Develop Reference

cannot ping each other in same lan on openwrt with virtual port and physical port

my openwrt-x86 has been running for a while inside exsi virtual environment(it's a VM,eth0 eth1 is virtual NIC of exsi),and one day I tried to add a pass through port(eth2 physical) into this openwrt as a lan port so I can access the lan managed by this openwrt by physically connect a wire into eth2, but I found that I can got ip address and dhcp normally,but cannnot connect other ipaddress in the same lan except the openwrt itself and wan network.
my config file of openwrt was
root#OpenWrt:/etc/config# cat network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdc8:982a:611a::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
list ports 'eth2'
option ipv6 '0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
option ipaddr '10.0.0.1'
option netmask '255.255.0.0'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
option metric '5'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
for example I got 10.0.0.10 dhcp ipaddr by physically connected to eth2,then my wan network still fine I can go google,but when I tried ping 10.0.0.151(a vm that in openwrt's lan) and got icmp not reachable
[root#master1 ~]# ping 10.0.0.151
PING 10.0.0.151 (10.0.0.151) 56(84) bytes of data.
From 10.0.0.10 icmp_seq=1 Destination Host Unreachable
From 10.0.0.10 icmp_seq=2 Destination Host Unreachable
From 10.0.0.10 icmp_seq=3 Destination Host Unreachable
From 10.0.0.10 icmp_seq=4 Destination Host Unreachable
From 10.0.0.10 icmp_seq=5 Destination Host Unreachable
From 10.0.0.10 icmp_seq=6 Destination Host Unreachable
and the route table on 10.0.0.10 seems fine
[root#master1 ~]# ip route
default via 10.0.0.1 dev ens192 proto dhcp src 10.0.0.10 metric 100
10.0.0.0/16 dev ens192 proto kernel scope link src 10.0.0.10 metric 100

solved,due to Exsi set internal switch NIC
Promiscuous Mode =false
Forged Transmits =false
by default,so vm in virtual lan cannot receive ARP response delivered,enable them to make it works

Static IP address set in /etc/network/interface not getting updated after rmmod and insmod

I have configured static IP address in /etc/network/interfaces file as below
# The loopback interface
auto lo
iface lo inet loopback
# Wired or wireless interfaces
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
broadcast 192.168.1.255
hwaddress ether 01:06:92:85:00:12
But, when i try to do rmmod of the driver e1000 and then
insmod again. the eth0 network interface would be loaded but, the ip address is not assigned until i explicitly do ifconfig eth0 or ifup eth0.
I have tried adding a script in /etc/network/if-up.d/loadeth.sh
which has
#!/bin/sh
if [ "$IFACE" = eth0 ]; then
echo "eth0 up" >> /var/log/oak_pci.log
fi
but, no luck the IP address is getting assigned.
My aim is that whenever i insmod the ethernet device driver i want to get the network interface(eth0) assigned with static IP address i have assigned in the interfaces file
Could anybody let me know what am i missing here

what am i missing here
The files in /etc/network/ are parsed when when ifup or ifdown commands are executed. (I think also when ifplugd picks them up).
insmod loads a module into the running kernel.
You are missing the knowledge, that there is just no connection between insmod-ing a kernel driver and reading any files from /etc/network directory.
My aim is that whenever i insmod the ethernet device driver i want to get the network interface(eth0) assigned with static IP address i have assigned in the interfaces file
You may setup udev rule to run a custom script upon insmod-ing a kernel driver or when interface comes up.

After going through man page of udev i understood how to create udev rules and with a dummy test specified in this link https://www.tecmint.com/udev-for-device-detection-management-in-linux/ i was able to invoke the udev rules when insmod-ing and rmmod-ing a driver.
So, Here's what i did to automatically set the ip address for the ethernet network interface once driver is loaded or insmoded
I create a udev rules file named 80-net_auto_up.rules in the ethernet pcie driver recipe (it is an out of tree kernel module. Hence, custom recipe)
i added SUBSYSTEM=="net", ACTION=="add", RUN+="/sbin/ifup eth0"
and edited ethernet pcie driver recipe .bb file and added below lines
...
SRC_URI = "all source files of ethernet pcie driver
file://80-net_auto_up.rules \
"
FILES_${PN} += "${sysconfdir}/udev/rules.d/*"
do_install_append() {
...
install -d ${D}${sysconfdir}/udev/rules.d
install -m 0644 ${WORKDIR}/80-net_auto_up.rules ${D}${sysconfdir}/udev/rules.d/
}
and now it works. when i reset the ethernet device manually.
The device is getting detected and Static IP address configured in the /etc/network/interfaces is set

Configure 2 NIC on the same subnet

For debugging purpose I need to set up a MITM proxy between 2 devices.
All devices have static IP (example) and are directly connected each other:
Device 1 : 192.168.10.50
Device 2 : 192.168.10.60
Proxy computer have 2 nic on the same subnet and is between other devices :
D1 .50 <=> [.60 PROXY .50] <=> D2 .60
My problem is, from the proxy if one of the 2 nic is disabled, D1 or D2 can reach the proxy.
Once I bring up the 2 nic, no one can see any other device.
D1 and D2 ip can't be changed.
Proxy is linux centos 8.
Already tested :
adding log on iptables : if 2 nic are up no more input / output log
Drop all input / output then accept only right ip from right interface => no result
Changing arp_filter = 1 and arp_announce = 2 => no result
Testing multiple SO post about 2 nic on same subnet
If anyone can help.
Thanks .

I've found a solution which consist in creating a transparent proxy and intercept some packets.
1- Create a bridge with the 2 NIC :
nmcli connection add type bridge autoconnect yes con-name "br0" ifname "br0"
nmcli connection modify "br0" ipv4.addresses "192.168.10.10/24" ipv4.method manual
nmcli connection delete enp0s3
nmcli connection delete enp0s8
nmcli connection add type bridge-slave autoconnect yes con-name enp0s3 ifname enp0s3 master br0
nmcli connection add type bridge-slave autoconnect yes con-name enp0s8 ifname enp0s8 master br0
2 Add correct rules to intercept specific traffic
nft add table bridge mitm
nft add chain bridge mitm filter { type filter hook prerouting priority 0\; }
nft add rule bridge mitm filter tcp dport 10000 ip saddr 192.168.10.50 meta pkttype set host ether daddr set xx:xx:xx:xx:xx:xx # br0 mac address
nft add rule ip nat PREROUTING tcp dport 10000 ip saddr 192.168.10.50 dnat to 192.168.10.10
It worked for me.

PPP and ethernet interface not working at the same time

My device is running on Debian OS strech version (not desktop).
I am not an IT personal, but a programmer. I need to know how to configure the network on the debian so both PPP cellular modem & the ethernet interface can access the internet.
There are 3 network interfaces:
1. Ethernet interface enp1s0: dhcp client. (gets ip from the dhcp server and access to the internet)
2. Ethernet interface snp2s0: static ip
3. Modem PPP: wvdial gets access to the internet using the modem
/etc/network/interface file:
auto lo
iface lo inet loopback
allow-hotplug enp1s0
iface enp1s0 inet dhcp
auto enp2s0
iface enp2s0 inet static
address 10.0.13.1
netmask 255.0.0.0
manual ppp0
iface ppp0 inet wvdial
ip route
default via 10.0.0.100 dev enp1s0
10.0.0.0/24 dev enp1s0 proto kernel scope link src 10.0.0.11
10.0.0.0/8 dev enp2s0 proto kernel scope link src 10.0.13.1
/etc/resolv.conf file:
domain mydomain.local
search mydomain.local
nameserver 10.0.0.3
/etc/wvdial.conf file:
[Dialer Defaults]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0
Init3 = AT+CGDCONT=1,"IP","internetg"
Init4 = AT+CGATT=1
Phone = *99***1#
Modem Type = USB Modem
Baud = 460800
New PPPD = yes
Modem = /dev/ttyACM2
ISDN = 0
Password = ''
Username = ''
Auto DNS = Off
/etc/ppp/peers/wvdial file:
noauth
name wvdial
usepeerdns
Problem:
1. My device is running and enp1s0 is connected to the internet. (modem is down)
2. I then run command to perform dialup of the ppp: ifup ppp0
3. As a result the device ppp0 appears in the 'ip a' command, but the ethernet interface enp1s0 is not connected to the internet anymore and also the modem is not connected, but has ip which means there is some problem with routing table and/or dns.
After dialup the ip route table does not have any default/rule for the PPP.
ip route:
default via 10.0.0.100 dev enp1s0
10.0.0.0/24 dev enp1s0 proto kernel scope link src 10.0.0.11
10.0.0.0/8 dev enp2s0 proto kernel scope link src 10.0.13.1
After dialup I noticed that the /etc/resolv.conf file changed and the dns of the ethernet interface is deleted and now appears the PPP dns entries:
/etc/resolv.conf
nameserver 194.90.0.11
nameserver 212.143.0.11
domain mydomain.local
search mydomain.local
The network should behave as follows:
1. If both PPP and ethernet interface are up, then both should have access to the internet at the same time
2. If only 1 of the devices are up (PPP or ethernet interface) then it should work
3. Dialup/Dialdown should not affect the ethernet connection to the internet
What are the exact commands needed and file configuration in order to be able to have PPP and ethernet interface enp1s0 work at the same time?
- ip routing table
- dns
- wvdial

for default route, add defaultroute and replacedefaultroute option to /etc/ppp/peers/wvdial file.

Configure kvm (libvirt) routed network on Ubuntu 16.04 host

I have an Ubuntu 16.04 KVM hypervisor behind a Debian-based firewall, and I'm trying to make the guest VMs IP-reachable, preferably matching the subnet I'm using for that collection of machines.
The firewall is hosting a 10.4.0.0/16 network, and successfully NAT'ing and accepting applicable traffic.
The hypervisor is at 10.4.20.250, with the virsh network configuration shown below. Of note, I've extended the netmask to try separating the clients from the host:
<network>
<name>default</name>
<uuid>02b5de1a-cde4-45dd-b8f5-a9fdfa1c6809</uuid>
<forward mode='route'/>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:a3:f0:e9'/>
<ip address='10.4.20.20' netmask='255.255.255.128'>
</ip>
</network>
The hypervisor (10.4.20.250) also has the following:
# ip r
default via 10.4.0.1 dev enp0s25 onlink
10.4.0.0/16 dev enp0s25 proto kernel scope link src 10.4.20.250
10.4.20.0/25 dev virbr0 proto kernel scope link src 10.4.20.20
169.254.0.0/16 dev enp0s25 scope link metric 1000
# brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.fe54009e64d0 yes vnet0
# ip link show virbr0
3: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether fe:54:00:9e:64:d0 brd ff:ff:ff:ff:ff:ff
# virsh domiflist myguest
Interface Type Source Model MAC
-------------------------------------------------------
vnet0 bridge virbr0 virtio 52:54:00:9e:64:d0
The guest ("myguest") at 10.4.20.25 is able to reach the internet at large; it's configured with:
ip r
default via 10.4.20.20 dev eth0
10.4.0.0/17 dev eth0 proto kernel scope link src 10.4.20.25
From a terminal session connected to the hypervisor (10.4.20.250), I can ping itself, the bridge at 10.4.20.20, the guest at 10.4.20.25, the firewall at 10.4.0.1, and the internet at large.
From the firewall (10.4.0.1) I can ping the hypervisor (10.4.20.250) and the bridge (10.4.20.20) .. but pings to the client (10.4.20.25) are lost. Similarly, from another machine on the 10.4 network, I can ping the firewall, the hypervisor, and the bridge, but not the client. I have the following rules set:
ip r
default via 10.4.0.1 dev enp4s0 onlink
10.4.0.0/16 dev enp4s0 proto kernel scope link src 10.4.2.1
10.4.20.0/25 via 10.4.20.20 dev enp4s0
192.168.15.0/24 dev enp1s0 proto kernel scope link src 192.168.15.242
Any help what configuration I might be missing to make my client be reachable from remote devices?
Note, I have tried to set the forward mode as 'open' but virsh net-edit gives me the following error:
error: unsupported configuration: unknown forwarding type 'open'