Ping works inside local network but not in the internet

classo88 · November 8, 2020, 6:33pm

Hello,

I have installed and configured Free5gc with several different IP addresses for the different NFs. I have run the core and completed the test with no errors. I have set the proper iptable for my internet interface wlp2s0 (192.168.1.60) trying with these two commands (I´m using wifi):

sudo iptables -t nat -A POSTROUTING -o wlp2s0 MASQUERADE

or

sudo iptables -t nat -A POSTROUTING -s 172.16.10.0/24 -j SNAT --to-source 192.168.1.60

Being 172.16.10.0/24 the subnet I have defined for UEs in the upfcfg.yalm file. In the TestRegistration I can succesfully ping from 172.16.10.1 to 198.168.1.60, but I cannot ping from 172.16.10.1 to 8.8.8.8 or other servers in the internet. The traffic capture says “no response found!”. I can ping in a normal command windows 8.8.8.8 succesfully.

Does anyone have any idea what the problem might be or how could I get more information on how to find where is the problem? I would really appreciate the help.

Thank you,

free5GC · November 17, 2020, 2:43am

Did you set the sysctl to ip forward?

sudo sysctl -w net.ipv4.ip_forward=1

classo88 · November 17, 2020, 9:39am

I did. I am out of ideas here…

free5GC · December 26, 2020, 2:10pm

How about stop the ufw on ubuntu?

classo88 · December 22, 2020, 5:18pm

I did that as well and did not work. Actually this is my run.sh script so you can see what I do. All the interfaces are configurated properly in the config files:

#!/usr/bin/env bash

PID_LIST=()

# Setting up interfaces. This can be setup as your preferences, but have to match with config files in ./config

sudo ifconfig eno1:amf 10.100.200.3 up
sudo ifconfig eno1:gnbn 10.100.255.39 up
sudo ifconfig eno1:smfp 192.168.2.1 up
sudo ifconfig eno1:upfp 192.168.2.2 up
sudo ifconfig eno1:gnbg 10.200.200.1 up up
sudo ifconfig eno1:upfg 10.200.200.102 up

sudo sysctl -w net.ipv4.ip_forward=1

# This sets the NAT table for UE internet connection. UE subnet and internet interface ip must be introduced
sudo iptables -t nat -A POSTROUTING -s 60.60.0.0/24 -j SNAT --to-source 192.168.1.60
sudo systemctl stop ufw

cd src/upf/build
sudo -E ./bin/free5gc-upfd -f config/upfcfg.yaml &
PID_LIST+=($!)

sleep 2

cd ../../..

NF_LIST="nrf amf smf udr pcf udm nssf ausf"

export GIN_MODE=release

for NF in ${NF_LIST}; do
    ./bin/${NF} &
    PID_LIST+=($!)
done

#sudo ./bin/n3iwf &
#SUDO_N3IWF_PID=$!
#sleep 1
#N3IWF_PID=$(pgrep -P $SUDO_N3IWF_PID)
#PID_LIST+=($SUDO_N3IWF_PID $N3IWF_PID)

function terminate()
{
    # kill amf first
    while $(sudo kill -SIGINT ${PID_LIST[2]} 2>/dev/null); do
        sleep 2
    done

    for ((idx=${#PID_LIST[@]}-1;idx>=0;idx--)); do
        sudo kill -SIGKILL ${PID_LIST[$idx]}
    done
}

trap terminate SIGINT
wait ${PID_LIST}

#sudo killall -15 free5gc-upfd
#sleep 1

sudo ifconfig eno1:amf down
sudo ifconfig eno1:gnbn down
sudo ifconfig eno1:smfp down
sudo ifconfig eno1:upfp down
sudo ifconfig eno1:gnbg down
sudo ifconfig eno1:upfg down

sudo iptables -t nat -D POSTROUTING 3
sudo systemctl start ufw

In the following screeshot you can check a traffic capture. Maybe there is not anything wrong with the GTP tunnel but with the ICMP ping istself, since the second ICMP sent does not get a reply neither.

free5GC · December 29, 2020, 6:28am

Maybe you can try to tcpdump for each interface individually and provide the pcap file here so we can check where is the packet routing to together.

classo88 · December 16, 2020, 3:01am

Hello,

I have tried what you suggested. I have found what could be the error. Everytime I capture traffic I use Wireshark in *any interface. I have captured separately the traffic by each interface and a extrange thing happen. None of the created interfaces captured anything. All the data was captured by the loopback interface.

upfgtp.pcapng (748 Bytes)

wlp2s0.pcapng (29.0 KB)

loopback.pcapng (5 KB)

I provide the loopback, upfgtp and wlp2s0 captures which are the only ones that have information. I also provide a screenshot of my ifconfig configuration.

I also provie my run.sh where I build the interfaces in case it helps.

#!/usr/bin/env bash

PID_LIST=()

# Setting up interfaces. This can be setup as your preferences, but have to match with config files in ./config

sudo ifconfig eno1:amf 10.100.200.3 up
sudo ifconfig eno1:gnbn 10.100.255.39 up
sudo ifconfig eno1:smfp 192.168.2.1 up
sudo ifconfig eno1:upfp 192.168.2.2 up
sudo ifconfig eno1:gnbg 10.200.200.1 up up
sudo ifconfig eno1:upfg 10.200.200.102 up

sudo sysctl -w net.ipv4.ip_forward=1

# This sets the NAT table for UE internet connection. UE subnet and internet interface ip must be introduced
sudo iptables -t nat -A POSTROUTING -s 60.60.0.0/24 -j SNAT --to-source 192.168.1.60
sudo systemctl stop ufw

cd src/upf/build
sudo -E ./bin/free5gc-upfd -f config/upfcfg.yaml &
PID_LIST+=($!)

sleep 2

cd ../../..

NF_LIST="nrf amf smf udr pcf udm nssf ausf"

export GIN_MODE=release

for NF in ${NF_LIST}; do
    ./bin/${NF} &
    PID_LIST+=($!)
done

#sudo ./bin/n3iwf &
#SUDO_N3IWF_PID=$!
#sleep 1
#N3IWF_PID=$(pgrep -P $SUDO_N3IWF_PID)
#PID_LIST+=($SUDO_N3IWF_PID $N3IWF_PID)

function terminate()
{
    # kill amf first
    while $(sudo kill -SIGINT ${PID_LIST[2]} 2>/dev/null); do
        sleep 2
    done

    for ((idx=${#PID_LIST[@]}-1;idx>=0;idx--)); do
        sudo kill -SIGKILL ${PID_LIST[$idx]}
    done
}

trap terminate SIGINT
wait ${PID_LIST}

#sudo killall -15 free5gc-upfd
#sleep 1

sudo ifconfig eno1:amf down
sudo ifconfig eno1:gnbn down
sudo ifconfig eno1:smfp down
sudo ifconfig eno1:upfp down
sudo ifconfig eno1:gnbg down
sudo ifconfig eno1:upfg down

sudo iptables -t nat -D POSTROUTING 3
sudo systemctl start ufw

classo88 · December 16, 2020, 3:01am

Hello,

Do you know any solution to this? It seems that if I ping my IP address (192.168.1.60) it gets a reply, but outside the network it does not. Something is wrong with the configuration and IP tables but I think they are properly setup