[SOLVED] No IP forwarding with systemd-networkd from LAN to WAN

rahnmat · 2019-03-26 18:50:48

I setting up a simple network that has an Android Phone providing the internet connection with usb to an Arch Linux based router that provides it to the local area network with a wlan and an ethernet NIC.

So far I've been able to configure with systemd-networkd a fixed ip and a DHCP server on the wlan0 and the eth0 NICs and connect to them with an Arch Linux laptop (wlan0) and Windows-PC (eth0). Even when the subnets are configured to be 10.0.0.1/24 and 10.0.1.1/24 I'm able to ping from the PC, the laptop and the router without any problems.

Here is the router's eth0 network file, the wlan0 is just the same with ip set to 10.0.1.1/24 and gateway to 10.0.1.1.

[Match]
Name=eth0

[Network]
Address=10.0.0.1/24
Gateway=10.0.0.1
IPForward=ipv4
IPMasquerade=yes
DHCPServer=yes

I'm also able to connect the router to the Internet with the android phone and resolve hosts, sync time, update to the latest version with Pacman etc.. Don't have any graphics installed atm so can't comment on all web functionalities, however the basics seem to be there. Here is the usb0 network configuration.

[Match]
Name=usb0

[Network]
DHCP=yes
IPForward=ipv4

After all has been connected, I'm still not able to reach the Internet from the laptop nor from the workstation. I've also tried with and without iptables, I don't know if you need it to enable the kernel or will networkd do the trick with that masquerade option. Anyways, here is the output from the saved copy of iptables configuration file.

# Generated by iptables-save v1.8.2 on Mon Mar 25 17:45:40 2019
*mangle
:PREROUTING ACCEPT [1238:157375]
:INPUT ACCEPT [828:108048]
:FORWARD ACCEPT [409:49258]
:OUTPUT ACCEPT [836:76604]
:POSTROUTING ACCEPT [1245:125862]
COMMIT
# Completed on Mon Mar 25 17:45:40 2019
# Generated by iptables-save v1.8.2 on Mon Mar 25 17:45:40 2019
*nat
:PREROUTING ACCEPT [83:6046]
:INPUT ACCEPT [16:1219]
:OUTPUT ACCEPT [11:736]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o usb0 -j MASQUERADE
COMMIT
# Completed on Mon Mar 25 17:45:40 2019
# Generated by iptables-save v1.8.2 on Mon Mar 25 17:45:40 2019
*filter
:INPUT ACCEPT [80:9697]
:FORWARD ACCEPT [34:1768]
:OUTPUT ACCEPT [89:6620]
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o usb0 -j ACCEPT
-A FORWARD -i wlan0 -o usb0 -j ACCEPT
COMMIT
# Completed on Mon Mar 25 17:45:40 2019

IPForward is also set to 1 in sysctl globally and for all NICs individually as well.

Here is the output from ip route on the router

default via 10.0.0.1 dev eth0 proto static
default via 10.0.1.1 dev wlan0 proto static
default via 192.168.42.129 dev usb0 proto dhcp src 192.168.42.151 metric 10
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.1
10.0.1.0/24 dev wlan0 proto kernel scope link src 10.0.1.1
192.168.42.0/24 dev usb0 proto kernel scope link src 192.168.42.151
192.168.42.129 dev usb0 proto dhcp scope link src 192.168.42.151 metric 10

I have not touched any other configurations nor do I have any other networking software running besides systemd-networkd and hostapd for the wifi-ap. My router is fully updated to the latest release, but unfortunately my laptop and workstation have obsolete software - however I doubt my outdated NVIDIA graphics drives etc. has any effect on the bug observed here and the problem lies somewhere in the router itself. Have I missed something here?

Last edited by rahnmat (2019-03-27 15:36:15)

2ManyDogs · 2019-03-26 19:19:15

Please edit your post and use [ code ] tags (not quote tags) when posting output.

https://wiki.archlinux.org/index.php/Co … s_and_code
https://bbs.archlinux.org/help.php#bbcode

edacval · 2019-03-27 00:09:36

Try to delete "Gateway=..." from both wlan0.network and eth0.network .

Last edited by edacval (2019-03-27 00:11:12)

sincomil · 2019-03-27 08:25:45

You can check what is going on with network packets from your client network by watching output of tcpdump. Also you can check if your iptables rules are working if according rule counters get increased, but first you have to reset counters by

iptables -Z
iptalbes -Z -t nat

rahnmat · 2019-03-27 15:35:04

edacval wrote:

Try to delete "Gateway=..." from both wlan0.network and eth0.network .

Thank you, this did the trick!

Now the output from ip route on the router is:

default via 192.168.42.129 dev usb0 proto dhcp src 192.168.42.162 metric 1024
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.1
10.0.1.0/24 dev wlan0 proto kernel scope link src 10.0.1.1
192.168.42.0/24 dev usb0 proto kernel scope link src 192.168.42.162
192.168.42.129 dev usb0 proto dhcp scope link src 192.168.42.162 metric 1024

I had some suspicions about those default routes that pointed towards 10.0.0.1 and 10.0.1.1. Now they are gone and the problem is also.

The reason why I had the gateway option set is because it was stated to be mandatory in Arch Linux wikipedia:

Gateway= this option is mandatory unless DHCP is used

https://wiki.archlinux.org/index.php/systemd-networkd#[Route]

Can somebody explain to me when is that gateway necessary and when it is not? The reason why I had to make this topic in the first place was because I don't have such a strong knowledge about networking and was just blindly following orders that seem to contradict with the way these systems work?

Lone_Wolf · 2019-03-27 16:36:38

Gateway= this option is mandatory unless DHCP is used

emphasis by me

Dhcp servers do more then just assigning ip-addresses.

Arch Linux

#1 2019-03-26 18:50:48

[SOLVED] No IP forwarding with systemd-networkd from LAN to WAN

#2 2019-03-26 19:19:15

Re: [SOLVED] No IP forwarding with systemd-networkd from LAN to WAN

#3 2019-03-27 00:09:36

Re: [SOLVED] No IP forwarding with systemd-networkd from LAN to WAN

#4 2019-03-27 08:25:45

Re: [SOLVED] No IP forwarding with systemd-networkd from LAN to WAN

#5 2019-03-27 15:35:04

Re: [SOLVED] No IP forwarding with systemd-networkd from LAN to WAN

#6 2019-03-27 16:36:38

Re: [SOLVED] No IP forwarding with systemd-networkd from LAN to WAN

Board footer