Internet Sharing

[xbucaneer]

My network has the following topgraphy

Code: Select all

        *****************
	*		*
	*   Internet	*
	*		*
	*****************
		+
		+ wired
		+ connection
		+
	*****************		*****************
	*  sagemcom	*     wifi	*		*
	*  wifi/Router	*+++++++++++++++* adult devices *
	*ip:192.168.0.1 *		* unfiltered	*
	*		*		*		*
	*****************		*****************
		+
		+ wired
		+ connection
		+
	******************
	*ip:192.168.0.40 *
	*    enp2s0	 *
	*		 *	
	* CentOS server  *
	* DNS, Apache,	 *
	* Squid,	 *
	* Squid Guard	 *
	*		 *
	*ip:192.168.1.102*
	*   enp6s0	 *
	******************
		+
		+ wired
		+ connection
		+
	******************		*****************
	*		 *		*		*
	* ip:192.168.1.1 *     wifi	*   childrens	*
	*  TP-Link	 *++++++++++++++*    devices	*
	*  wifi/router	 *		*   filtered	*
	*		 *		*		*
	******************		*****************

All services on the CentOS box appear to be working, but I am having trouble getting the internet to the TP-Link Router.
I believe it is something to do with the routing table and/or the firewall and masqurading.
here is what I believe is the relevant data on the server


$ ip route list
default via 192.168.0.1 dev enp2s0 proto dhcp metric 100
default via 192.168.1.1 dev enp6s0 proto dhcp metric 101
192.168.0.0/24 dev enp2s0 proto kernel scope link src 192.168.0.40 metric 100
192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.102 metric 101
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1

$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

$ firewall-cmd --state
running

$ firewall-cmd --list-all
You're performing an operation over default zone ('public'),
but your connections/interfaces are in zone 'internal,external' (see --get-active-zones)
You most likely need to use --zone=internal option.

public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client http https ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

$ firewall-cmd --zone=internal --list-all
internal (active)
target: default
icmp-block-inversion: no
interfaces: enp6s0
sources:
services: dhcpv6-client mdns samba-client ssh
ports: 3126/tcp 3127/tcp 3128/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

$ firewall-cmd --zone=external --list-all
external (active)
target: default
icmp-block-inversion: no
interfaces: enp2s0
sources:
services: ssh
ports:
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:

$ firewall-cmd --check-config
success

I hope this is enough info for someone to figure out why the CentOS box is not sharing the internet with the TP-Link Router!
TIA!

[BShT]

$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

[xbucaneer]

$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

but still the TP-Link router reports
ADSL Info
Line State: Down
Line Rate - Upstream (Kbps): 0
Line Rate - Downstream (Kbps): 0

[TrevorH]

What connection or not your router gets with the outside world has nothing to do with what you configure on CentOS. Fix your router so it talks to ADSL first.

[xbucaneer]

The sagemcom router connects the CentOS box to the outside world and is an unfiltered gateway to the internet. works fine!
The CentOS box runs a transparent proxy/filter ... works fine!
and passes that filtered content to the TP-Link Router. Not working as the TP-Link router has no ADSL signal
The TP-Link Router allows the children to log on... works fine
and gives them safe internet access. No internet to the router means no internet for the children.
I have tried setting the TP-Link router to "Wireless Router Mode" instead of "ADSL Router Mode" but that crashes the TP-Link router requiring a factory reset to get it going again.
Aside from that if I bypass the sagemcom router and the CentOS box completely and plug the ADSL line directly into the TP-Link router I get unfiltered internet to all devices, so it is definitely a problem with the CentOS box not sharing the connection.

[xbucaneer]

What connection or not your router gets with the outside world has nothing to do with what you configure on CentOS. Fix your router so it talks to ADSL first.

or
maybe I should try a crossover cable between the the CentOS box and the TP-link router!

[jlehtone]

The "TP-link router" is probably a consumer "all-in-one" device that has:

• Wireless Access Point
• 4-port network switch
• "WAN-port"
• ADSL modem
• Router
• DHCP server

If it has all those, then:

• Clients connected via WiFi or wired to switch ports are in subnet "LAN"
• ADSL-connection or WAN-port is in subnet "WAN"
• The DHCP server offers network config for clients in LAN
• Router routes between LAN and WAN

You have described a network topology that potentially has three routers and four subnets:
WAN-- sagecom --LAN(adult)-- CentOS --LAN(issue)-- TPlink --LAN(child)

I would definitely cut out at least one to get:
WAN-- sagecom --LAN(adult)-- CentOS --LAN(child)

That is, you don't want the TP-link to be a router (and therefore, not a DHCP-server either).
Most consumer all-in-one devices should allow that and usually call it "bridged mode".

