new GCP pro node - cannot browse to website
Moderator: mike
-
- Posts: 32
- Joined: Wed Oct 28, 2020 9:43 pm
new GCP pro node - cannot browse to website
Hi all,
so I purchased the PRO version and setup a new lab.
I have a linux PC and a cisco Router.
The router is setup with ip nat overload on G0.0 (nat outside) connected to a NAT cloud. It can ping 8.8.8.8 and resolve IP's no problem from CLI.
The linux PC is connected to G0/1 (nat inside) with static IP 10.0.0.2 with G0/1 as .1 GW.
It can ping 8.8.8.8 and also resolve any domains.
The issue is when trying to access websites, it loads up but the page stays blank no matter what website i go to. I never came across this issue before...
Any suggestions?
You will see in the router's console some messages after the ping. I dont know what this is and may be related to this issue. I have this EVE-NG Pro on a GCP N2 with 8v CPU and 32Gb ram with 150Gb drive.
so I purchased the PRO version and setup a new lab.
I have a linux PC and a cisco Router.
The router is setup with ip nat overload on G0.0 (nat outside) connected to a NAT cloud. It can ping 8.8.8.8 and resolve IP's no problem from CLI.
The linux PC is connected to G0/1 (nat inside) with static IP 10.0.0.2 with G0/1 as .1 GW.
It can ping 8.8.8.8 and also resolve any domains.
The issue is when trying to access websites, it loads up but the page stays blank no matter what website i go to. I never came across this issue before...
Any suggestions?
You will see in the router's console some messages after the ping. I dont know what this is and may be related to this issue. I have this EVE-NG Pro on a GCP N2 with 8v CPU and 32Gb ram with 150Gb drive.
You do not have the required permissions to view the files attached to this post.
-
- Posts: 5084
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: new GCP pro node - cannot browse to website
first answer, vIOS performance is only 1.5mbps over nat, and NAT overload for https makses it extremely slow..
Try to do same with IOL router, which have 150Mbps
to be onest vIOS routers are ok for ping only
Try to do same with IOL router, which have 150Mbps
to be onest vIOS routers are ok for ping only
-
- Posts: 32
- Joined: Wed Oct 28, 2020 9:43 pm
Re: new GCP pro node - cannot browse to website
oh ok i didnt know this.
I have downloaded the IOL images for R and SW and will try that. Thanks again.
I have downloaded the IOL images for R and SW and will try that. Thanks again.
-
- Posts: 32
- Joined: Wed Oct 28, 2020 9:43 pm
Re: new GCP pro node - cannot browse to website
ok so i redid a new lab with a Docker Desktop with static IP or 10.0.0.2, connnected to a R1 eth0/1 (IOL image) as ip 10.0.0.1 I can ping the router no problem.
R1 is connected to NAT cloud and has eth0/0 setup as DHCP and is getting an ip. From router i can ping 8.8.8.8 and resolve dns.
From the desktop i cannot ping 8.8.8.8
default route points to 10.0.0.1 and /etc/resolv.conf is setup with nameserver 8.8.8.8
R1 config:
R1 is connected to NAT cloud and has eth0/0 setup as DHCP and is getting an ip. From router i can ping 8.8.8.8 and resolve dns.
From the desktop i cannot ping 8.8.8.8
default route points to 10.0.0.1 and /etc/resolv.conf is setup with nameserver 8.8.8.8
R1 config:
R1 route and interface briefinterface Ethernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
!
interface Ethernet0/1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
...
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Ethernet0/0 overload
!
!
!
access-list 1 permit 10.0.0.0 0.0.0.255 log
any help would be appreciated ! thanks again.Router#show ip int brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 172.29.129.113 YES DHCP up up
Ethernet0/1 10.0.0.1 YES NVRAM up up
Ethernet0/2 unassigned YES NVRAM administratively down down
Ethernet0/3 unassigned YES NVRAM administratively down down
NVI0 unassigned YES unset administratively down down
Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 172.29.129.254 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 172.29.129.254
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/24 is directly connected, Ethernet0/1
L 10.0.0.1/32 is directly connected, Ethernet0/1
172.29.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.29.129.0/24 is directly connected, Ethernet0/0
L 172.29.129.113/32 is directly connected, Ethernet0/0
Router#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
Router#ping google.com
Translating "google.com"...domain server (8.8.8.8) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.217.13.142, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Router#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
Router#
-
- Posts: 32
- Joined: Wed Oct 28, 2020 9:43 pm
Re: new GCP pro node - cannot browse to website
can anyone help?
is my cisco router config correct?
is my cisco router config correct?
-
- Posts: 32
- Joined: Wed Oct 28, 2020 9:43 pm
Re: new GCP pro node - cannot browse to website
hi,
for the life of me I cannot make the devices on the LAN side to access internet eventhough the router can ping and resolve. WHy is that?
I remember when i was using the community edition, I had to setup pnet9 as a static ip and use iptables to masquerade. Do I need to do this in the Pro version also? if so, then what use is the NAT cloud?
thanks for the help.
for the life of me I cannot make the devices on the LAN side to access internet eventhough the router can ping and resolve. WHy is that?
I remember when i was using the community edition, I had to setup pnet9 as a static ip and use iptables to masquerade. Do I need to do this in the Pro version also? if so, then what use is the NAT cloud?
thanks for the help.
-
- Posts: 5084
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: new GCP pro node - cannot browse to website
It is becaise NAT from EVE and your router working one way only from eve to internet
GCP offers single IP for outside and to use it for access devices in lab you may need:
check this out
https://www.youtube.com/watch?v=PcntWwiSk5Q
https://www.youtube.com/watch?v=7CJR2l8VXM0
and no need post same thing twice !
GCP offers single IP for outside and to use it for access devices in lab you may need:
check this out
https://www.youtube.com/watch?v=PcntWwiSk5Q
https://www.youtube.com/watch?v=7CJR2l8VXM0
and no need post same thing twice !
-
- Posts: 32
- Joined: Wed Oct 28, 2020 9:43 pm
Re: new GCP pro node - cannot browse to website
That’s not what I’m looking for. I’m looking for outbound eve lab devices out to internet. If I connect a Cisco router to the NAT cloud, it can ping the internet, but if I connect another device behind the router, it cannot ping internet even though the router is doing NAT on its outside interface.
-
- Posts: 5084
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: new GCP pro node - cannot browse to website
then you simply did not configure NAT properly on your router !!!
This lab for example is using single router for internet in whole lab devices
Lab below exactly is using NAT cloud... ISP-R router cfg
Code: Select all
ip host fmc.eve.lab 10.101.1.101
ip host www.eve.lab 20.1.1.10
ip host dmz.eve.lab 20.1.1.10
ip host intranet.eve.lab 172.16.201.100
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
interface Loopback0
no shutdown
ip address 20.1.1.20 255.255.255.255
!
interface Loopback100
no shutdown
description DNS Server IP for eve.lab
ip address 10.3.3.3 255.255.255.255
!
interface Ethernet0/0
no shutdown
description NAT Cloud Internet
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
!
interface Ethernet0/1
no shutdown
no ip address
duplex auto
!
interface Ethernet0/1.173
no shutdown
description Internet1
encapsulation dot1Q 173
ip address 173.16.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Ethernet0/1.174
no shutdown
description Internet2
encapsulation dot1Q 174
ip address 174.16.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Ethernet0/2
no shutdown
no ip address
duplex auto
!
interface Ethernet0/2.101
no shutdown
description Management internet
encapsulation dot1Q 101
ip address 10.101.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Ethernet0/2.102
no shutdown
description HQ Internet
encapsulation dot1Q 102
ip address 20.1.1.14 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface Ethernet0/3
no shutdown
no ip address
shutdown
duplex auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list inet interface Ethernet0/0 overload
!
ip access-list standard inet
permit 10.3.3.3
permit 20.1.1.0 0.0.0.15
permit 10.101.1.0 0.0.0.255
permit 173.16.1.0 0.0.0.255
permit 174.16.1.0 0.0.0.255
You do not have the required permissions to view the files attached to this post.
-
- Posts: 32
- Joined: Wed Oct 28, 2020 9:43 pm
Re: new GCP pro node - cannot browse to website
i redid the router config this morning, and now it works.... no idea what was wrong...
Thanks Uldis.
Thanks Uldis.