Default route is not working

may24x · October 26, 2018, 3:18pm

Hi all,

my (VM) Vyos Router has three interfaces
1: eth0 - 192.168.0.2/24
2. eth1 - 192.168.10.1/24
3. eth2 - 192.168.11.1/24

eth0 is on the same subnet as the DSL Router that has IP 192.168.0.1
The hosts of the subnet’s .10.0 and .11.0 can talk to each other and also ping their default-gateways: 10.1 and 11.1, the outbound interface eth0 and even the DSL Router itself (192.168.0.1)

But when I try to contact an Internet address … say: ‘ping 8.8.8.8’ I get 100% packet loss.

I’ve no NAT or any other fancy filters active. Nor further routing-protocol is in place
Only a static route is set:

vyos@hera# show protocols static route
route 0.0.0.0/0 {
next-hop 192.168.0.1 {
}
}

When I try to ping 8.8.8.8 from the vyos machine, everything is fine. But from any other machine it fails.
tracepath -n 8.8.8.8
1?: [LOCALHOST] pmtu 1500
1: 192.168.10.1 0.311ms
1: 192.168.10.1 0.219ms
2: no reply
3: no reply
4: no reply
5: no reply

What am I missing ?

hagbard · October 26, 2018, 4:12pm

Your addresses are RFC1918 addresses and are not for public use, so your ISP will and should drop those. Your DSL router should have then a public IP address you have to NAT your traffic to.

phoenix · October 27, 2018, 10:14am

Hi,
I think you most likely having a routing problem here. Your DSL Router doesn’t know the routes on eth1 and eth2. So you either have to masquerade your egress traffic to eth0 or if your DSL router supports it, create static routes for your subnets 192.168.10.0/24 and 192.168.11.0/24 with a next hop of 192.168.0.2/24.

zsdc · October 28, 2018, 6:00pm

Hi @may24x!
Try please solution proposed by @phoenix. If it don’t help, please write back here.

may24x · October 29, 2018, 8:25am

Hi all,

sorry but I cant set any static routes on the DSL Router as it is locked by the ISP

So do you suggest to create a SNAT rule that will all map traffic for 0.0.0.0/0 to 192.168.0.1 ?

wildcoder · October 29, 2018, 8:48am

@may24x

You could ask your ISP if they can add those routes for you.

You should define a SNAT for all traffic leaving eth0. Either a Masquerade or a SNAT to IP:192.168.0.2 should suffice.

may24x · October 29, 2018, 10:35am

Well this seem to work now

source {
rule 100 {
description “outbound internet traffic”
outbound-interface eth0
source {
address 192.168.0.0/20
}
translation {
address masquerade
}
}
}

system · October 31, 2018, 10:35am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.