Migration Centos 8 > OL8 / Can't get modem router and LAN working — oracle-tech

    Forum Stats

  • 3,714,821 Users
  • 2,242,634 Discussions
  • 7,845,081 Comments

Discussions

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Migration Centos 8 > OL8 / Can't get modem router and LAN working

Wolfgang_R
Wolfgang_R Member Posts: 13 Green Ribbon

I am a linux enthusiast and migrated from Centos 7 to OL8.. and I am running into issues I don't seem to be able to fix:


Trying to setup me box as modem/router as I had it in Centos 7, with iptables and network-scripts.

The server has two NICs: LAN=enp3s0 / WAN = ep5s0/ppp0

Package forwarding is set: net.ipv4.ip_forward = 1

Firewall is up and running :

…..

###############################################################

### OUTBOUND Rule: Allow ALL packets out the external device

iptables -A OUTPUT -o $EXT_DEV -j ACCEPT

iptables -A FORWARD -i $INT_DEV -o $EXT_DEV -j ACCEPT


###############################################################

### MASQUERADING: All packets from the internal network will appear as if they had originated from the firewall.

iptables -t nat -A POSTROUTING -o $EXT_DEV -s $INT_NET -j MASQUERADE

…..

I ran pppoe-setup top configure interface to my ISP.


DNS server from my ISP are set correctly:

more /etc/resolv.conf

# MADE-BY-RP-PPPOE

nameserver 80.58.61.250

nameserver 80.58.61.254


When booting the computer the network start fails.

Systemctl status network gives me:

Active: failed

...Bringing up interface enp3s0: [ OK ]

...Bringing up interface enp5s0: [ OK ]

...Bringing up interface ppp0: ERROR : [/etc/sysconfig/network-scripts/ifup-eth] Device ppp0 does not seem to be present, delaying initialization.

...home.wo-lar.com network[945]: [FAILED]

… home.wo-lar.com systemd[1]: network.service: Control process exited, code=exited status=1



When on CLI I can start ppp0 manually with pppoe-start and after that the network with systemctl start network. I have access to internet and can run dig, dnf install. All working.

This is what I find in varlog/messages:

pppd[5666]: pppd 2.4.7 started by wp.rauchholz, uid 0

pppd[5666]: Using interface ppp0

pppd[5666]: Connect: ppp0 <--> /dev/pts/1

systemd-udevd[5668]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.

pppoe[5667]: PPP session is 1063 (0x427)

pppd[5666]: CHAP authentication succeeded

pppd[5666]: CHAP authentication succeeded

kernel: PPP BSD Compression module registered

pppd[5666]: local IP address 88.1.251.17

pppd[5666]: remote IP address 192.168.144.1

home systemd[5561]: Starting Mark boot as successful...

home systemd[5561]: grub-boot-success.service: Succeeded.

systemd[5561]: Started Mark boot as successful.

systemd[1]: Starting LSB: Bring up/down networking...

home network[5725]: Bringing up loopback interface: [ OK ]

home network[5725]: Bringing up interface enp3s0: [ OK ]

home network[5725]: Bringing up interface enp5s0: [ OK ]

home network[5725]: Bringing up interface ppp0: [ OK ]

home network[5725]: RTNETLINK answers: File exists



I also have no access from the LAN to internet.

From my laptop I tried this:

(1)traceroute google.com

google.com: Name or service not known

Cannot handle "host" cmdline arg `google.com' on position 1 (argc 1)

(2) traceroute 8.8.8.8

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets


Why does Centos does not start ppp0 at startup and claims ppp0 is not present?

What am I missing to get internet access from my LAN?


Thanks a lot for your help.

Best Answer

Answers

  • Avi Miller-Oracle
    Avi Miller-Oracle Senior Solution Architect, Oracle Cloud Infrastructure Developer Adoption Melbourne, AustraliaPosts: 4,728 Employee

    Your question title says "Migration from CentOS 8 to OL8" but the first line says CentOS 7. Then at the end you ask why CentOS isn't starting ppp0, so I'm confused about which OS you're actually using. :)

    Assuming you switched from CentOS 8 to Oracle Linux 8 (which is supported by centos2ol.sh from GitHub), the issue is probably because OL8 (and CentOS 8) default to NetworkManager and nftables/firewalld. I would recommend trying to use those default tools instead of the legacy ones from C7.

    To install the required packages on OL8:

    $ sudo dnf install ppp NetworkManager-ppp
    

    I checked the ppp package which includes the rp-pppoe.so module on OL8. According to the /usr/share/doc/ppp/README.pppoe file, you need to manually add the line "plugin rp-pppoe.so" to /etc/ppp/options after you install the package so that it makes your ethX devices valid for pppd.

    $ echo "plugin rp-pppoe.so" | sudo tee -a /etc/ppp/options
    

    Then you can use nmcli to add the connection:

    sudo nmcli connection add type pppoe \
         ifname enp3s0 con-name ppp0 autoconnect true \
         username <pppoe_username> password <pppoe_password>
    

    You can then start the connection with:

    $ sudo nmcli con up ppp0
    

    For more options, run nmcli con add help or start the interactive connection editor by running nmcli con edit ppp0 instead.

    To enable masquerading with Firewalld, use the firewall-cmd tool:

    $ sudo firewall-cmd --zone=public --add-masquerade --permanent
    $ sudo firewall-cmd --reload
    

    Unfortunately, I don't actually have a PPPoE connection I can test this with, but I've validated each command and they all work individually. Please let me know if this works for you.

    Wolfgang_R
  • Wolfgang_R
    Wolfgang_R Member Posts: 13 Green Ribbon

    Hi Avi, thankyou for helping. Very much appreciated.

    The whole story. I never ran under Centos 8. I was running under Centos 7 wanted to upgrade to Centos 8 but becasue redhat killed it I went staright to OL8. I wanted to replicate the Centos 7 config, but will follow your advice given here.

    This is the layout:

    enp3s0 : LAN interface with static IP

    enp5s0/ppp0: WAN interface. I'll set BOOTPROTO=none in enp5s0

    I will follow your script here and hope it get connection formr LAN.

    If this works, then I will concert my iptables firewall (attached in file) to nftables, stop firewalld and move to nftables and continue building LAMP stach, VPN server etc..

    I hope to find some time after work today.

    Again thanks for the help and I will post here progress.


    Wolfgang


  • andreas.dijkman
    andreas.dijkman Member Posts: 46 Bronze Badge
    edited January 19

    My suggestion also would be to check if firewalld is also installed. We had issues that if you have iptables (with nftables-backend) installed that iptables would load up nftables-tables (confusing, I know) and firewalld too. Those aren't mutually exclusive, so don't have them installed at the same time.

    This is the output of a iptables/nftables combo. If you also have firewalld installed, you have some extra firewalld tables in there that could really throw you off. Be aware!

    [[email protected] ~]# nft list tables
    table ip6 filter
    table bridge filter
    table ip6 security
    table ip6 raw
    table ip6 mangle
    table ip6 nat
    table bridge nat
    table ip filter
    table ip security
    table ip raw
    table ip mangle
    table ip nat
    

    And as @Avi Miller-Oracle already mentioned, NetworkManager(-tui) is your friend onder OL8!

  • Wolfgang_R
    Wolfgang_R Member Posts: 13 Green Ribbon

    My plan is not to install iptables-services but to initiate with firewalld.

    Once this is working I will consider moving to nftables as this is the future as I understand. I never worked with it and don't know the syntax yet.

    Do you think that the conversion tool will do the job right with the firewall I attached ?


    Wolfgang

  • Wolfgang_R
    Wolfgang_R Member Posts: 13 Green Ribbon

    Thanks for your insight and I'll give it a try.

    I think I will compile a full set of steps and make a howto once it is working

  • Wolfgang_R
    Wolfgang_R Member Posts: 13 Green Ribbon
    edited January 19

    I guess I am getting close, but I still have no internet connection from my LAN. This is what I did:

     enp3s0 (LAN) has a static IP and enp5s0 (WAN) is disabled and bound to ppp0

    • echo "plugin rp-pppoe.so" | sudo tee -a /etc/ppp/options
    • nmcli connection add type pppoe ifname enp5s0 con-name ppp0 autoconnect true username [email protected] password adslppp
    • sysctl -w net.ipv4.ip_forward=1
    • firewall-cmd --zone=internal --change-interface=enp3s0 --permanent
    • firewall-cmd --zone=external --change-interface=enp5s0 --permanent
    • firewall-cmd --zone=external –change-interface=ppp0--permanent
    • firewall-cmd --permanent --zone=internal --add-source=10.5.2.0/24
    • firewall-cmd --zone=external --add-masquerade --permanent
    • firewall-cmd --zone=internal --add-service dns --permanent
    • firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING -o ppp0 -j MASQUERADE -s 10.5.2.0/24
    • firewall-cmd reload


    (1) ppp0 does not come up automatically. I need to start it from CLI. But I can access the internet from the server's CLI

    (2) firewall-cmd --get-active-zone

    external

    interfaces: ppp0 enp5s0

    internal

    interfaces: enp3s0

    sources: 10.5.2.0/24



    (3) firewall-cmd --zone=internal --list-all

    internal (active)

    target: default

    icmp-block-inversion: no

    interfaces: enp3s0

    sources: 10.5.2.0/24

    services: cockpit dhcpv6-client dns mdns samba-client ssh

    ports:

    protocols:

    masquerade: no

    forward-ports:

    source-ports:

    icmp-blocks:

    rich rules:


