You are not logged in.

Pages: 1

#1 2017-05-29 08:57:06

waldauf
Member
Registered: 2012-07-15
Posts: 133

Two networks - one for LAN, second for INTERNET

Hello,

I have two networks:
* wired - for company LAN (no Internet)
* wifi - for INTERNET

If I conncet to wifi I can get to the Internet. But after connect wire I can get only to company LAN but no to the Internet (wifi is still connected). Can I ask you for help - how to set to get to both net spaces - LAN and INTERNET?

# ip route
default via 10.88.14.1 dev enp0s31f6 proto static metric 20100  .................. company LAN
default via 192.168.43.1 dev wlp1s0 proto static metric 20600    .................. wifi Internet
10.88.14.0/24 dev enp0s31f6 proto kernel scope link src 10.88.14.115 metric 100 
192.168.43.0/24 dev wlp1s0 proto kernel scope link src 192.168.43.173 metric 600

Waldauf

Offline

#2 2017-05-29 09:17:16

brebs
Member
Registered: 2007-04-03
Posts: 3,742

Re: Two networks - one for LAN, second for INTERNET

Since the wired company LAN does not provide a route to the Internet, the "default via 10.88.14.1 dev enp0s31f6" entry should not exist.

Offline

#3 2017-05-29 09:36:25

waldauf
Member
Registered: 2012-07-15
Posts: 133

Re: Two networks - one for LAN, second for INTERNET

brebs wrote:

Since the wired company LAN does not provide a route to the Internet, the "default via 10.88.14.1 dev enp0s31f6" entry should not exist.

I tried to remove this route but then I can get to the Internet but not to the Company's site:

# ip route flush dev enp0s31f6

My route table:

# ip route                    
default via 192.168.43.1 dev wlp1s0 proto static metric 20600 
10.88.14.0/24 dev enp0s31f6 proto kernel scope link src 10.88.14.115 metric 100 
192.168.43.0/24 dev wlp1s0 proto kernel scope link src 192.168.43.173 metric 600

Last edited by waldauf (2017-05-29 09:37:12)

Offline

#4 2017-05-29 11:14:44

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,919

Re: Two networks - one for LAN, second for INTERNET

try adding a route like this :

10.0.0.0/8 via 10.88.14.1 dev enp0s31f6

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#5 2017-05-29 13:52:11

waldauf
Member
Registered: 2012-07-15
Posts: 133

Re: Two networks - one for LAN, second for INTERNET

Lone_Wolf wrote:

try adding a route like this :

10.0.0.0/8 via 10.88.14.1 dev enp0s31f6


Unfortunately didn't help.

Offline

#6 2017-05-29 15:21:42

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,784

Re: Two networks - one for LAN, second for INTERNET

How are you identifying hosts on the company LAN?  By hostname?  Have you tried by IP?  In other words, can you ping a known address on the LAN?
What are the contents of /etc/resolv.conf ?

Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#7 2017-05-30 14:47:25

waldauf
Member
Registered: 2012-07-15
Posts: 133

Re: Two networks - one for LAN, second for INTERNET

I'm identified by 802.1x security (PEAP) on LAN. I must type my user/passwd to get LAN IP.

Now, when I'm writing this, I'm connected to both - Wifi (internet) and LAN. Wifi is working but when I'm trying to get to LAN Web I got this error message in web browser:

This site can’t be reached

wiki.kb.cz’s server DNS address could not be found.
DNS_PROBE_FINISHED_NXDOMAIN

... so does that mean there is problem with DNS?


My resolv.conf with connecting to both sites:

cat /etc/resolv.conf
# Generated by resolvconf
search ds.kb.cz
nameserver 192.168.43.1 .... wifi DNS
nameserver 10.6.35.36
nameserver 10.6.67.36
nameserver 10.6.33.36
nameserver 10.6.65.36

Without LAN I have only wifi DNS in resolve.conf.


My route table now:

default via 192.168.43.1 dev wlp1s0 proto static metric 600 
default via 10.88.14.1 dev enp0s31f6 proto static metric 20100 
10.88.14.0/24 dev enp0s31f6 proto kernel scope link src 10.88.14.115 metric 100 
192.168.43.0/24 dev wlp1s0 proto kernel scope link src 192.168.43.173 metric 600

Last edited by waldauf (2017-06-01 13:09:15)

Offline

#8 2017-05-31 20:04:06

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,919

Re: Two networks - one for LAN, second for INTERNET

please post output from :

drill wiki.kb.cz
drill @192.168.43.1 wiki.kb.cz
drill @10.6.35.36 wiki.kb.cz

drill is in package ldns.
NOTE: i'm assuming wiki.kb.cz is one of the sites you want to access through company lan

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#9 2017-06-01 13:13:19

waldauf
Member
Registered: 2012-07-15
Posts: 133

Re: Two networks - one for LAN, second for INTERNET

@Lone_Wolf: You're right "wiki.kb.cz" is LAN site (I fixed resolv.conf in previous post). There are outputs from drill:

drill wiki.kb.cz

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 337
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; wiki.kb.cz.  IN      A

;; ANSWER SECTION:
wiki.kb.cz.     85489   IN      A       10.6.114.13

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 10.6.67.36
;; WHEN: Thu Jun  1 15:07:26 2017
;; MSG SIZE  rcvd: 44

drill @192.168.43.1 wiki.kb.cz 

Error: error sending query: Could not send or receive, because of network error

drill @10.6.35.36 wiki.kb.cz 

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 4725
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; wiki.kb.cz.  IN      A

