Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
NetworkManager connection sharing + port forwarding
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
big_gie
Apprentice
Apprentice


Joined: 31 Aug 2004
Posts: 158

PostPosted: Thu Oct 17, 2013 1:51 pm    Post subject: NetworkManager connection sharing + port forwarding Reply with quote

Hi,

I connect to my wireless network through NetworkManager. In addition I have another computer connected to the first one through ethernet. I'm using NetworkManager to share the wireless connection of the first computer to the second one. Here's a diagram:
Code:
                Internet
                    |
                Wireless router (internal ip: 10.0.1.1)
                    |
                (Wifi)
                    |
Computer 1:     wlan0         eth0
                10.0.1.3      10.42.0.1
                                |
Computer 2:                   eth0
                              10.42.0.48

This setup works; Computer 2 has internet access. Additionally I can VNC or RDP from Computer 1 to 2.

Now I want to do some port forwarding so I can access the second computer from the wifi network (10.0.1.*), for example VNC (port 5900).

I couldn't find anything in NetworkManager to do that, so I tried iptables directly but without success. Here's an example of command I've tried (ran on Computer 1):
Code:
# iptables -A PREROUTING -t nat -i wlan0 -p tcp --dport 5900 -j DNAT --to 10.42.0.48:5900
# ptables -A FORWARD -p tcp -d 10.42.0.48 --dport 5900 -j ACCEPT


But this did not work, or anything else for that mater. To test, I run (on Computer 1):
Code:
vncviewer 10.0.1.3 ::5900

or even
Code:
telnet 10.0.1.3 5900

but I always get connection refused.

Any idea or suggestion as to how to setup iptables correctly?

Thanks!
Back to top
View user's profile Send private message
eyoung100
Veteran
Veteran


Joined: 23 Jan 2004
Posts: 1428

PostPosted: Thu Oct 17, 2013 4:19 pm    Post subject: Reply with quote

Does this Help :?:
Wired/Wireless Forwarding
_________________
The Birth and Growth of Science is the Death and Atrophy of Art -- Unknown
Registerd Linux User #363735
Adopt a Post | Strip Comments| Emerge Wrapper
Back to top
View user's profile Send private message
big_gie
Apprentice
Apprentice


Joined: 31 Aug 2004
Posts: 158

PostPosted: Thu Oct 17, 2013 4:34 pm    Post subject: Reply with quote

Thanks for your suggestion.

Unfortunately, it is far from what I am trying to achieve... Maybe I did not explained it correctly?

My wireless network is not fast enough for transfers between my workstation and a second computer. So instead of using a wireless connection for the second one I directly plug both computers using an ethernet cable. That way the network transfer between the two is super fast.

This network setup is configured on my workstation using NetworkManager which sets up these iptables rules:
Code:
iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            10.42.0.0/24         state RELATED,ESTABLISHED
ACCEPT     all  --  10.42.0.0/24         0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable                                                                                                                                                                               
                                                                                                                                                                                                                                                                               
Chain OUTPUT (policy ACCEPT)                                                                                                                                                                                                                                                   
target     prot opt source               destination

From what I understand, it basically forwards everything it receives from the wired network (10.42.0.0/24) to anywhere required, effectively giving internet access to the second computer.

But by putting the second computer behind my workstation my colleagues, which are on the wireless network, cannot access the machine anymore (for smaller data transfers, VNC or remote desktop).

My idea was to add some port forwarding on my workstation using iptables so they could access the second computer (through the wireless network).

The different rules I tried did not worked, so I guess I might have an error in my iptables rule. But my knowledge of iptables is not strong enough... Additionally, I'm not sure how to test this without bugging my colleagues. I guess the packet s generated for testing (using vncviewer or telnet) should be sent to the right interface...

I'm probably wrong on many aspects! Hopefully someone will understand all this ;)

Thanks again!
Back to top
View user's profile Send private message
eyoung100
Veteran
Veteran


Joined: 23 Jan 2004
Posts: 1428

PostPosted: Thu Oct 17, 2013 4:53 pm    Post subject: Reply with quote

Code:
ACCEPT     all  -- 10.42.0.48       10.0.1.3        state RELATED,ESTABLISHED
ACCEPT     all  --  10.0.1.3         0.0.0.0/0

The problem is 10.42 and 10.0 are on different subnets...
_________________
The Birth and Growth of Science is the Death and Atrophy of Art -- Unknown
Registerd Linux User #363735
Adopt a Post | Strip Comments| Emerge Wrapper


Last edited by eyoung100 on Thu Oct 17, 2013 5:28 pm; edited 1 time in total
Back to top
View user's profile Send private message
big_gie
Apprentice
Apprentice


Joined: 31 Aug 2004
Posts: 158

PostPosted: Thu Oct 17, 2013 5:19 pm    Post subject: Reply with quote

eyoung100 wrote:
The problem is 10.42 and 10. are on different subnets...

Hum ok... so you suggest changing the iptables rule as what you pasted so the packets can go from one to the other, it that it?
Back to top
View user's profile Send private message
eyoung100
Veteran
Veteran


Joined: 23 Jan 2004
Posts: 1428

PostPosted: Thu Oct 17, 2013 5:27 pm    Post subject: Reply with quote

No, I'm suggesting it would be easier to put all the machines on 10.0.1.x
_________________
The Birth and Growth of Science is the Death and Atrophy of Art -- Unknown
Registerd Linux User #363735
Adopt a Post | Strip Comments| Emerge Wrapper
Back to top
View user's profile Send private message
big_gie
Apprentice
Apprentice


Joined: 31 Aug 2004
Posts: 158

PostPosted: Thu Oct 17, 2013 5:29 pm    Post subject: Reply with quote

Ok. I don't have control over them though; my workstation's subnet is set by the office's router (which I don't control) and the second computer's subnet is set by my workstation's NetworkManager...
Back to top
View user's profile Send private message
lm_66
n00b
n00b


Joined: 23 Apr 2005
Posts: 2
Location: ch

PostPosted: Fri Sep 05, 2014 10:47 am    Post subject: Reply with quote

I recently had a similar setup and problem, and found out the problem is not different subnets.
What finally helped for me was using:
Code:

# iptables -I FORWARD -p tcp -d 10.42.0.48 --dport 5900 -j ACCEPT

instead of
Code:

# iptables -A FORWARD -p tcp -d 10.42.0.48 --dport 5900 -j ACCEPT

I.e. insert the rule at the beginning instead of appending at the end of the chain.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum