View previous topic :: View next topic |
Author |
Message |
big_gie Apprentice
Joined: 31 Aug 2004 Posts: 158
|
Posted: Thu Oct 17, 2013 1:51 pm Post subject: NetworkManager connection sharing + port forwarding |
|
|
Hi,
I connect to my wireless network through NetworkManager. In addition I have another computer connected to the first one through ethernet. I'm using NetworkManager to share the wireless connection of the first computer to the second one. Here's a diagram:
Code: | Internet
|
Wireless router (internal ip: 10.0.1.1)
|
(Wifi)
|
Computer 1: wlan0 eth0
10.0.1.3 10.42.0.1
|
Computer 2: eth0
10.42.0.48 |
This setup works; Computer 2 has internet access. Additionally I can VNC or RDP from Computer 1 to 2.
Now I want to do some port forwarding so I can access the second computer from the wifi network (10.0.1.*), for example VNC (port 5900).
I couldn't find anything in NetworkManager to do that, so I tried iptables directly but without success. Here's an example of command I've tried (ran on Computer 1):
Code: | # iptables -A PREROUTING -t nat -i wlan0 -p tcp --dport 5900 -j DNAT --to 10.42.0.48:5900
# ptables -A FORWARD -p tcp -d 10.42.0.48 --dport 5900 -j ACCEPT |
But this did not work, or anything else for that mater. To test, I run (on Computer 1):
Code: | vncviewer 10.0.1.3 ::5900 |
or even
Code: | telnet 10.0.1.3 5900 |
but I always get connection refused.
Any idea or suggestion as to how to setup iptables correctly?
Thanks! |
|
Back to top |
|
|
eyoung100 Veteran
Joined: 23 Jan 2004 Posts: 1428
|
|
Back to top |
|
|
big_gie Apprentice
Joined: 31 Aug 2004 Posts: 158
|
Posted: Thu Oct 17, 2013 4:34 pm Post subject: |
|
|
Thanks for your suggestion.
Unfortunately, it is far from what I am trying to achieve... Maybe I did not explained it correctly?
My wireless network is not fast enough for transfers between my workstation and a second computer. So instead of using a wireless connection for the second one I directly plug both computers using an ethernet cable. That way the network transfer between the two is super fast.
This network setup is configured on my workstation using NetworkManager which sets up these iptables rules:
Code: | iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 10.42.0.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 10.42.0.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination |
From what I understand, it basically forwards everything it receives from the wired network (10.42.0.0/24) to anywhere required, effectively giving internet access to the second computer.
But by putting the second computer behind my workstation my colleagues, which are on the wireless network, cannot access the machine anymore (for smaller data transfers, VNC or remote desktop).
My idea was to add some port forwarding on my workstation using iptables so they could access the second computer (through the wireless network).
The different rules I tried did not worked, so I guess I might have an error in my iptables rule. But my knowledge of iptables is not strong enough... Additionally, I'm not sure how to test this without bugging my colleagues. I guess the packet s generated for testing (using vncviewer or telnet) should be sent to the right interface...
I'm probably wrong on many aspects! Hopefully someone will understand all this
Thanks again! |
|
Back to top |
|
|
eyoung100 Veteran
Joined: 23 Jan 2004 Posts: 1428
|
Posted: Thu Oct 17, 2013 4:53 pm Post subject: |
|
|
Code: | ACCEPT all -- 10.42.0.48 10.0.1.3 state RELATED,ESTABLISHED
ACCEPT all -- 10.0.1.3 0.0.0.0/0 |
The problem is 10.42 and 10.0 are on different subnets... _________________ The Birth and Growth of Science is the Death and Atrophy of Art -- Unknown
Registerd Linux User #363735
Adopt a Post | Strip Comments| Emerge Wrapper
Last edited by eyoung100 on Thu Oct 17, 2013 5:28 pm; edited 1 time in total |
|
Back to top |
|
|
big_gie Apprentice
Joined: 31 Aug 2004 Posts: 158
|
Posted: Thu Oct 17, 2013 5:19 pm Post subject: |
|
|
eyoung100 wrote: | The problem is 10.42 and 10. are on different subnets... |
Hum ok... so you suggest changing the iptables rule as what you pasted so the packets can go from one to the other, it that it? |
|
Back to top |
|
|
eyoung100 Veteran
Joined: 23 Jan 2004 Posts: 1428
|
|
Back to top |
|
|
big_gie Apprentice
Joined: 31 Aug 2004 Posts: 158
|
Posted: Thu Oct 17, 2013 5:29 pm Post subject: |
|
|
Ok. I don't have control over them though; my workstation's subnet is set by the office's router (which I don't control) and the second computer's subnet is set by my workstation's NetworkManager... |
|
Back to top |
|
|
lm_66 n00b
Joined: 23 Apr 2005 Posts: 2 Location: ch
|
Posted: Fri Sep 05, 2014 10:47 am Post subject: |
|
|
I recently had a similar setup and problem, and found out the problem is not different subnets.
What finally helped for me was using:
Code: |
# iptables -I FORWARD -p tcp -d 10.42.0.48 --dport 5900 -j ACCEPT
|
instead of
Code: |
# iptables -A FORWARD -p tcp -d 10.42.0.48 --dport 5900 -j ACCEPT
|
I.e. insert the rule at the beginning instead of appending at the end of the chain. |
|
Back to top |
|
|
|