| View previous topic :: View next topic |
| Author |
Message |
cwr
Veteran
Joined: 17 Dec 2005
Posts: 1969
|
 Posted: Sat May 20, 2017 3:22 pm Post subject: IP Masquerading setup? [SOLVED] |
 |
|
I've been trying to connect a Raspberry Pi to the internet
via a laptop, and failing completely. The last time I did
this it was pretty straightforward, but I must have forgotten
some of the details, because I can't make it work now.
On the laptop I have usb0, 192.168.4.10, and wlan0, 192.168.4.20.
The RPi is on usb0, with an address of 192.168.4.9. I can ping
the RPi and the internet from the laptop, and the laptop from
the RPi, but not the internet from the RPi.
I've set up forwarding through /proc/sys/net/ipv4/ip_forward
and loaded all the relevant modules, but I can't get a iptables
policy which connects usb0 and wlan0. I think the problem
must be in the routing table, which is:
| Code: |
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.4.1 0.0.0.0 UG 0 0 0 wlan0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 usb0
|
Thanks for any ideas - Will
Last edited by cwr on Sun May 21, 2017 2:58 pm; edited 1 time in total |
|
| Back to top |
|
 |
Telemin
l33t
Joined: 25 Aug 2005
Posts: 753
Location: Glasgow, UK
|
| Posted: Sat May 20, 2017 4:35 pm Post subject: |
|
|
You have enabled forwarding but need to set rules to actually make sure packets get forwarded between interfaces on the laptop. In addition you can't just forward packets and expect them to get delivered as the rest of your network, specifically your router, has no knowledge of the RPi and no rules to route traffic to it - you will need to NAT.
Something like the following is the usual recipe:
| Code: |
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -A FORWARD -i wlan0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i usb1 -o wlan0 -j ACCEPT
|
The MASQUERADE rule performs address rewriting so that the rest of the network thinks that the laptop is communicating with them, rather than the RPi (hence the name), and the FORWARD rules actually make sure the packets pass between adapters.
-Telemin-
_________________
The Geek formerly known as -Freestyling-
When you feel your problem has been solved please add [Solved] to the topic title.
Please adopt an unanswered post |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54830
Location: 56N 3W
|
| Posted: Sat May 20, 2017 5:15 pm Post subject: |
|
|
cwr,
If you use ppp from the laptop to the pi. then | Code: | #!/bin/bash
#
# ipaqnet Control script for iPAQ USBNet connection
#
# Author: Michel Stempin
# Creation: 11/08/2002
# additional comments and minor tweaks
# Roy Bamford 6 Dec 2003
PC_ADDR=192.168.100.201
IPAQ_ADDR=192.168.100.202
IPAQ_NET=192.168.100.0/24
# WARNING:usb0 is hard coded in some places
UPLINK_IF=usb0
start() {
# load the usb networking module
/sbin/modprobe usbnet
# bring up the PC end of the link with IP addr PC_ADDR
# exit if it fails for some reason
/sbin/ifconfig usb0 inet $PC_ADDR up
if [ $? -ne 0 ]; then
echo "Could not set up usb0"
echo "Is the iPaq connected and switched on?"
exit 1
fi
# set up proxy_arp for our usb interface
echo "1" >/proc/sys/net/ipv4/conf/usb0/proxy_arp
UPLINK=`/sbin/ifconfig $UPLINK_IF >/dev/null 2>&1`
# exit if it fails for some reason
if [ $? -ne 0 ]; then
echo "Could not set up proxy_arp for usb0"
exit 1
fi
# set up proxy_arp for eth0, so this better be our
# internet connection
echo "1" >/proc/sys/net/ipv4/conf/eth0/proxy_arp
# turn on IP forwarding
echo "1" >/proc/sys/net/ipv4/ip_forward
# delete the unwanted route via usb0
# its wrong anyway
/sbin/route del -net $IPAQ_NET dev usb0
# add the route we really want
/sbin/route add $IPAQ_ADDR dev usb0
}
stop() {
/sbin/ifconfig usb0 down
# rmmod -r usbnet
}
case "$1" in
start|add)
start
;;
stop|remove)
stop
;;
*)
echo $"Usage: $0 {start|stop|add|remove}"
exit 1
esac |
running on the laptop will do what you want. No extra firewall rules required.
The script was originally used for an iPaq.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
cwr
Veteran
Joined: 17 Dec 2005
Posts: 1969
|
| Posted: Sun May 21, 2017 1:36 pm Post subject: |
|
|
Thanks - I've been trying iptables setups very like those Telemin, and so I'll go back
and try again. It's been a long day of frustration, so just to know that I wasn't dreaming
when I last set it up and that it can work is nice.
I'll also tinker with Neddy Seagoon's script - the RPi is communicating via usb OTG,
so networking, from that point of view, is pretty standard.
In hope - Will
UPDATE
Telemin's setup was one I'd tried; where I'd apparently failed was in not enabling
the usb0 proxy_arp according to Neddy Seagoon's script.
Many, many thanks - Will |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
