October-19th-2020, 09:44 AM
(This post was last modified: October-19th-2020, 01:45 PM by Armin@netPI.)
Well,
my explanation why the TOSIBOX container application works without any routing setup because it is always the initiator of the local TCP/IP traffic sent to the cifx0 interface and its connected devices behind. This is just a standard communication between two local IP addresses where no routing information is needed but just the two IP addresses and no gateway firewall is blocking the access.
In your new use case now the initiator whereas is the PC sitting behind the cifX0. On this PC you need to configure a gateway first of all next to its IP address 192.168.1.x. This gateway needs to be set to the IP address of the cifx0 interface which 192.168.1.111. So all traffic of the PC outside the local network 192.168.1.x will be sent to this gateway address respectively cifx0 instead. As next you should also configure a DNS server on the PC. Usually a DNS server address 8.8.8.8 works fine. Else a simple "ping google.de" will not work on your PC since there is no name resolution configured.
Finally instead of configuring a cifx0 routing path as you did you have to configure the eth0 firewall on your Connect gateway accordingly:
That is all you need to do. This is not a routing problem since the default route is internally configured to eth0 anyway but a firewall problem. You have to trust the eth0 interface as NAT-trusted.
my explanation why the TOSIBOX container application works without any routing setup because it is always the initiator of the local TCP/IP traffic sent to the cifx0 interface and its connected devices behind. This is just a standard communication between two local IP addresses where no routing information is needed but just the two IP addresses and no gateway firewall is blocking the access.
In your new use case now the initiator whereas is the PC sitting behind the cifX0. On this PC you need to configure a gateway first of all next to its IP address 192.168.1.x. This gateway needs to be set to the IP address of the cifx0 interface which 192.168.1.111. So all traffic of the PC outside the local network 192.168.1.x will be sent to this gateway address respectively cifx0 instead. As next you should also configure a DNS server on the PC. Usually a DNS server address 8.8.8.8 works fine. Else a simple "ping google.de" will not work on your PC since there is no name resolution configured.
Finally instead of configuring a cifx0 routing path as you did you have to configure the eth0 firewall on your Connect gateway accordingly:
That is all you need to do. This is not a routing problem since the default route is internally configured to eth0 anyway but a firewall problem. You have to trust the eth0 interface as NAT-trusted.
„You never fail until you stop trying.“, Albert Einstein (1879 - 1955)