No internet if wan port configured

NethServer Version: 7.9.2009
Module: network
Hi,
Nethserver is pretty new to me, so I’m here for a little help, thx.

I have configured a LAN (green) port, it works fine, but when I configure a WAN (red) port the Nethserver doesn’t have internet access at all. I’m able to reach it on the green port ip, I can manage it but it reports that the dns server is unreachable and no internet on it at all.

[root@ad ~]# lspci |grep Ethernet
01:00.0 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme BCM5720 2-port Gigabit Ethernet PCIe
01:00.1 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme BCM5720 2-port Gigabit Ethernet PCIe
02:00.0 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme BCM5720 2-port Gigabit Ethernet PCIe
02:00.1 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme BCM5720 2-port Gigabit Ethernet PCIe
82:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
82:00.1 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)

[root@ad ~]# db networks show
br0=bridge
    bootproto=none
    gateway=
    ipaddr=192.168.100.56
    netmask=255.255.255.0
    nslabel=
    role=green
em1=ethernet
    bootproto=none
    gateway=94.21.0.1
    ipaddr=94.21.1.97
    netmask=255.255.255.192
    nslabel=
    role=red
em2=ethernet
    role=
em3=ethernet
    role=
em4=ethernet
    role=
p4p1=ethernet
    bridge=br0
    role=bridged
p4p2=ethernet
    role=
ppp0=xdsl-disabled
    AuthType=auto
    FwInBandwidth=
    FwOutBandwidth=
    Password=
    name=PPPoE
    provider=xDSL provider
    role=red
    user=
red1=provider
    interface=em1
    weight=1

[root@ad ~]# ping 8.8.8.8
connect: Network is unreachable

[root@ad ~]# traceroute cnn.com
traceroute to cnn.com (151.101.1.67), 30 hops max, 60 byte packets
connect: Network is unreachable

[root@ad ~]# nslookup cnn.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   cnn.com
Address: 151.101.129.67
Name:   cnn.com
Address: 151.101.65.67
Name:   cnn.com
Address: 151.101.193.67
Name:   cnn.com
Address: 151.101.1.67
Name:   cnn.com
Address: 2a04:4e42:600::323
Name:   cnn.com
Address: 2a04:4e42:400::323
Name:   cnn.com
Address: 2a04:4e42:200::323
Name:   cnn.com
Address: 2a04:4e42::323

[root@ad ~]#

What am I missing?
Thx
best regards

This gateway seems outside the subnet you configured on your RED NIC. So routing goes quite nuts.
Source

Address:   94.21.1.97            01011110.00010101.00000001.01 100001
Netmask:   255.255.255.192 = 26  11111111.11111111.11111111.11 000000
Wildcard:  0.0.0.63              00000000.00000000.00000000.00 111111
=>
Network:   94.21.1.64/26         01011110.00010101.00000001.01 000000 (Class A)
Broadcast: 94.21.1.127           01011110.00010101.00000001.01 111111
HostMin:   94.21.1.65            01011110.00010101.00000001.01 000001
HostMax:   94.21.1.126           01011110.00010101.00000001.01 111110
Hosts/Net: 62

Maybe the gateway should be 94.21.1.1?

1 Like

Hi Michael,
No, the gw ip is correct, that’s what the isp provided and it works for the other ip addresses we have.
Maybe the mask should be 255.255.0.0?

I don’t know…

I suggest you to check your other ip addresses used in other configurations.
Currently the configured subnet mask into RED NIC should be 255.255.255.192; please double check data provided from your ISP and other working devices.

Unless there’s some bug you found… This should not happen but… sometimes it does.

this is how it is configured on a tp-link router for one other ip and it works fine

But “vLAN” is reported.
Did you configured vLAN 10 on your RED interface? I did not ever configured any vLAN based internet correction, until today.

Yes it is, but that’s the router that provides internet to the network, to that same network is the green port connected, why would that vlan matter?
When configuring wan (red) there is no option to create vlan on Nethserver, I can’t even find option to enter DNS server ip for wan connection.
When I set the wan port I can’t even ping anything outside the local network from this server…

IMVHO it’s a question for your ISP, but currently I don’t know if it’s necessary or not for allowing connection.
Anyway…
Maybe your current setup for RED should be deleted, and interface created as “logical interface”


with a RED role

and for vLAN 10…

unfortunately this doesn’t work either, no still no internet

Ok, I’m not useful anymore.
Hope that someone could help you better :frowning:

thx
I hope someone else will respond too

The gateway is outside the network, it must be inside.
Try changing the netmask to 255.255.0.0.
I think you can keep the tight netmask using an additional route, you may ask your ISP for advice.

Side question: is there any wiki/howto for a vLAN based RED interface?

As simple as it is, this solved the issue!!! many thx
Yesterday I did mention this, asked if the 255.255.0.0 mask would help but I have not tried it until now.

Then mark your post as the solution. In fact with that subnet mask route works as intended and RED nic can interface to 94.21.0.1