Question

problem resolving urls behind gateway

following https://docs.digitalocean.com/products/networking/vpc/how-to/configure-droplet-as-gateway/ I run into the problem that I cannot get urls to be resolved on the backend droplet. I can ping external ip’s like 8.8.8.8 but not google.com

ubuntu 20.4

on my gateway droplet:

(eth0 = public)

Chain POSTROUTING (policy ACCEPT 8459 packets, 575K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 4934  397K MASQUERADE  all  --  *      eth0    10.110.0.0/20        0.0.0.0/0

on my backend droplet:

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.110.0.5      0.0.0.0         UG    0      0        0 eth1
10.18.0.0       0.0.0.0         255.255.0.0     U     0      0        0 eth0
10.110.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth1
159.223.208.0   0.0.0.0         255.255.240.0   U     0      0        0 eth0
169.254.169.254 159.223.208.1   255.255.255.255 UGH   0      0        0 eth0

50-cloud-init.yaml:

network:
    version: 2
    ethernets:
        eth0:
            addresses:
            - 159.223.214.1/20
            - 2A03:B0C0:0002:00D0:0000:0000:005C:9001/64
            - 10.18.0.6/16
            match:
                macaddress: 2a:99:79:eb:6e:62
            nameservers:
                addresses:
                - 67.207.67.3
                - 67.207.67.2
                search: []
            set-name: eth0
        eth1:
            addresses:
            - 10.110.0.3/20
            match:
                macaddress: c6:27:e5:74:28:70
            nameservers:
                addresses:
                - 67.207.67.3
                - 67.207.67.2
                search: []
            routes:
                - to: 0.0.0.0/0
                  via: 10.110.0.5
            set-name: eth1
ip route get 8.8.8.8
8.8.8.8 via 10.110.0.5 dev eth1 src 10.110.0.3 uid 0 
    cache 
ping google.com 
... nothing

oh… and by the way, when I do netplan apply --debug then my routes change in the sence that the line

169.254.169.254 159.223.208.1   255.255.255.255 UGH   0      0        0 eth0

is removed

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.110.0.5      0.0.0.0         UG    0      0        0 eth1
10.18.0.0       0.0.0.0         255.255.0.0     U     0      0        0 eth0
10.110.0.0      0.0.0.0         255.255.240.0   U     0      0        0 eth1
159.223.208.0   0.0.0.0         255.255.240.0   U     0      0        0 eth0

any help is highly appreciated thanks Eric


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Looks like you’re missing gateway4 in your eth0 configuration.

Also consider a mesh networking solution like

  • cloudflared
  • tailscale
  • headscale

A mesh network lets you tie disparate hosts together without firewall management, and it’s all VPN. If you need ingress from public IP, then that’s different, but if all you’re doing is host management, try a mesh network. Tailscale is suuuuuuuuuuper simple, headscale is kinda simple, cloudflared is moderate once you get over the terminology.

There’s also zerotierone, and nebula, or straight up wireguard.

https://tunnel.pyjam.as/ This is as basic as it gets, and works really well, depending on your needs.