Ubuntu 18.04 netplan static routes
In general, what you want here is:
Set up a single default gateway (with
gateway4), on the interface that goes to the Internet. If you set default gateways on both, then half the packets will be routed to your Intranet and won't be able to reach their desintation.If your Intranet has multiple subnets, then you need static routes to reach those through the interface connected to your Intranet. (One example might be routing any RFC1918 subnets to that interface, which would probably be a good idea.)
Now, in your specific example, you didn't describe your Intranet completely, but let's assume your Intranet is made of the 10.185.x.y network, in other words, 10.185.0.0/16.
Let's also assume your enp3s0 interface giving you access to the intranet will receive an IP in the 10.185.0.z subnet, in other words, 10.185.0.0/24 subnet, and that the gateway in that subnet is 10.185.0.1.
So you need a static route to reach the remaining of the 10.185.x.y subnets where x is not 0.
You can use a configuration such as the one below to set this up:
network:
version: 2
renderer: networkd
ethernets:
enp3s0:
addresses: []
dhcp4: true
nameservers:
addresses: [10.185.x.x, y.y.y.y]
routes:
- to: 10.185.0.0/16
via: 10.185.0.1
wifis:
wlp2s0:
addresses: []
dhcp4: true
optional: true
gateway4: 192.168.8.1
access-points:
"Wifi":
password: "password"
nameservers:
addresses: [8.8.8.8,8.8.4.4]
In this edited configuration, notice that:
There is no
gateway4in enp3s0 configuration, since you don't want traffic to go to that interface by default, only when it's traffic destined to your Intranet, which is set up through the static route.Conversely, the wlp2s0 doesn't need any static routes, since it has a default gateway attached to it, which is enough.
There's no need for routing tables and routing policies, all you need to do is set up a static route (or a few static routes) to cover the internal addresses in your Intranet and route them through the IP of the gateway in that network that can route you to the other subnets you're not directly connected to.
Please note that this setup actually depends on some of what your DHCP server in the internal network is provisioning for you, such as your interface being in the 10.185.0/24 network and that 10.185.0.1 is the gateway you can use in that interface... For that reason, perhaps a better setup would be to have the DHCP server in your Intranet push the static routes (instead of configuring them in netplan.) That way if the Intranet is reconfigured, perhaps to change the IP of the gateway, or perhaps extended to include other RFC1819 private ranges, only the DHCP server needs to be reconfigured and not everything else...
But if the DHCP server is out of your control, then this setup might be acceptable, assuming the internal network is not reconfigured too often so that the gateway IP would change. You might want to consider adding static routes to all the RFC1918 ranges, since those will be invalid in the Internet, so they might only be made valid in the Intranet:
routes:
- to: 10.0.0.0/8
via: 10.185.0.1
- to: 172.16.0.0/12
via: 10.185.0.1
- to: 192.168.0.0/16
via: 10.185.0.1
I hope you find this helpful!
workaround , for getting internet and intranet both on two different interfaces.
Intranet IP : 192.168.10.0/24 , interface enp0s8
Internet IP : 0.0.0.0/0 , interface enp0s3
Nat gateway : 10.0.2.2
a) Create a file rc.local into /etc directory.
put the static routes into that as below.
#!/bin/sh -e
ip route del 0.0.0.0/0 via 192.168.10.1 dev enp0s8
ip route add 0.0.0.0/0 via 10.0.2.2 dev enp0s3
ip route add 192.168.10.0/24 via 192.168.10.1 dev enp0s8
exit 0
b) make it executable and restart the vm.