Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to NAT traffic between br0 and wlan0? [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Kollin
Veteran
Veteran


Joined: 25 Feb 2006
Posts: 1137
Location: Sofia/Bulgaria

PostPosted: Sat Mar 31, 2012 4:32 am    Post subject: How to NAT traffic between br0 and wlan0? [SOLVED] Reply with quote

Hello, my network consists of eth0+eth1 = br0 and wlan0 + hostapd.
Hostapd is working fine i'm able to connect to wlan0 with my phone, but i can't get any traffic between those 2 networks, br0 is working fine also (that is my my main internet connection) :(
I tried http://www.gentoo.org/doc/en/home-router-howto.xm guide but iptables rules does not seem to work.
May be i have to use ebtables but how?
_________________
"Dear Enemy: may the Lord hate you and all your kind, may you be turned orange in hue, and may your head fall off at an awkward moment."
"Linux is like a wigwam - no windows, no gates, apache inside..."


Last edited by Kollin on Sat Mar 31, 2012 3:59 pm; edited 2 times in total
Back to top
View user's profile Send private message
audiodef
Watchman
Watchman


Joined: 06 Jul 2005
Posts: 6347
Location: /usr/lib64/lv2

PostPosted: Sat Mar 31, 2012 2:17 pm    Post subject: Reply with quote

Does this work?

Code:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "1" >/proc/sys/net/ipv4/ip_forward


If it works, then you just need to figure out how to make it happen automatically when you turn on your machines. When I need this, I just turn the above snippet into a script and ./run it. You could put it in your .xinitrc.
_________________
Gentoo Studio: A Gentoo-based, professional digital audio workstation OS.
Back to top
View user's profile Send private message
Kollin
Veteran
Veteran


Joined: 25 Feb 2006
Posts: 1137
Location: Sofia/Bulgaria

PostPosted: Sat Mar 31, 2012 2:24 pm    Post subject: Reply with quote

audiodef wrote:
Does this work?

Code:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "1" >/proc/sys/net/ipv4/ip_forward



My eth0 is in bridge, can i expect that
Quote:
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
will behave in same way?
_________________
"Dear Enemy: may the Lord hate you and all your kind, may you be turned orange in hue, and may your head fall off at an awkward moment."
"Linux is like a wigwam - no windows, no gates, apache inside..."
Back to top
View user's profile Send private message
Kollin
Veteran
Veteran


Joined: 25 Feb 2006
Posts: 1137
Location: Sofia/Bulgaria

PostPosted: Sat Mar 31, 2012 3:40 pm    Post subject: Reply with quote

Thank you dear audiodef, it worked in combination with all of the other stuff, don't know why ;)

Code:

First we flush our current rules
# iptables -F
# iptables -t nat -F

Setup default policies to handle unmatched traffic
# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -P FORWARD DROP

Copy and paste these exports
# export LAN=wlan0
# export WAN=br0

Finally we add the rules for NAT
# iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP
# iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT
# iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT
# iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
# iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE

Tell the kernel that ip forwarding is OK
# echo 1 > /proc/sys/net/ipv4/ip_forward
# for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done

This is so when we boot we don't have to run the rules by hand
# /etc/init.d/iptables save
# rc-update add iptables default
# nano /etc/sysctl.conf
Add/Uncomment the following lines:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1

If you have a dynamic internet address you probably want to enable this:
net.ipv4.ip_dynaddr = 1

_________________
"Dear Enemy: may the Lord hate you and all your kind, may you be turned orange in hue, and may your head fall off at an awkward moment."
"Linux is like a wigwam - no windows, no gates, apache inside..."
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 15967

PostPosted: Sat Mar 31, 2012 3:50 pm    Post subject: Reply with quote

audiodef wrote:
If it works, then you just need to figure out how to make it happen automatically when you turn on your machines. When I need this, I just turn the above snippet into a script and ./run it. You could put it in your .xinitrc.
No. First, .xinitrc will run under the uid of the user starting X. Second, he may not start X. Third, Gentoo provides initscripts to handle all this. Use /etc/sysctl.conf if you want to change the /proc/sys setting at boot. Use /etc/init.d/iptables to manage firewall state across reboots.

OP: it looks like your script is redundant. You add a rule for br0 and another rule for ${WAN}, which is also br0.
Back to top
View user's profile Send private message
Kollin
Veteran
Veteran


Joined: 25 Feb 2006
Posts: 1137
Location: Sofia/Bulgaria

PostPosted: Sat Mar 31, 2012 3:55 pm    Post subject: Reply with quote

Hu wrote:


OP: it looks like your script is redundant. You add a rule for br0 and another rule for ${WAN}, which is also br0.


It does not work with ${WAN} , but works with br0 :?
I left ${WAN} line just in case .
_________________
"Dear Enemy: may the Lord hate you and all your kind, may you be turned orange in hue, and may your head fall off at an awkward moment."
"Linux is like a wigwam - no windows, no gates, apache inside..."
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum