So, I finally got this project (PiAlert) working how I’d like.

It basically uses arp to keep track of devices on your network, and let you know when new ones join. It gives some basic stats like uptime, etc and you can configure a few different notification options to be alerted when a rogue device connects.

Anyways, to get this work on my network involved setting up several network interfaces, as I have quite a few VLANs I’d like to keep an eye on. While everything seems to be working, I feel like I may have created an asymmetric-routing situation, as now when I SSH to the VM hosting this, it will freeze up after a few seconds.

My interfaces look like such. The problem is that I am accessing this VM (hosted on 192.168.1.0/24) from my personal network (192.168.6.0/24). My personal network has access to 192.168.1.0/24 and obviously to it’s own subnet, so I think packets are getting confused, as there are multiple routes they can take to this VM.

I believe this is confirmed, because if I disable the entry for 192.168.6.0/24 in my /etc/network/interfaces file, the problem goes away.

How should I handle this? I’ve tried some simple UFW rules to try to force things to only use the 192.168.1.0/24 interface, but to no avail.

Edit: Sorry for the weird markdown, not sure why it’s highlighting keywords

  • root@lemmy.worldOP
    1·
    4 months ago

    Thank you for the great reply! I have looked through my firewall rules, and I can’t seem to find anything that seems out of the ordinary. Interestingly enough, if I ssh to the VM via 192.168.6.X from my PC which is also on 192.168.6.X there are no issues. It’s only when I try to SSH into the 192.168.1.X interface on the VM that I experience the disconnection issues.

    I’ve added some ufw rules to only allow incoming from 192.168.6.X to 192.168.1.X on port 80 and 443 (to see the web GUI) and deny from most of RFC1918 to it otherwise

    To                         Action      From
--                         ------      ----
192.168.1.40 80            ALLOW       192.168.6.0/24            
192.168.1.40 443           ALLOW       192.168.6.0/24            
192.168.6.40 22            ALLOW       192.168.6.0/24            
192.168.1.40               DENY        192.168.0.0/16

    I’m hoping that there’s no asymmetric routing happening as a result of this VM and it’s interfaces (these are virtual interfaces that I created in Proxmox and then configured in the VM via /etc/network/interfaces