Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
IP Masquerading setup? [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1968

PostPosted: Sat May 20, 2017 3:22 pm    Post subject: IP Masquerading setup? [SOLVED] Reply with quote

I've been trying to connect a Raspberry Pi to the internet
via a laptop, and failing completely. The last time I did
this it was pretty straightforward, but I must have forgotten
some of the details, because I can't make it work now.

On the laptop I have usb0, 192.168.4.10, and wlan0, 192.168.4.20.
The RPi is on usb0, with an address of 192.168.4.9. I can ping
the RPi and the internet from the laptop, and the laptop from
the RPi, but not the internet from the RPi.

I've set up forwarding through /proc/sys/net/ipv4/ip_forward
and loaded all the relevant modules, but I can't get a iptables
policy which connects usb0 and wlan0. I think the problem
must be in the routing table, which is:

Code:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.4.1     0.0.0.0         UG    0      0        0 wlan0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 usb0


Thanks for any ideas - Will


Last edited by cwr on Sun May 21, 2017 2:58 pm; edited 1 time in total
Back to top
View user's profile Send private message
Telemin
l33t
l33t


Joined: 25 Aug 2005
Posts: 734
Location: Glasgow, UK

PostPosted: Sat May 20, 2017 4:35 pm    Post subject: Reply with quote

You have enabled forwarding but need to set rules to actually make sure packets get forwarded between interfaces on the laptop. In addition you can't just forward packets and expect them to get delivered as the rest of your network, specifically your router, has no knowledge of the RPi and no rules to route traffic to it - you will need to NAT.

Something like the following is the usual recipe:

Code:

iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -A FORWARD -i wlan0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i usb1 -o wlan0 -j ACCEPT


The MASQUERADE rule performs address rewriting so that the rest of the network thinks that the laptop is communicating with them, rather than the RPi (hence the name), and the FORWARD rules actually make sure the packets pass between adapters.

-Telemin-
_________________
The Geek formerly known as -Freestyling-
When you feel your problem has been solved please add [Solved] to the topic title.
Please adopt an unanswered post
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42564
Location: 56N 3W

PostPosted: Sat May 20, 2017 5:15 pm    Post subject: Reply with quote

cwr,

If you use ppp from the laptop to the pi. then
Code:
#!/bin/bash
#
# ipaqnet       Control script for iPAQ USBNet connection
#
# Author: Michel Stempin
# Creation: 11/08/2002

# additional comments and minor tweaks
# Roy Bamford 6 Dec 2003

PC_ADDR=192.168.100.201
IPAQ_ADDR=192.168.100.202
IPAQ_NET=192.168.100.0/24

# WARNING:usb0 is hard coded in some places
UPLINK_IF=usb0

start() {
    # load the usb networking module
    /sbin/modprobe usbnet
   
    # bring up the PC end of the link with IP addr PC_ADDR
    # exit if it fails for some reason
    /sbin/ifconfig usb0 inet $PC_ADDR up
    if [ $? -ne 0 ]; then
        echo "Could not set up usb0"
        echo "Is the iPaq connected and switched on?"
        exit 1
    fi
 
    # set up proxy_arp for our usb interface
    echo "1" >/proc/sys/net/ipv4/conf/usb0/proxy_arp
    UPLINK=`/sbin/ifconfig $UPLINK_IF >/dev/null 2>&1`
    # exit if it fails for some reason
    if [ $? -ne 0 ]; then
        echo "Could not set up proxy_arp for usb0"
        exit 1
    fi
 
    # set up proxy_arp for eth0, so this better be our
    # internet connection
    echo "1" >/proc/sys/net/ipv4/conf/eth0/proxy_arp

    # turn on IP forwarding
    echo "1" >/proc/sys/net/ipv4/ip_forward

    # delete the unwanted route via usb0
    # its wrong anyway
    /sbin/route del -net $IPAQ_NET dev usb0

    # add the route we really want
    /sbin/route add $IPAQ_ADDR dev usb0
}

stop() {
    /sbin/ifconfig usb0 down
    # rmmod -r usbnet
}
case "$1" in
    start|add)
        start
        ;;
    stop|remove)
        stop
        ;;
    *)
        echo $"Usage: $0 {start|stop|add|remove}"
        exit 1
esac
running on the laptop will do what you want. No extra firewall rules required.

The script was originally used for an iPaq.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1968

PostPosted: Sun May 21, 2017 1:36 pm    Post subject: Reply with quote

Thanks - I've been trying iptables setups very like those Telemin, and so I'll go back
and try again. It's been a long day of frustration, so just to know that I wasn't dreaming
when I last set it up and that it can work is nice.

I'll also tinker with Neddy Seagoon's script - the RPi is communicating via usb OTG,
so networking, from that point of view, is pretty standard.

In hope - Will

UPDATE
Telemin's setup was one I'd tried; where I'd apparently failed was in not enabling
the usb0 proxy_arp according to Neddy Seagoon's script.

Many, many thanks - Will
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum