Inter-VLAN issues VLAN interface not able to ping itself, route or NAT to internet Topic is solved

Having issues with your DietPi installation, or, found a bug? Post it here.
dpsguard
Posts: 43
Joined: Mon Aug 03, 2020 12:48 am

Re: Inter-VLAN issues VLAN interface not able to ping itself, route or NAT to internet

Post by dpsguard »

Thanks @trendy . I know more than basics of iptables, chains and especially that even ufw is frontend for iptables. I generally use ufw as you mentioned to be safe and easier to add rules and understand. What I meant was for the NAT, is this better to directly add the rule in the iptables or rather use the rule populated inside the ufw before.rules file, which then gets referenced by iptables.

I think, I will use this latter method, unless it could cause other issues, and I already did that and tested NAT working fine on my subinterface / vlan. Essentially with this, I am able to use eth0.120 as the LAN and eth0 as the WAN. The whole point is that if someone does not use the built-in Wireless AP and instead needs to use the same eth0 for in and out of traffic (with one or multiple external Wireless APs connected to RPi via POE switch, then all this is needed and is a valid use- case in certain situations. I am going to write some small tutorials on this subject and maybe related items, with due credit to you folks for expert help and guidance.

When I installed ufw, I set the logging to high, just to troubleshoot few things. But I have yet to find the log file location under dietPi. In Ubuntu, I could get it under /var/log/messages or /etc/var/ufw.log but I cannot find any of these. I then installed rsyslog and then I could see the usual messages and syslog file under var/log, but still no ufw.log.
User avatar
trendy
Posts: 133
Joined: Tue Feb 25, 2020 2:54 pm

Re: Inter-VLAN issues VLAN interface not able to ping itself, route or NAT to internet

Post by trendy »

dpsguard wrote: Tue Sep 29, 2020 4:01 am Thanks @trendy . I know more than basics of iptables, chains and especially that even ufw is frontend for iptables. I generally use ufw as you mentioned to be safe and easier to add rules and understand. What I meant was for the NAT, is this better to directly add the rule in the iptables or rather use the rule populated inside the ufw before.rules file, which then gets referenced by iptables.
In this case, better use the ufw altogether. A restart of ufw service or interface restart will wipe the custom masquerade rule and won't be added back in.
User avatar
Joulinar
Posts: 2277
Joined: Sat Nov 16, 2019 12:49 am

Re: Inter-VLAN issues VLAN interface not able to ping itself, route or NAT to internet

Post by Joulinar »

@dpsguard
In DietPi logging is reduced to a minimum to reduce r/w operations on SD cards. As well logs are saved within ramlog, means they are not boot persistent. Next to this logs are cleared once an hour. If needed, logging methode can be switched to a full log mode using dietpi-software. This will install rsyslog. ;)
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
dpsguard
Posts: 43
Joined: Mon Aug 03, 2020 12:48 am

Re: Inter-VLAN issues VLAN interface not able to ping itself, route or NAT to internet

Post by dpsguard »

Thank you @Joulinar and it makes perfect sense as to why logging is reduced in dietPi. I only installed rsyslog as I was not sure as to why teh syslog and messages are missing under var/log.

And thanks @trendy for your valuable suggestions. I actually save rules via iptables-save >somefile and then use rc.local to do iptables-restore for this exact reason that Iptables don't persist the reboots or crash (did not explore iptables persistence however). And since rc.local is not supported, I had to add support for it as this might be required by few people (though you can use cron as well, I guess to run at boot time to do this). Appreciate again all help and support.
User avatar
Joulinar
Posts: 2277
Joined: Sat Nov 16, 2019 12:49 am

Re: Inter-VLAN issues VLAN interface not able to ping itself, route or NAT to internet

Post by Joulinar »

@dpsguard
You can have a look to iptables-persistent. It's a service to restore iptables during boot

Code: Select all

apt install iptables-persistent
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply