I put together a Pi 3b configured as a router, running iptables. Currently it
has only two networks on it, my local subnet and a connection to my ISP. In
the future I'll be adding a second local subnet, but that's a separate
project. Right now I just want to get things working with the one subnet.
The Pi is configured as follows:
- Raspbian, 6.12.34+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.12.34-1+rpt1~bookworm
- USB ethernet dongle connects to local subnet
- On-board ethernet jack connects to my ISP
- Local subnet is 192.168.0.9 (static) (interface eth1)
- ISP address assigned by dhcp is 10.0.0.160 (interface eth0)
- ISP gateway is 10.0.0.1.
Here's what "ip route" shows:
default via 10.0.0.1 dev eth0 src 10.0.0.160 metric 202
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.160 metric 202
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.9 metric 203
To me that routing looks correct. However there is a problem that I don't
understand. If I open a console window on the Pi, I have full connectivity to
all the machines on my local subnet. I can ping or ssh to any machine. I also
have full internet access via the ISP gateway.
But when I try and do the same from a laptop on the local subnet (say
192.168.0.90), I find there is no connectivity past the ISP port. I can
successfully ping the Pi at 192.168.0.9, and the ISP port at 10.0.0.160. But
if I ping an address past the gateway (like 8.8.8.8) the pings go out but are
not returned.
I've been running tcpdump (in a term window on the Pi) to test things using
simple ping requests. If I ping 8.8.8.8 I ccan see the requests going out
through the ISP port (eth0) and the return requests coming back, as expected.
I did a similar test from a term window on my laptop (on the local subnet) and
I could see the pings going out through the ISP port. However, there were no
responses coming back.
I've been banging my head on this for a couple of weeks now, but I can't figure
it out. Things I've tried/checked:
- I had iptables running, so that was suspect, but turning it off didn't help.
- I checkd /etc/sysctl.conf to make sure fowarding is enabled.
- I deleted the entire routing table and recreated it (using nmcli).
- Since the problem only occurs when using a machine on the subnet, I don't think
my ISP has anything to do with it.
Any ideas appreciated.
Thanks.
has only two networks on it, my local subnet and a connection to my ISP. In
the future I'll be adding a second local subnet, but that's a separate
project. Right now I just want to get things working with the one subnet.
The Pi is configured as follows:
- Raspbian, 6.12.34+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.12.34-1+rpt1~bookworm
- USB ethernet dongle connects to local subnet
- On-board ethernet jack connects to my ISP
- Local subnet is 192.168.0.9 (static) (interface eth1)
- ISP address assigned by dhcp is 10.0.0.160 (interface eth0)
- ISP gateway is 10.0.0.1.
Here's what "ip route" shows:
default via 10.0.0.1 dev eth0 src 10.0.0.160 metric 202
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.160 metric 202
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.9 metric 203
To me that routing looks correct. However there is a problem that I don't
understand. If I open a console window on the Pi, I have full connectivity to
all the machines on my local subnet. I can ping or ssh to any machine. I also
have full internet access via the ISP gateway.
But when I try and do the same from a laptop on the local subnet (say
192.168.0.90), I find there is no connectivity past the ISP port. I can
successfully ping the Pi at 192.168.0.9, and the ISP port at 10.0.0.160. But
if I ping an address past the gateway (like 8.8.8.8) the pings go out but are
not returned.
I've been running tcpdump (in a term window on the Pi) to test things using
simple ping requests. If I ping 8.8.8.8 I ccan see the requests going out
through the ISP port (eth0) and the return requests coming back, as expected.
I did a similar test from a term window on my laptop (on the local subnet) and
I could see the pings going out through the ISP port. However, there were no
responses coming back.
I've been banging my head on this for a couple of weeks now, but I can't figure
it out. Things I've tried/checked:
- I had iptables running, so that was suspect, but turning it off didn't help.
- I checkd /etc/sysctl.conf to make sure fowarding is enabled.
- I deleted the entire routing table and recreated it (using nmcli).
- Since the problem only occurs when using a machine on the subnet, I don't think
my ISP has anything to do with it.
Any ideas appreciated.
Thanks.
Statistics: Posted by piuser7m3 — Thu Oct 16, 2025 2:24 am