That is,

• Disable the DHCP server on TP-link
• Do not connect anything to ADSL- or WAN-ports
• Connect CentOS to switch (LAN) port

Now the TP-link is only a network switch that connects wired and WiFi clients (CentOS and children) of the same subnet LAN(child).

However, if 192.168.1.0/24 is the LAN(child) and CentOS has address 192.168.1.102 on it, all the children devices must
be configured to use 192.168.1.102 as the gateway of LAN(child). The DHCP server of TP-link cannot do that, because
it is hard-coded to give the TP-link (192.168.1.1) as gateway.

Therefore, the CentOS must run DHCP server for the LAN(child). A WiFi client establishes WiFi connection with Access Point (AP),
but the DHCP server can be elsewhere in the subnet, "behind" the AP.

dnsmasq is quite easy to set up as the DHCP server (and also as the DNS server) on CentOS. Just make sure that it does
not listen on enp2s0 as you can't have DHCP server on both sagecom and CentOS for the LAN(adult).


PS. "CentOS"? You have posted on CentOS Stream Forum, so you have CS8 or CS9? I'd rather use one of the EL distros (RHEL, Alma, Rocky, etc) for "production".

[xbucaneer]

The "TP-link router" is probably a consumer "all-in-one" device that has:

• Wireless Access Point
• 4-port network switch
• "WAN-port"
• ADSL modem
• Router
• DHCP server

If it has all those, then:

• Clients connected via WiFi or wired to switch ports are in subnet "LAN"
• ADSL-connection or WAN-port is in subnet "WAN"
• The DHCP server offers network config for clients in LAN
• Router routes between LAN and WAN

You have described a network topology that potentially has three routers and four subnets:
WAN-- sagecom --LAN(adult)-- CentOS --LAN(issue)-- TPlink --LAN(child)

I would definitely cut out at least one to get:
WAN-- sagecom --LAN(adult)-- CentOS --LAN(child)

That is, you don't want the TP-link to be a router (and therefore, not a DHCP-server either).
Most consumer all-in-one devices should allow that and usually call it "bridged mode".

That is,

• Disable the DHCP server on TP-link
• Do not connect anything to ADSL- or WAN-ports
• Connect CentOS to switch (LAN) port

Now the TP-link is only a network switch that connects wired and WiFi clients (CentOS and children) of the same subnet LAN(child).

However, if 192.168.1.0/24 is the LAN(child) and CentOS has address 192.168.1.102 on it, all the children devices must
be configured to use 192.168.1.102 as the gateway of LAN(child). The DHCP server of TP-link cannot do that, because
it is hard-coded to give the TP-link (192.168.1.1) as gateway.

Therefore, the CentOS must run DHCP server for the LAN(child). A WiFi client establishes WiFi connection with Access Point (AP),
but the DHCP server can be elsewhere in the subnet, "behind" the AP.

dnsmasq is quite easy to set up as the DHCP server (and also as the DNS server) on CentOS. Just make sure that it does
not listen on enp2s0 as you can't have DHCP server on both sagecom and CentOS for the LAN(adult).


PS. "CentOS"? You have posted on CentOS Stream Forum, so you have CS8 or CS9? I'd rather use one of the EL distros (RHEL, Alma, Rocky, etc) for "production".

Thank you for your detailed response, I will replace the straight through cable with a crossover today and try your solution above today...
and yes the TP-Link allows "bridged mode"
I am using CentOS 7 but intend to upgrade to 8 once I have this system working to my satisfaction!

[BShT]

Centos 8 Stream is NOT an enterprise linux

[jlehtone]

Emphasis of the fact is good.

Straight through and crossover cables should not matter any more.
MDI, MDI-X, and type of cable did matter with 100Base-T networks, until "auto MDI-X" appeared
and in 1000Base-T auto MDI-X is part of standard. See https://en.wikipedia.org/wiki/Medium-de ... _interface