Configuring Wicked in Subnet and working through firewll router.

I am trying to configure the network interface on a workstation with a static or fixed IP using Wicked. The NIC is connected by lan to a smart switch subnet port. The port subnet in turn is created by a firewall router (Sophos UTM) and this device has a WAN connection on another subnet, the management subnet, from the same device.

If I connect to the lan using Network Manager with DHCP enabled all is well and everything works but I need to configure with a fixed IP using Wicked. I am able to connect to the UTM using Wicked but then have no internet access. I am lost in a fog of local firewalls, routing and DNS issues which DHCP solves but I have no idea what I should configure for the manual setup.

I would appreciate a bit of guidance please. I know from the UTM the presently configured IPs for the DNS servers on both the main and fallback WAN connections but it is what is in between that has me stumped. There is significant complexity in the UTM devices so will not try and explain further but would be happy to provide info if somebody can ask the right questions!

All help gratefully received as usual.
Budge

I just use DHCP for this. My router is configured to always assign the same IP to this computer.

It’s been a while since last configured a fixed address. You also have to assign a route (default gateway), the subnet mask and DNS servers. In a typical home setup, the IP address of the router works as a gateway.

Hi and thanks for the reply. I found two DNS forwarders on my UTM as I have two ISP connections, one main and a fallback if we lose service on the main connection. I was able to use the main DNS forwarder address on the UTM and this is working well. My problem earlier was that I used to use an address on my subnet but this didn’t reach an internet connection.

So far so good but I now have another question which concerns the addresses now connected. Checking what is working I have:-

alastair@HP-Z640-1:~> ip address 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo 
       valid_lft forever preferred_lft forever 
    inet6 ::1/128 scope host  
       valid_lft forever preferred_lft forever 
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 
    link/ether 70:5a:0f:3a:fa:27 brd ff:ff:ff:ff:ff:ff
    altname eno1 
    altname enp0s25 
    inet 192.168.169.245/25 brd 192.168.169.255 scope global dynamic noprefixroute eth0 
       valid_lft 76144sec preferred_lft 76144sec 
    inet 192.168.169.137/25 brd 192.168.169.255 scope global secondary eth0 
       valid_lft forever preferred_lft forever 
    inet6 fe80::c28d:55b6:65bd:f16e/64 scope link noprefixroute  
       valid_lft forever preferred_lft forever 
alastair@HP-Z640-1:~> ping 192.168.169.245 
PING 192.168.169.245 (192.168.169.245) 56(84) bytes of data. 
64 bytes from 192.168.169.245: icmp_seq=1 ttl=64 time=0.068 ms 
64 bytes from 192.168.169.245: icmp_seq=2 ttl=64 time=0.048 ms 
64 bytes from 192.168.169.245: icmp_seq=3 ttl=64 time=0.022 ms 
64 bytes from 192.168.169.245: icmp_seq=4 ttl=64 time=0.049 ms 
^C 
--- 192.168.169.245 ping statistics --- 
4 packets transmitted, 4 received, 0% packet loss, time 3078ms 
rtt min/avg/max/mdev = 0.022/0.046/0.068/0.018 ms 
alastair@HP-Z640-1:~> 


My problem is that I have two ips shown, one the static IP I created and another address on the same NIC which must be using DHCP with the address 192.168.169.245 and which I can see in my UTM lease table.
Where did this additional address come from please? I see that the connection is shown on the Network Settings as Ethernet Connection (2) I218-LM. I have no idea of the significance of the (2) I218-LM but no other connections are shown although IPv6 is enabled.
What is going on please?

BTW I need the static IP as I am just starting with setting up a VM for the first time. May need to return here for help with bridge connection for VM but first things first.

Budge.

From another network management program. You may have both wicked and NetworkManager active and controlling the same interface. Or systemd-networkd (which became favorite silver bullet on this forum).

I am sorry to have to re-visit this thread but my attempts to set a static IP using wicked now fail.
Whatever I try I fail to get an internet connection. I must try and get this working correctly and seek some help with troubleshooting this please.

the Network Setttings: Hostname/DNS tab I have the following:-
Hostname:- HP-Z640-1
Hostname via DHCP:- No
Modify DNS Configuration:- Use Default Policy
Name Server 1: 192.168.169.129/25 (this is the subnet address).
Name Server 2:-192.168.1.1 (this is the DNS of the primary ISP connection on the UTM.
Name Server 3:- 192.168.188.1 (this is the DNS of the fallback ISP connection on the UTM.

I cannot see anything wrong but my internet connection fails. I can only connect to post this using NM.
Help please.

Still no joy, I am running out of options and need to get Wicked working. Surely shouldn’t be this hard.
Could it be there is something else interfering with what I am trying to do? Where should I look please?

Hi
Have you configured the DHCLIENT_ROUTE_PRIORITY option? Ref: Set a metric to the default route for seamless failover · Issue #842 · openSUSE/wicked · GitHub

Also have you perused Basic networking | Reference | openSUSE Leap 15.5

Hi Malcolm,
I have set a fixed IP within NM and am working through the link on how to set up bridge etc.
Should close this thread for now but please check out my post on Virtualization.
Thanks again for your help
Budge