Trying to help out a buddy who is running ASL with Echolink. He uses 2 NICS, one connected to his LAN (internet router enabled) and the other connected to the AREDN Mesh network.
All appropriate ports are properly forwarded in both routers. His ASL node is public but connects to a remote private node, on the Mesh side of things.
Now the fun part…
Inbound Internet Echolink connects work fine. Inbound ASL Internet connects do not but outbound to public ASL nodes work. Yes I know, BUT PORT ROUTING IS PROPERLY DEFINED IN HIS INTERNET ROUTER
Inbound ASL connects work just fine from the Mesh NIC. So what are we missing?
Which interface is originating the default outbound traffic:
ip route show default
Make sure that where is says “default via n.n.n.n dev _____ …”, the _____ is the interface with the IP address that should be the default outbound to the Internet. It’s also possible there are two default routes defined which never works well. I don’t know much about ARDEN mesh stuff, but I assume it runs some sort of routing protocols? Need to make sure it’s not leaking in an unexpected default route.
With still unknown gateway routing,
The thing that stands out to me from what you show is the DHCP on the public network.
So, do you have adequate measure to route ports required to what is suppose to be the asl server?
Because the address can change. And likely is. If you are forwarding by mac, it would not be an issue, so I can only pose the question.
But I would say it would be recommended to change that to static addressing unless you have good reason not to and before you make other adjustments.
And recheck port forwarding matches the static address.
In my experience, two default gateways is not a good thing. I have two ways around that problem:
Use a specific route for one of the networks, if it exists, rather than a default route. In this instance, that would probably require static configuration for the mesh interface.
There’s a couple of tricks you can use here, like using two /1 routes for your ISP connection (this will override a default route by being more specific), and a more specific network route for the mesh network. This would allow you to keep your DHCP configuration. You’d need an event to run external scripts when DHCP configuration is complete.
Use policy routing to route outbound packets based on source address. This uses rules and multiple routing tables to control how packets are forwarded. I use this technique in a few places, to ensure packets go where they should, in a predictable manner.
Mike, thanks for your effort in this - and everyone else’s efforts but we decided the easiest route was to change how this particular computer accessed the network(s).
(if anyone follows AREDN, we used a hAP - with it’s built in VLANs - and use it as a go between for the Proxmox computer - running the ASL VM -, his internet router and the Mesh network. All is working as it should now