| View previous topic :: View next topic |
| Author |
Message |
The Sk
n00b
Joined: 02 Feb 2008
Posts: 35
Location: Brownsville
|
 Posted: Tue Feb 28, 2012 11:49 pm Post subject: [SOLVED]Network set up |
 |
|
Hello.
I'm trying to bridge ppp0 with wlan0 (an access point) without using brtcl, since I can't:
| Code: |
can't add ppp0 to bridge br0: Invalid argument |
What I'm really trying to accomplish is to forward WAN packets from ppp0 into my LAN in wlan0. I tried setting up NAT in iptables but i can't access the Internet (ppp0) from my phone connected on wlan0 using this guide.
I've been reading on ip route and that it's possible using this utility but can't understand how to actually do it.
Can someone help me out on this? Thanks
Last edited by The Sk on Wed Feb 29, 2012 8:53 pm; edited 1 time in total |
|
| Back to top |
|
 |
The Sk
n00b
Joined: 02 Feb 2008
Posts: 35
Location: Brownsville
|
| Posted: Wed Feb 29, 2012 3:11 am Post subject: |
|
|
I updated the rules with these:
| Quote: |
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o ppp0 -j MASQUERADE
iptables -A FORWARD -s 10.10.0.0/24 -o ppp0 -j ACCEPT
iptables -A FORWARD -d 10.10.0.0/24 -m state --state ESTABLISHED,RELATED -i ppp0 -j ACCEPT
|
and dhcpd.conf with:
| Quote: | ###wlan0 Access Point: ATT5x7
subnet 10.10.0.0 netmask 255.255.255.128 {
range 10.10.0.0 10.10.0.25;
option domain-name-servers 208.67.222.222;
option routers 10.10.0.1;
} |
They seem right but i still can't access the internet from 10.10.0.25(phone) on wlan0 or ping it from my computer. The phone and hostapd does show it is connected though. I will keep looking through google
Last edited by The Sk on Wed Feb 29, 2012 7:24 pm; edited 2 times in total |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23066
|
| Posted: Wed Feb 29, 2012 3:17 am Post subject: |
|
|
| If your phone is assigned an address in 10.10.0.x, then why do you only NAT traffic which has a source address of 10.42.43.x? |
|
| Back to top |
|
|
The Sk
n00b
Joined: 02 Feb 2008
Posts: 35
Location: Brownsville
|
| Posted: Wed Feb 29, 2012 3:54 am Post subject: |
|
|
My mistake. I copied it from the guide I was using.
I forwarded with 10.10.0.0/24.
Isn't it strange that I can't ping my phone from the computer even though hostapd shows it's connected?
I hope this doesn't mean I have to configure my phone somehow as I lack the tools. |
|
| Back to top |
|
|
Gusar
Advocate
Joined: 09 Apr 2005
Posts: 2665
Location: Slovenia
|
| Posted: Wed Feb 29, 2012 4:11 am Post subject: |
|
|
This | Code: | | iptables -A FORWARD -s 10.10.0.0/24 -o ppp0 -j ACCEPT |
should be | Code: | | ]iptables -A FORWARD -s 10.10.0.0/24 -i wlan0 -j ACCEPT |
|
|
| Back to top |
|
|
The Sk
n00b
Joined: 02 Feb 2008
Posts: 35
Location: Brownsville
|
| Posted: Wed Feb 29, 2012 5:20 am Post subject: |
|
|
| Gusar wrote: | This | Code: | | iptables -A FORWARD -s 10.10.0.0/24 -o ppp0 -j ACCEPT |
should be | Code: | | ]iptables -A FORWARD -s 10.10.0.0/24 -i wlan0 -j ACCEPT |
|
Question,
Is the IP address supposed to be the one on the phone or the one assigned by my ISP on ppp0?
When I ping the phone I get:
| Quote: | # ping 10.10.0.25
PING 10.10.0.25 (10.10.0.25) 56(84) bytes of data.
From 10.10.0.1: icmp_seq=2 Destination Host Unreachable
From 10.10.0.1: icmp_seq=3 Destination Host Unreachable |
I think that means wlan0 isn't routing the packages correctly. |
|
| Back to top |
|
|
The Sk
n00b
Joined: 02 Feb 2008
Posts: 35
Location: Brownsville
|
| Posted: Wed Feb 29, 2012 7:45 am Post subject: |
|
|
OK.
I tried endless combinations of iptable rules and i still can't access the internet or ping my phone (10.10.0.25).
