Ubuntu 22.04 as a router. 2 LAN (LAN with Internet + LAN with AP). AP network do not see IP addresses from first network

Question

it's been a while when I setup similar config... that's why I'm a bit confused.

So I have box with Ubuntu 22.04 with two LAN cards. My network looks like that.

ROUTER [192.168.88.1/24]:

• UBUNTU BOX [192.168.88.13]
• UBUNTU BOX [192.168.0.1] LAN <-> WiFi Router [192.168.0.2] LAN + DHCP server for clients [192.168.89.0] WiFi

For now, I was able to set up internet for clients connected to AccessPoint.

So each client can connect to WiFi with IP address 192.168.89.X and ping any internet address. Unfortunately, any client of this WiFi can't ping any address from the 192.168.88.X network.

I have turned of IP forwarding and added a few rules to iptables. I think now I have too many of them, since I was trying a few methods...

network

enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.88.13  netmask 255.255.255.0  broadcast 192.168.88.255
        inet6 fe80::2ce9:d972:ce72:f7d8  prefixlen 64  scopeid 0x20<link>
        ether 00:be:43:84:cd:35  txqueuelen 1000  (Ethernet)
        RX packets 48016092  bytes 26505597173 (26.5 GB)
        RX errors 0  dropped 47765  overruns 0  frame 0
        TX packets 123449070  bytes 180432950103 (180.4 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 125  base 0x1000

enx9cebe88109ac: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.1  netmask 255.255.255.0  broadcast 192.168.0.255
        ether 9c:eb:e8:81:09:ac  txqueuelen 1000  (Ethernet)
        RX packets 77389  bytes 58389787 (58.3 MB)
        RX errors 0  dropped 1  overruns 0  frame 0
        TX packets 109331  bytes 103341907 (103.3 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 10728417  bytes 3340060879 (3.3 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10728417  bytes 3340060879 (3.3 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s12f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.88.7  netmask 255.255.255.0  broadcast 192.168.88.255
        inet6 fe80::c9a2:b0e3:aafb:f440  prefixlen 64  scopeid 0x20<link>
        ether 80:38:fb:fc:ce:7a  txqueuelen 1000  (Ethernet)
        RX packets 123977727  bytes 160442634118 (160.4 GB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 47523184  bytes 17237110530 (17.2 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

iptables

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i enx9cebe88109ac -o enp1s0 -j ACCEPT
-A FORWARD -i enp1s0 -o enx9cebe88109ac -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j ACCEPT

Port forwarding is ON.

THanks for help.

Answer 1

It is not clear to me from your description how the devices are connected to each other. Please draw a simple picture with the devices, their interfaces and the networks between them (internet router, Linux box as a router between LANs, Wi-Fi router, etc.). Then it should be easy to identify the cause of the broken connection.

First possible problem

Very likely one of the devices is missing data in the routing table, the device (probably the Wi-Fi router) doesn't know where to route packets for the 192.168.88.0/24 network. For analysis, you need to attach a listing of the routing tables from the devices (including Wi-Fi router).

ip route

A listing of neighbors on the network is also useful:

ip neigh

The IP forwarding must be enabled on every router, including the Ubuntu box, otherwise the router is unable to forward packets between its interfaces from one network to another!

Assumed Solution:

Add a routing entry on the Wi-Fi router:

• Destination network: 192.168.88.0
• Mask: 255.255.255.0
• Next hop address (gateway): 192.168.0.1

Second problem

If both interfaces enp1s0 and wlp0s12f0 belong to the same device, this is wrong. The interfaces are on the same network, just with different addresses, there are two concurrent paths for the same device to communicate on the same network and this can be a source of confusion. Turn off the wlp0s12f0 interface. Ethernet enp1s0 has better performance and especially reliability than the wireless.