| View previous topic :: View next topic |
| Author |
Message |
Kollin
Veteran
Joined: 25 Feb 2006
Posts: 1033
Location: Sofia/Bulgaria
|
 Posted: Sat Mar 31, 2012 4:32 am Post subject: How to NAT traffic between br0 and wlan0? [SOLVED] |
 |
|
Hello, my network consists of eth0+eth1 = br0 and wlan0 + hostapd.
Hostapd is working fine i'm able to connect to wlan0 with my phone, but i can't get any traffic between those 2 networks, br0 is working fine also (that is my my main internet connection) 
I tried http://www.gentoo.org/doc/en/home-router-howto.xm guide but iptables rules does not seem to work.
May be i have to use ebtables but how?
_________________
"Dear Enemy: may the Lord hate you and all your kind, may you be turned orange in hue, and may your head fall off at an awkward moment."
"Linux is like a wigwam - no windows, no gates, apache inside..."
Last edited by Kollin on Sat Mar 31, 2012 3:59 pm; edited 2 times in total |
|
| Back to top |
|
 |
audiodef
Advocate
Joined: 06 Jul 2005
Posts: 4946
|
| Posted: Sat Mar 31, 2012 2:17 pm Post subject: |
|
|
Does this work?
| Code: |
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "1" >/proc/sys/net/ipv4/ip_forward
|
If it works, then you just need to figure out how to make it happen automatically when you turn on your machines. When I need this, I just turn the above snippet into a script and ./run it. You could put it in your .xinitrc.
_________________
Gentoo Studio: http://gentoostudio.org
Pappy's Kernel Seeds: http://kernel-seeds.gentoostudio.org
Linux 'Tude Tees: http://skreened.com/geektudetees
A cloud is evaporated water in the sky, thanks. |
|
| Back to top |
|
|
Kollin
Veteran
Joined: 25 Feb 2006
Posts: 1033
Location: Sofia/Bulgaria
|
| Posted: Sat Mar 31, 2012 2:24 pm Post subject: |
|
|
| audiodef wrote: | Does this work?
| Code: |
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "1" >/proc/sys/net/ipv4/ip_forward
|
|
My eth0 is in bridge, can i expect that | Quote: | | iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE |
will behave in same way?
_________________
"Dear Enemy: may the Lord hate you and all your kind, may you be turned orange in hue, and may your head fall off at an awkward moment."
"Linux is like a wigwam - no windows, no gates, apache inside..." |
|
| Back to top |
|
|
Kollin
Veteran
Joined: 25 Feb 2006
Posts: 1033
Location: Sofia/Bulgaria
|
| Posted: Sat Mar 31, 2012 3:40 pm Post subject: |
|
|
Thank you dear audiodef, it worked in combination with all of the other stuff, don't know why 
| Code: |
First we flush our current rules
# iptables -F
# iptables -t nat -F
Setup default policies to handle unmatched traffic
# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -P FORWARD DROP
Copy and paste these exports
# export LAN=wlan0
# export WAN=br0
Finally we add the rules for NAT
# iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP
# iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT
# iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT
# iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
# iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
Tell the kernel that ip forwarding is OK
# echo 1 > /proc/sys/net/ipv4/ip_forward
# for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done
This is so when we boot we don't have to run the rules by hand
# /etc/init.d/iptables save
# rc-update add iptables default
# nano /etc/sysctl.conf
Add/Uncomment the following lines:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
If you have a dynamic internet address you probably want to enable this:
net.ipv4.ip_dynaddr = 1
|
_________________
"Dear Enemy: may the Lord hate you and all your kind, may you be turned orange in hue, and may your head fall off at an awkward moment."
"Linux is like a wigwam - no windows, no gates, apache inside..." |
|
| Back to top |
|
|
Hu
Watchman
Joined: 06 Mar 2007
Posts: 7597
|
| Posted: Sat Mar 31, 2012 3:50 pm Post subject: |
|
|
| audiodef wrote: | | If it works, then you just need to figure out how to make it happen automatically when you turn on your machines. When I need this, I just turn the above snippet into a script and ./run it. You could put it in your .xinitrc. |
No. First, .xinitrc will run under the uid of the user starting X. Second, he may not start X. Third, Gentoo provides initscripts to handle all this. Use /etc/sysctl.conf if you want to change the /proc/sys setting at boot. Use /etc/init.d/iptables to manage firewall state across reboots.
OP: it looks like your script is redundant. You add a rule for br0 and another rule for ${WAN}, which is also br0. |
|
| Back to top |
|
|
Kollin
Veteran
Joined: 25 Feb 2006
Posts: 1033
Location: Sofia/Bulgaria
|
| Posted: Sat Mar 31, 2012 3:55 pm Post subject: |
|
|
| Hu wrote: |
OP: it looks like your script is redundant. You add a rule for br0 and another rule for ${WAN}, which is also br0. |
It does not work with ${WAN} , but works with br0 
I left ${WAN} line just in case .
_________________
"Dear Enemy: may the Lord hate you and all your kind, may you be turned orange in hue, and may your head fall off at an awkward moment."
"Linux is like a wigwam - no windows, no gates, apache inside..." |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
