Routing from 2 networks on 2 different NICs in Vyos

jojo.pornebo · April 16, 2021, 11:12pm

eth0 10.0.204.0/24 with static IP 10.0.204.5
eth1 10.1.0.0/16 with static IP 10.1.2.1
eth2 10.0.50.0/23 with static IP 10.0.50.1

A node 10.0.50.11 in segment 10.0.50.0 can ping 10.1.12.91 in segment 10.1.0.0 but not the other way around. Ho can I solve this? Please help. Thank you.

Viacheslav · April 16, 2021, 11:39pm

Re-check firewalls on all routers/default gateways.
And after try to dump traffic

monitor traffic interface X

jojo.pornebo · April 19, 2021, 6:44pm

Sorry noob here. I dont have traffic in monitor:

monitor
Possible completions:
cluster Monitor clustering service
command Monitor an operational mode command (refreshes every 2 seconds)
conntrack-sync
Monitor conntrack-sync
content-inspection
Monitor Content-Inspection
dhcp Monitor Dynamic Host Control Protocol (DHCP)
dns Monitor a Domain Name Service (DNS) daemon
firewall Monitor Firewall
https Monitor the Secure Hypertext Transfer Protocol (HTTPS) service
interfaces Monitor interfaces
lldp Monitor Link Layer Discovery Protocol (LLDP) daemon
log Monitor last lines of messages file
nat Monitor network address translation (NAT)
openvpn Monitor OpenVPN
protocol Monitor routing protocols
snmp Monitor Simple Network Management Protocol (SNMP) daemon
stop-all Stop all current background monitoring processes
traceroute Monitor the path to a destination in realtime
vpn Monitor VPN
vrrp Monitor Virtual Router Redundancy Protocol (VRRP)
webproxy Monitor Webproxy service

===

jojo.pornebo · April 19, 2021, 6:45pm

show version
Version: VyOS 1.1.8
Description: VyOS 1.1.8 (helium)
Copyright: 2017 VyOS maintainers and contributors
Built by: maintainers@vyos.net
Built on: Sat Nov 11 13:44:36 UTC 2017
Build ID: 1711111344-b483efc
System type: x86 64-bit
Boot via: image
Hypervisor: VMware
HW model: VMware Virtual Platform
HW S/N: VMware-42 27 ef c0 57 04 29 93-c3 97 c6 3d 08 40 37 a5
HW UUID: 4227EFC0-5704-2993-C397-C63D084037A5
Uptime: 11:44:59 up 47 min, 2 users, load average: 0.04, 0.07, 0.06

jojo.pornebo · April 19, 2021, 7:03pm

now I do after upgrading to 1.3

now monitor ing

jojo.pornebo · April 19, 2021, 7:15pm

I checked the firewall section rules and I can’t find anything suspicious.

Anyway eth2 was newly added and I initially just gave it an IP address. Now I added the following but still not able to route from eth1 to eth2.

set interfaces ethernet eth2 firewall in name ‘outbound’
set interfaces ethernet eth2 firewall out

Viacheslav · April 20, 2021, 2:33pm

Send pings from host 10.1.12.91
On the router 10.1.2.1

monitor traffic interface eth1 filter "host 10.1.12.91"
monitor traffic interface eth2 filter "host 10.1.12.91"

jojo.pornebo · April 20, 2021, 4:16pm

Thanks for your assistance. I found the issue. The first NIC was tied to a zone-based firewall policy. Therefore, the second NIC could not talk to anything at all.

system · April 22, 2021, 4:16pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.