    (4) firewall-cmd --zone=external --list-all

    external (active)

    target: default

    icmp-block-inversion: no

    interfaces: enp5s0 ppp0

    sources:

    services: ssh

    ports:

    protocols:

    masquerade: yes

    forward-ports:

    source-ports:

    icmp-blocks:

    rich rules:  


    Again, thanks for helping

  • Avi Miller-Oracle
    Avi Miller-Oracle Senior Solution Architect, Oracle Cloud Infrastructure Developer Adoption Melbourne, AustraliaPosts: 4,728 Employee

    What's the output of firewall-cmd --get-default-zone and firewall-cmd --query-masquerade on that box?

  • Avi Miller-Oracle
    Avi Miller-Oracle Senior Solution Architect, Oracle Cloud Infrastructure Developer Adoption Melbourne, AustraliaPosts: 4,728 Employee
  • Wolfgang_R
    Wolfgang_R Member Posts: 13 Green Ribbon

    Hi Avi,


    firewall-cmd --get-default-zone gives me "public"

    firewall-cmd --query-masquerade You're performing an operation over default zone ('public'),but your connection/Interfaces are in zone 'external'.

    no

    firewall-cmd --zone=externa --query-masquerade

    yes

    From the webpage you sent (thanks) I see that I need to add masquerade also for the internal zone?

    firewall-cmd --zone=internal --add-masquerade --permanent

    and then:

    [[email protected] ~]# firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o ppp0 (or do I need to set enp5s0?) -j MASQUERADE

    [[email protected] ~]# firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i enp3s0 -o ens8 -j ACCEPT

    [[email protected] ~]# firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i enp3s0 -o ens2 -m state --state RELATED,ESTABLISHED -j ACCEPT

    Am I something missing?

    Concerning ppp0 and as it does not come up with boot. I reviewed /var/log/messages but could not find anything. Any ideas where I can look?


    Thank you

    andreas.dijkman
  • Avi Miller-Oracle
    Avi Miller-Oracle Senior Solution Architect, Oracle Cloud Infrastructure Developer Adoption Melbourne, AustraliaPosts: 4,728 Employee
    edited January 19

    First, you need to add masquerading to the external zone as that will masquerade on behalf of the internal zone.

    Sorry, got that wrong. Yes, if you want packets from internal to go out via the external IP address, you need to masquerade on internal. If you want to port forward packets from the external IP address to internal hosts, you need to masquerade on external.

    Note that only ppp0 should be external, though perhaps it pulls in the ethernet device automatically.

    What's the output of nmcli con show ppp0 on the box? The value for connection.autoconnect should be yes and connection.master should be enp5s0.

  • Wolfgang_R
    Wolfgang_R Member Posts: 13 Green Ribbon

    nmcli con show ppp0 shows

    ...

    connection.type pppoe

    connection.interface.name enp5s0

    connection.autoconnect yes

    connection.autoconnect.priority 0

    connection.master blank (I will set this to np5s0)


    I set enp5s0 to zone external. Shall I remove zone and not assign any new?


    Un saludo, Wolfgang

  • Avi Miller-Oracle
    Avi Miller-Oracle Senior Solution Architect, Oracle Cloud Infrastructure Developer Adoption Melbourne, AustraliaPosts: 4,728 Employee

    I got the nmcli creation command slightly wrong. Sorry about that!

    Here's the right command:

    nmcli con add type pppoe \
      ifname ppp0 con-name ppp0 \
      autoconnect yes save yes \
      username <username> password <password> \
      parent enp5s0
    

    That's the correct way to specify the enp5s0 device as the parent for the ppp0 connection.

    andreas.dijkman
  • Wolfgang_R
    Wolfgang_R Member Posts: 13 Green Ribbon

    Hi, just wanted to provide feedback. Finally this weekend I had time to get back to my server and it is working! Thank you Avi!

    When I have a bit more time, then I will post a summary of what I did. I added a basic DHCP service to the step to allow the clients on the LAN to get IP properly assigned. That was easier for testing than setting it manually.


    Thanks again


    Wolfgang

  • Avi Miller-Oracle
    Avi Miller-Oracle Senior Solution Architect, Oracle Cloud Infrastructure Developer Adoption Melbourne, AustraliaPosts: 4,728 Employee

    You're welcome! I also recommend using "dnsmasq" as your DHCP service for this sort of thing, so you get automatic local DNS included without much configuration. Using dnsmasq is a lot easier than configuring ISC DHCP to update BIND.

Sign In or Register to comment.