Routing from private interface to public interface

routing ubuntu-20.04

Our server has two interface, one for connecting through internet and the other for internal network.

172.20.54.10 -> Interface with static ip for connecting through internet
10.1.1.1     -> Internal network

The following configurations is seen

$ ip route
default via 172.20.54.1 dev enp12s0f1 proto static metric 20100
10.1.1.0/24 dev enp12s0f0 proto kernel scope link src 10.1.1.1 metric 101
169.254.0.0/16 dev enp12s0f1 scope link metric 1000
172.20.54.0/24 dev enp12s0f1 proto kernel scope link src 172.20.54.10 metric 100
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp12s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:e0:81:e4:84:84 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.1/24 brd 10.1.1.255 scope global noprefixroute enp12s0f0
       valid_lft forever preferred_lft forever
    inet6 fe80::a424:72eb:4702:8f86/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: enp12s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:e0:81:e4:84:85 brd ff:ff:ff:ff:ff:ff
    inet 172.20.54.10/24 brd 172.20.54.255 scope global noprefixroute enp12s0f1
       valid_lft forever preferred_lft forever
    inet6 fe80::b0cf:3f53:bb4e:d836/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

The internal network contains some VMs which have 10.1.1.X IP addresses and it seems that they are not connecting to the internet through the the public interface of the server. The server is Ubutnu 20.04.

Should I config something else for ip forwarding?

UPDATE:

The ip_forward is enabled in the kernel

$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

I also have to say that VMs, e.g 10.1.1.3, are able to ping the private interface, 10.1.1.1, but they are not able to ping 8.8.8.8.

enter image description here


Solution 1:

Most likely you should use NAT.

Use the following rule:

iptables -t nat -A POSTROUTING -o enp12s0f1 -j MASQUERADE

Related

8: Syntax error: word unexpected (expecting ")")
Redirect Privoxy traffic through OpenVpn
OpenVPN 2.4.3 connection issues with AES-256-GCM
Not able to install docker on redhat
AngularJS Service Passing Data Between Controllers
Generating Java interface with SWIG
Is there any way to loop through a struct with elements of different types in C?
Get DIV content from external Website
Access variable in different class - Swift
How to create a simple google maps address search with autocomplete in flutter and get latitude and longitude?
Should I delete the move constructor and the move assignment of a smart pointer?
Change language of alert in banner of Push Notification