;; ANSWER SECTION:
wiki.kb.cz.     56227   IN      A       10.6.114.13

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 10.6.35.36
;; WHEN: Thu Jun  1 15:08:05 2017
;; MSG SIZE  rcvd: 44

Last edited by waldauf (2017-06-01 13:23:37)

Offline

#10 2017-06-01 13:23:07

waldauf
Member
Registered: 2012-07-15
Posts: 133

Re: Two networks - one for LAN, second for INTERNET

Next what I found out:

  • We have proxy server. But I think it is not problem with proxy server

  • My colleague has Ubuntu and he can work with Wifi and LAN without any additional configuration:

    • His /etc/resolv.conf:

      # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.6.35.36
nameserver 10.6.67.36
nameserver 10.6.33.36
search ds.kb.cz

    • His ip route table:

      default via 10.88.14.1 dev enp0s25  proto static  metric 100 
default via 10.3.72.1 dev wlp3s0  proto static  metric 600 
10.3.72.0/21 dev wlp3s0  proto kernel  scope link  src 10.3.77.151  metric 600 
10.6.10.153 via 10.88.14.1 dev enp0s25  proto dhcp  metric 100 
10.6.10.153 via 10.3.72.1 dev wlp3s0  proto dhcp  metric 600 
10.88.14.0/24 dev enp0s25  proto kernel  scope link  src 10.88.14.134  metric 100 
169.254.0.0/16 dev wlp3s0  scope link  metric 1000

    • His interfaces:

      2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:21:cc:c8:0e:10 brd ff:ff:ff:ff:ff:ff
    inet 10.88.14.134/24 brd 10.88.14.255 scope global dynamic enp0s25
       valid_lft 684243sec preferred_lft 684243sec
    inet6 fe80::9eb7:79:e3f3:316b/64 scope link 
       valid_lft forever preferred_lft forever
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 8c:70:5a:ea:13:18 brd ff:ff:ff:ff:ff:ff
    inet 10.3.77.151/21 brd 10.3.79.255 scope global dynamic wlp3s0
       valid_lft 4990sec preferred_lft 4990sec
    inet6 fe80::f1cf:a51d:b4ae:9960/64 scope link 
       valid_lft forever preferred_lft forever

Offline

#11 2017-06-01 13:55:31

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,919

Re: Two networks - one for LAN, second for INTERNET

Your colleague uses a different wifi network then you.

the wifi network he connects with is 10.3.77.151/21 , you connect with 192.168.43.0/24 .

I could be wrong, but your wifi connection looks like it uses a consumer network (like most of us have at home) .
His wifi connection looks like it goes over the kind of guest network a company would setup for guests / employees.

Can you connect to the wifi network your colleague uses ?

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#12 2017-06-01 14:18:13

waldauf
Member
Registered: 2012-07-15
Posts: 133

Re: Two networks - one for LAN, second for INTERNET

Yes my colleague uses company's WIFI which is weak in space I'm working. So that's why I'm using cell phone hotspot or USB 3G modem. 

This is my configuration when I'm connected to company's WIFI. My interfaces:

2: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether b8:81:98:00:bc:c5 brd ff:ff:ff:ff:ff:ff
    inet 10.3.73.6/21 brd 10.3.79.255 scope global dynamic wlp1s0
       valid_lft 14134sec preferred_lft 14134sec
    inet6 fe80::6f3f:b74e:34ca:1ab8/64 scope link 
       valid_lft forever preferred_lft forever
3: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether c8:5b:76:07:5a:71 brd ff:ff:ff:ff:ff:ff
    inet 10.88.14.115/24 brd 10.88.14.255 scope global dynamic enp0s31f6
       valid_lft 691139sec preferred_lft 691139sec
    inet6 fe80::d3dd:d5ed:4136:cd3a/64 scope link 
       valid_lft forever preferred_lft foreve

Route table:

default via 10.88.14.1 dev enp0s31f6 proto static metric 20100 
default via 10.3.72.1 dev wlp1s0 proto static metric 20600 
10.3.72.0/21 dev wlp1s0 proto kernel scope link src 10.3.73.6 metric 600 
10.88.14.0/24 dev enp0s31f6 proto kernel scope link src 10.88.14.115 metric 100

And resolv.conf:

# Generated by resolvconf
search ds.kb.cz
nameserver 10.6.35.36
nameserver 10.6.67.36
nameserver 10.6.33.36
nameserver 10.6.65.36
nameserver 10.7.107.10

In my mind was born one question: Is it possible that LAN connection could block any other connections? In meaning - company doesn't want to use another connection (cell phone hotspot/3g modem) simultaneously with LAN....?

Offline

#13 2017-06-01 14:47:37

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,919

Re: Two networks - one for LAN, second for INTERNET

They probably have setup their network so the nameservers only allow 2 things : company lan + everything else through company wifi network .


If it's indeed dns-based, ip-address based communication should still work .

In theory you might be able to use your personal wifi to ssh to a trusted machine and access internet that way.
Keep in mind that there's very likely a company policy forbidding that.

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#14 2017-06-01 14:54:57

waldauf
Member
Registered: 2012-07-15
Posts: 133

Re: Two networks - one for LAN, second for INTERNET

I'm afraid the's the snag.... I have to find out how it is with network policy (it is little bit complicated, but that's my challenge).

@Lone_Wolf - thank you for your help!

Offline

Pages: 1

Board footer

Powered by FluxBB