Received: from mail-vs1-xe2e.google.com (mail-vs1-xe2e.google.com [IPv6:2607:f8b0:4864:20::e2e]) by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id D89DB21FFF9 for <~alpine/users@lists.alpinelinux.org>; Thu, 20 Apr 2023 16:52:17 +0000 (UTC) Received: by mail-vs1-xe2e.google.com with SMTP id ada2fe7eead31-42e35b7290fso197897137.3 for <~alpine/users@lists.alpinelinux.org>; Thu, 20 Apr 2023 09:52:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1682009537; x=1684601537; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=iBjQBrtgHElaMY35opbsRNs2Fc3Y6feN2/qU1RRAmds=; b=aFg4gIgGJu45hXv46D1el1pXrugvevhFIplY502yTfEgiAm50zVv49yuDfYJjiHC72 7pHCkQTgVGufIDMBZP5rW7wsprljJURN6BHSNmEhXwLUIUNl4tEmnkqLTD54Fpz6cNa4 eYXfC50E+j/VHo00QXrz9JvHslht9EW0LudYGg88z58HD6FWk7ecjIfi7iVVpJa3sBQl fIeCkHQMptDCgsn3CNmH6SgNiuamHwAQFTjCe+Dd7jRk7rg+n4fYjhaMcahgSfRO/SJW l9DE0cakrfFJgNLklq7p4XCeaZlKDJwCbLBuwOGzcKu1QMJfpWr73zEnoCMsGMrZt6lp x03Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682009537; x=1684601537; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iBjQBrtgHElaMY35opbsRNs2Fc3Y6feN2/qU1RRAmds=; b=Zz9unc/modCw2xq5/nJaaIhpM+Mewkhmx89sZ6nSrH7RbGHZwCv+W+y/XxhpKkoixD LLqy06/SLQgI+1h530HGNot6PkqTyGljTZS1OopRP3Nq/Vdx7ue5zMqvBYCPTthMcbin i++FxXZlqFQwnHA5TD2g7tk5FxJKrSd+qusKhzpH57gaHFWLbFtGJa+CNsqxZsdvtKPO oQjj35CDNUcw8UH4FAoWkldl8tQxDTibNCfbrGJueS0v1jGbntBmmoDJZsyen4nhMKYq pshArG4V+3AKs847XjPYEABqqgq0vvFTn9IGQZ3wmQ9ch7Vi43hFRFYJqwmZ8stEpb1b z8pA== X-Gm-Message-State: AAQBX9eIDcVp7CUI38fSbDIQ0Qz8SIA7/wUkZ9IYmSEnl5tZOz3EKUoR QPHCGxvn3QSAV/cMl7ELzM72ZtruESJmySR9M3xQM5jY X-Google-Smtp-Source: AKy350a4oflytzC8yhJlnjnhw5Lk13S7l6q5MxPrB7fcnYiEwrwlo4+Qc0IUb9EKAk9AFiaHYmykRDNX3YZaqop5eQo= X-Received: by 2002:a05:6102:3bd8:b0:42f:ee5c:4997 with SMTP id a24-20020a0561023bd800b0042fee5c4997mr1521876vsv.34.1682009536728; Thu, 20 Apr 2023 09:52:16 -0700 (PDT) MIME-Version: 1.0 References: <8c9ea2f0-4b89-30b4-6748-28875db2d0e7@itwrx.org> In-Reply-To: <8c9ea2f0-4b89-30b4-6748-28875db2d0e7@itwrx.org> From: Konstantin Kulikov Date: Thu, 20 Apr 2023 19:52:05 +0300 Message-ID: Subject: Re: router/firewall not forwarding traffic between interfaces? To: ITwrx Cc: ~alpine/users@lists.alpinelinux.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Maybe default gw on the client is missing then (at least you don't set it in dhcpd conf, but i'm not familiar with it). Run tcpdump on both machines, make sure packets actually go through. On Thu, Apr 20, 2023 at 7:45=E2=80=AFPM ITwrx wrote: > > On 4/20/23 11:17 AM, Konstantin Kulikov wrote: > > Don't you need to enable forwarding on both interfaces? I usually just > > enable it in /etc/conf.d/nftables and block unwanted traffic in the > > firewall. > > > > Your nftables config seems correct. > > Thanks for your response! > > It seems i had tried enabling forwarding on eth0 previously, as it was > already in /etc/sysctl.conf, but was commented out. I just retried with > /etc/sysctl.conf as: > > # content of this file will override /etc/sysctl.d/* > net.ipv4.ip_forward=3D1 > net.ipv4.conf.eth1.forwarding=3D1 > net.ipv4.conf.eth0.forwarding=3D1 > > and after reboot got: > > "network is unreachable" for www.google.com, 8.8.8.8, and 192.168.43.1 > (upstream router wan interface) > > while pinging 10.2.0.1 (upstream router lan interface) was successful. > > /etc/conf.d/nftables already has: > > enable_forwarding=3D"yes" > > any other ideas appreciated >