What else could be amiss?
- All modules have been loaded or built in
- DHCP is running and providing IPs
- hostapd is running and reporting connected devices
Ifconfig:
| Code: | # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:377 errors:0 dropped:0 overruns:0 frame:0
TX packets:377 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:35148 (34.3 KiB) TX bytes:35148 (34.3 KiB)
mon.wlan0 Link encap:UNSPEC HWaddr 00-1E-2A-D6-3F-7B-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1915 (1.8 KiB) TX bytes:0 (0.0 B)
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.184.196.183 P-t-P:172.29.122.162 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1805 errors:0 dropped:0 overruns:0 frame:0
TX packets:1873 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1092544 (1.0 MiB) TX bytes:305588 (298.4 KiB)
wlan0 Link encap:Ethernet HWaddr 00:1e:2a:d6:3f:7b
inet addr:10.10.0.1 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::21e:2aff:fed6:3f7b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:322 errors:0 dropped:0 overruns:0 frame:0
TX packets:594 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:28516 (27.8 KiB) TX bytes:57130 (55.7 KiB)
|
Another thing that happens when I run hostapd is that I lose my internet connection on my computer.
ifconfig wlan0 down solves this.
Any help would be appreciated. |
|
| Back to top |
|
|
Carnildo
Guru
Joined: 17 Jun 2004
Posts: 595
|
| Posted: Wed Feb 29, 2012 8:14 am Post subject: Re: Network set up |
|
|
| The Sk wrote: | | What I'm really trying to accomplish is to forward WAN packets from ppp0 into my LAN in wlan0. I tried setting up NAT in iptables but i can't access the Internet (ppp0) from my phone connected on wlan0 using this guide. |
If I'm interpreting this correctly, you have a computer of some sort and a phone of some sort. The computer is connected to a wireless LAN that can access the Internet (wlan0), and the phone is connected to the computer using some sort of IP-compatible connection (ppp0). You wish to have the phone access the Internet through the computer. If these assumptions are not correct, then the following won't work.
First, you can't bridge. Linux doesn't support bridges that include a wifi connection, and I don't know if it supports bridges that involve a PPP connection. You'll need to set up your computer as a router.
Step 0: Reset everything to the defaults.
Step 1: Put ppp0 and wlan0 on separate subnets. Right now, wlan0 is using the 10.0.0.0/8 subnet, while ppp0 appears to be on a single-address subnet occupying part of that address space. Either reduce the size of the wlan0 subnet (10.0.0.0/9 should work) or change ppp0 to use one of the other IPv4 private address spaces (192.168.0.0/16 or 172.16.0.0/12).
Step 2: Activate IP forwarding. On the computer, run the following command:
| Code: | | echo 1 >> /proc/sys/net/ipv4/ip_forward |
At this point, if you're lucky, things will Just Work. Try pinging your phone's IP address from the computer. If you can run ping from your phone, start working your way out to the larger internet: ping the phone's internal IP address, the computer's ppp0 address, the computer's wlan0 address, 8.8.8.8 (Google's public DNS server). If one of these fails, which one and what error message shows up will give a strong indication of where the fault is.
If, in step 1, you moved ppp0 to one of the other private address spaces, whatever box is on the other end of wlan0 may refuse to do address translation for the phone. In that case, you'll need to set up NAT on your computer; otherwise, you shouldn't.
If things fail, please provide the results of the following:
| Code: | $ ifconfig -a
$ route -n
$ iptables -t nat -n -L
$ iptables -n -L |
|
|
| Back to top |
|
|
Gusar
Advocate
Joined: 09 Apr 2005
Posts: 2665
Location: Slovenia
|
| Posted: Wed Feb 29, 2012 1:36 pm Post subject: |
|
|
Your posts are very confusing, I have no idea what kind of a setup you actually have. My understanding was actually the opposite of what Carnildo understood. I thought ppp0 is the internet connection and you want to share that connection via wlan0 to the phone.
You'll have to be a lot more clear about what exactly is it that you want. |
|
| Back to top |
|
|
The Sk
n00b
Joined: 02 Feb 2008
Posts: 35
Location: Brownsville
|
| Posted: Wed Feb 29, 2012 7:17 pm Post subject: |
|
|
Thanks for the reply Carnildo.
The setup is:
Internet USBMODEM <-------- ppp0 | COMPUTER | wlan0 (AP 10.10.0.1) ----------> Phone (LAN Range 10.10.0.0-10.10.0.0.25)
I can't switch the subnet on ppp0 since it is assigned by my ISP.
route -n
| Quote: |
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.29.122.162 0.0.0.0 UG 0 0 0 ppp0
10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
172.29.122.162 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
|
ifconfing -a
| Quote: |
# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1e:90:1e:5c:31
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:21 Base address:0x6000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:400 (400.0 B) TX bytes:400 (400.0 B)
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.187.215.170 P-t-P:172.29.122.162 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:512 errors:0 dropped:0 overruns:0 frame:0
TX packets:482 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:322784 (315.2 KiB) TX bytes:81042 (79.1 KiB)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 00:1e:2a:d6:3f:7b
inet addr:10.10.0.1 Bcast:10.10.0.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
|
My iptables are clear.
After endless rules on iptables, I figure the problem must lie on the ip route setup i have. As you can see there is no gateway with 10.10.0.1 in the routes on wlan0. It only shows the one in bold. This must be the problem, right? |
|
| Back to top |
|
|
Gusar
Advocate
Joined: 09 Apr 2005
Posts: 2665
Location: Slovenia
|
| Posted: Wed Feb 29, 2012 7:30 pm Post subject: |
|
|
| The Sk wrote: | | It only shows the one in bold. This must be the problem, right? |
No. Gateway is the one to the internet, which is ppp0. So those routes looks fine. As does ifconfig output. So now just set up iptables: | Code: | echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o ppp0 -j MASQUERADE
iptables -I INPUT -i wlan0 -j ACCEPT
iptables -A FORWARD -s 10.10.0.0/24 -i wlan0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT |
Now assuming hostapd and dhcpd are running, this should be it. I haven't used hostapd yet though, just ad-hoc. So I can't help with configuring that. |
|
| Back to top |
|
|
The Sk
n00b
Joined: 02 Feb 2008
Posts: 35
Location: Brownsville
|
| Posted: Wed Feb 29, 2012 8:04 pm Post subject: |
|
|
Thanks Guasr.
It still doesn't ping my phone, host unreachable. I'm going to try another method besides hostapd to see if it works. Thanks again |
|
| Back to top |
|
|
Gusar
Advocate
Joined: 09 Apr 2005
Posts: 2665
Location: Slovenia
|
| Posted: Wed Feb 29, 2012 8:32 pm Post subject: |
|
|
| Why exactly are you pinging your phone? Are you sure the phone even allows it? |
|
| Back to top |
|
|
The Sk
n00b
Joined: 02 Feb 2008
Posts: 35
Location: Brownsville
|
| Posted: Wed Feb 29, 2012 8:36 pm Post subject: |
|
|
| Gusar wrote: | | Why exactly are you pinging your phone? Are you sure the phone even allows it? |
Thanks gusar, you sent me on the right direction.
These rules are working now:
| Code: | # iptables --list-rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i wlan0 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --sport 1024:65535 --dport 80 -m state --state NEW -j ACCEPT
-A FORWARD -s 10.10.0.0/25 -i wlan0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables --list-rules -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -o ppp0 -j MASQUERADE
|
Thanks everyone =) |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23066
|
| Posted: Thu Mar 01, 2012 3:00 am Post subject: |
|
|
| The Sk wrote: | | Code: | # iptables --list-rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i wlan0 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --sport 1024:65535 --dport 80 -m state --state NEW -j ACCEPT
-A FORWARD -s 10.10.0.0/25 -i wlan0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
These rules are redundant. As written, packets on INPUT will be accepted because:- it came in on wlan0
- it is ICMP
- it is TCP to the web server you are running locally
- it is UDP to port 80 locally (why?)
- No other reason, so the default of ACCEPT applies.
Packets being forwarded will be accepted because:- it is forwarded from the phone subnet and came in wlan0
- it is part of an established connection
- No other reason, so the default of ACCEPT applies.
Packets generated locally will be accepted because:- it is part of an established connection
- No other reason, so the default of ACCEPT applies.
|
|
| Back to top |
|
|
The Sk
n00b
Joined: 02 Feb 2008
Posts: 35
Location: Brownsville
|
| Posted: Sun Mar 04, 2012 7:20 am Post subject: |
|
|
Hu, You're completely right.
I took them off and it still works.
I guess it was solved by updating hostapd to it's most current version. |
|
| Back to top |
|
|
|
Networking & Security
