0

I'm running Debian Bullseye v 11 and I'm trying to set a default route 0.0.0.0/0 for Internet access on a DHCP enabled interface eth0.

Interface eth0 is getting an IP address from the ISP and interface eth1 is DHCP assigning addresses to clients. I need clients to be able to access the internet.

I've tried various configurations I saw online like route add 0.0.0.0/0 gw {hostname} dev eth0, etc but nothing seems to be working.

ip route

default via 71.182.224.1 dev eth0 proto dhcp src 71.182.224.241 metric 100
10.10.57.0/24 dev eth1 proto kernel scope link src 10.10.57.1
71.182.224.0/24 dev eth0 proto kernel scope link src 71.182.224.241 metric 100

Based on the article I was directed to I now have IP forwarding (routing) enabled on the Linux server too:

sysctl net.ipv4.ip_forward = 1

But client machines still can't access the Internet through the Linux server. They can ping interface eth0 and eth1 on the Linux server but they can't ping beyond. Based on my experience with Cisco routers there needs to be a route something like:

0.0.0.0 0.0.0.0 [1/0] via 71.182. 224.241, outside

I know how to do this on Cisco routers but I'm stumped with Linux. Unfortunately I have never used a Linux server as a router so I don't know what the proper routing table would look like. But I must be missing something that is preventing the client workstations from getting out to the Internet through the Linux server.

Can anybody help me with the proper command line syntax for this?

roaima
  • 107,089
  • 14
  • 139
  • 261
Schmied1
  • 1
  • 1
  • 2
    Are you sure you're not already getting a default route set by DHCP? Please provide your routing table – roaima Sep 23 '22 at 05:58
  • In addition, the linux box needs to forward packets between interfaces. https://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux – gerhard d. Sep 23 '22 at 08:06
  • I suspect you've got a default route off `eth1` as well as `eth0`, and it's a matter of _removing_ the invalid route rather than adding one – roaima Sep 23 '22 at 08:39
  • The goal of this question is: have clients use Internet. But the question asked is of a much more limited scope. Solving the question (if there is something to solve) will likely not be enough to solve "the Goal": having a client attempt to use Internet to verify the default route was added will likely fail if other things are not also done. Topics involved: DHCP client (ISP side), DHCP *server* (clients side), IP forwarding, NAT. – A.B Sep 23 '22 at 08:42
  • "_Based on my experience with Cisco routers there needs to be a route something like {a default route}_". There is one already. Look at the first line of the routing table from `ip route`. What you're probably missing is the advertisement of a default route through DHCP to your internal clients via this server. And then a NAT firewall rule to masquerade those clients onto your single public IP address. This is all well documented in articles such as (the fictionally named) "How do I make my Linux server a firewall/router?" – roaima Sep 23 '22 at 16:37
  • So I guess the missing part is "NAT". – A.B Sep 23 '22 at 16:39
  • There's also [Understanding ip route output](https://unix.stackexchange.com/q/564273/100397) – roaima Sep 23 '22 at 17:25
  • Correct NAT was the missing part after enabling IP forwarding. I found documentation that shows how to set up NAT in Linux. Works great now as a router. – Schmied1 Sep 23 '22 at 17:49

1 Answers1

2

Modern ip route command:

ip route add default via <gateway IP>

Legacy route command:

route add default gw <gateway IP>

With both commands, you can optionally add dev <network device name> to the end if necessary.

telcoM
  • 87,318
  • 3
  • 112
  • 232
  • I couldn't use an IP address because it's DHCP assigned and changes but that wasn't the problem after all. I had to enabled IP forwarding (us Cisco people call it routing) then I had to enable NAT. Works great now, client machines have Internet access through the Linux box just like it was a router. – Schmied1 Sep 23 '22 at 17:42