getting any DNS resolution. Am I going to have to configure NAT on eth3 or something??
[/quote]

You need to make sure that your interface IP is not the static route. Instead, you need to use your gateway IP (192.168.1.1 or whatever your gateway IP is). Also, for DNS you need to ‘set system name-server 8.8.8.8’ or any DNS server of your choice (e.g., Comcast DNS is 75.75.75.75 and 75.75.76.76). Also, if you have only one interface connected to the outside, you could simply use ‘set system gateway-address 192.168.1.1’. For your internal networks, you definitely need NAT in place (see JFL’s example).

BTW, you may want to change your eth3 IP back to what it was, because if your outside gateway address is .1, and your eth3 is using the same IP, this could cause problems with your outside network.

4

Thank you both! OK, so I’m having better luck, but I’m still not there all the way. I’ve combined your suggestions with the user manual…

Here’s the current config, and what I did:

eth0, 172.16.0.1/24
eth1, 10.0.0.1/24
eth2, 192.168.10.1/24
eth3, [192.168.1.82/24, ‘Outside’, NAT]

set nat source rule 100 outbound-interface ‘eth3’
set nat source rule 100 source address ‘192.168.1.0/24’
set nat source rule 100 translation address masquerade
set protocols static route 0.0.0.0/0 next-hop 192.168.1.1 distance ‘1’
set system name-server 192.168.1.1

With these settings, the VyOS Router can now ping by Name and IP.

However!

I still can’t get my client to the internet. The client can ping all 4 interfaces of the Router, but it can’t ping eth3’s gateway…

If the client is sitting on the 192.168.10.1/24 network, shouldn’t its default gateway be the eth2 interface? 192.168.10.1?

I still think it’s my route. Or, is it my NAT configuration?

5

set nat source rule 100 source address ‘192.168.1.0/24’ is incorrect

I suppose this is a typo and it should be 192.168.10.0/24 ?
But you don’t need to specify the source address, or you will have to create a separate rule for you other networks 172.16.0.1/24 and 10.0.0.1/24…

Of course your machines in each range must have the router Ip address as gateway !

6

Since you have multiple internal networks, it would be best if you do not specify any ‘source address’ in your NAT. Just copy the example JFL gave you and use it, without changing anything in it. It will work just fine that way. Otherwise you will need to create a NAT source rule for each subnet behind your router. The only reason you would specify the ‘source address’ portion would be to create a rule that is different from one interface to the other, e.g., you want your traffic to go out a different internet interface, rather than eth3. But for your scenario, you are better off not specifying a source address.

7

EXCELLENT! Thank you JFL and MIRIAS!! That worked! I wish I could give y’all thumbs up! And how simple was that resolution!? “You’re NAT translation address is the static IP assigned to your Router’s local outbound interface”. And, “your static route (default route to the internet) is the gateway of the network your Router’s local outbound interface belongs to”…

Here’s the final working configuration (for those who may be in the same boat):

eth0, 172.16.0.1/24
eth1, 10.0.0.1/24
eth2, 192.168.10.1/24
eth3, [192.168.1.82/24, ‘Outside’, NAT, “Provider” GW is 192.168.1.1]

set nat source rule 100 outbound-interface eth3
set nat source rule 100 translation address 192.168.1.82
set protocols static route 0.0.0.0/0 next-hop 192.168.1.1 distance ‘1’
set system name-server 192.168.1.1

1 Like
8

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.