Advanced network

AH6LE · August 7, 2023, 9:31pm

Trying to help out a buddy who is running ASL with Echolink. He uses 2 NICS, one connected to his LAN (internet router enabled) and the other connected to the AREDN Mesh network.
All appropriate ports are properly forwarded in both routers. His ASL node is public but connects to a remote private node, on the Mesh side of things.

Now the fun part…

Inbound Internet Echolink connects work fine. Inbound ASL Internet connects do not but outbound to public ASL nodes work. Yes I know, BUT PORT ROUTING IS PROPERLY DEFINED IN HIS INTERNET ROUTER

Inbound ASL connects work just fine from the Mesh NIC. So what are we missing?

Mike · August 8, 2023, 7:29pm

Sounds like a IP/NIC routing issue.

What is the node number in question?
What is the public IP for that server holding the node (normal internet service)?
What is the ip for the mesh network at the server?

AH6LE · August 9, 2023, 3:27am

Node is 54326
Public ip 73.157.138 95
Mesh ip 10 .216.155.86

As you see, totally different nets

Mike · August 9, 2023, 10:09am

You will need to do some google work on gateway/routing with 2 NIC;s.

But verify the settings for each NIC first.

AH6LE · August 9, 2023, 10:58pm

I would agree with that except for that fact that Echolink works fine. Echolink is just another layer on ASL, no?

N8EI · August 9, 2023, 11:44pm

Which interface is originating the default outbound traffic:

ip route show default

Make sure that where is says “default via n.n.n.n dev _____ …”, the _____ is the interface with the IP address that should be the default outbound to the Internet. It’s also possible there are two default routes defined which never works well. I don’t know much about ARDEN mesh stuff, but I assume it runs some sort of routing protocols? Need to make sure it’s not leaking in an unexpected default route.

AH6LE · August 10, 2023, 2:46pm

Correctly shows both NICs

default via 10.216.115.81 dev ens18 
default via 192.168.1.1 dev enx00e04c36010f proto dhcp metric 100

Mike · August 10, 2023, 4:25pm

With still unknown gateway routing,
The thing that stands out to me from what you show is the DHCP on the public network.

So, do you have adequate measure to route ports required to what is suppose to be the asl server?
Because the address can change. And likely is. If you are forwarding by mac, it would not be an issue, so I can only pose the question.

But I would say it would be recommended to change that to static addressing unless you have good reason not to and before you make other adjustments.
And recheck port forwarding matches the static address.

AH6LE · August 10, 2023, 5:45pm

Yes, DHCP is used but its MAC is reserved in the router

Mike · August 10, 2023, 6:47pm

What is the gateway address and the dns addresses for the public NIC ?

AH6LE · August 10, 2023, 6:55pm

192.168.1.1 is the correct gateway but I don’t quite grasp your 2nd question. Do you mean the DNS range?

Mike · August 10, 2023, 10:08pm

Let me pose the question this way…
what is the result of cat /etc/resolv.conf

Mike · August 10, 2023, 10:10pm

root@eoh:~# nmap -sU -p 4569 73.157.138.95
Starting Nmap 7.70 ( https://nmap.org ) at 2023-08-10 18:06 EDT
Nmap scan report for c-73-157-138-95.hsd1.or.comcast.net (73.157.138.95)
Host is up (0.099s latency).

PORT STATE SERVICE
4569/udp open|filtered iax

Show the contents of rpt.conf for “nodes”

vk3jed · August 10, 2023, 10:13pm

In my experience, two default gateways is not a good thing. I have two ways around that problem:

Use a specific route for one of the networks, if it exists, rather than a default route. In this instance, that would probably require static configuration for the mesh interface.

There’s a couple of tricks you can use here, like using two /1 routes for your ISP connection (this will override a default route by being more specific), and a more specific network route for the mesh network. This would allow you to keep your DHCP configuration. You’d need an event to run external scripts when DHCP configuration is complete.

Or…

Use policy routing to route outbound packets based on source address. This uses rules and multiple routing tables to control how packets are forwarded. I use this technique in a few places, to ensure packets go where they should, in a predictable manner.

AH6LE · August 10, 2023, 10:13pm

nmap -sU -p 4569 192.168.1.31

Starting Nmap 7.80 ( https://nmap.org ) at 2023-08-10 15:13 PDT
Nmap scan report for 192.168.1.31
Host is up.

PORT STATE SERVICE
4569/udp open|filtered iax

Nmap done: 1 IP address (1 host up) scanned in 2.12 seconds

#vi /etc/asterisk/rpt.conf

54326 = radio@127.0.0.1:4569/54326,NONE ; This must be changed to your node number
;and iax port number if not the default

1100 = radio@10.136.65.98:4569/1100,NONE
1200 = radio@10.130.162.230:4569/1200,NONE

The last 2 are obviously private nodes that connect to this public node. They connect just fine via the Mesh

Mike · August 10, 2023, 10:19pm

What is the bindport and bind address show in iax.conf

Also show the following lines in extensions.conf where it starts

exten => 54326,1,Answer

AH6LE · August 10, 2023, 10:23pm

interesting

domain local.mesh
search local.mesh.
nameserver 10.216.115.81

Did I mention outgoing connects to the internet work fine?

AH6LE · August 11, 2023, 11:21pm

Mike, thanks for your effort in this - and everyone else’s efforts but we decided the easiest route was to change how this particular computer accessed the network(s).
(if anyone follows AREDN, we used a hAP - with it’s built in VLANs - and use it as a go between for the Proxmox computer - running the ASL VM -, his internet router and the Mesh network. All is working as it should now

We should have done this days ago

system · August 14, 2023, 11:22pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.