Code: Select all
*****************
* *
* Internet *
* *
*****************
+
+ wired
+ connection
+
***************** *****************
* sagemcom * wifi * *
* wifi/Router *+++++++++++++++* adult devices *
*ip:192.168.0.1 * * unfiltered *
* * * *
***************** *****************
+
+ wired
+ connection
+
******************
*ip:192.168.0.40 *
* enp2s0 *
* *
* CentOS server *
* DNS, Apache, *
* Squid, *
* Squid Guard *
* *
*ip:192.168.1.102*
* enp6s0 *
******************
+
+ wired
+ connection
+
****************** *****************
* * * *
* ip:192.168.1.1 * wifi * childrens *
* TP-Link *++++++++++++++* devices *
* wifi/router * * filtered *
* * * *
****************** *****************
I believe it is something to do with the routing table and/or the firewall and masqurading.
here is what I believe is the relevant data on the server
$ ip route list
default via 192.168.0.1 dev enp2s0 proto dhcp metric 100
default via 192.168.1.1 dev enp6s0 proto dhcp metric 101
192.168.0.0/24 dev enp2s0 proto kernel scope link src 192.168.0.40 metric 100
192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.102 metric 101
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
$ firewall-cmd --state
running
$ firewall-cmd --list-all
You're performing an operation over default zone ('public'),
but your connections/interfaces are in zone 'internal,external' (see --get-active-zones)
You most likely need to use --zone=internal option.
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client http https ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
$ firewall-cmd --zone=internal --list-all
internal (active)
target: default
icmp-block-inversion: no
interfaces: enp6s0
sources:
services: dhcpv6-client mdns samba-client ssh
ports: 3126/tcp 3127/tcp 3128/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
$ firewall-cmd --zone=external --list-all
external (active)
target: default
icmp-block-inversion: no
interfaces: enp2s0
sources:
services: ssh
ports:
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
$ firewall-cmd --check-config
success
I hope this is enough info for someone to figure out why the CentOS box is not sharing the internet with the TP-Link Router!
TIA!