Thursday 7 February 2019

linux - Traffic not being forwarded through NAT


I have a router which provides internet access using NAT, and a client Linux box (A) which is connected to this router on eth0.


This Linux box also has a wlan interface, wlan0; what I would like is for this box to advertise a wireless network using this interface, handing out IP addresses, and forwarding traffic from this network to the other network, provided by the gateway router.


So far, I have hostapd and a dhcp server working; a second Linux box (B) can connect to this new wireless network and get an IP address. However, B cannot ping outside the subnet, resolve addresses, etc.


B's ifconfig output:


wlan2     Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX  
          inet addr:192.168.42.10  Bcast:192.168.42.255  Mask:255.255.255.0
          inet6 addr: fe80::12fe:edff:fe1b:2bec/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:177 errors:0 dropped:0 overruns:0 frame:0
          TX packets:757 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:26221 (26.2 KB)  TX bytes:132884 (132.8 KB)

A's ifconfig output:


eth0      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX  
          inet addr:192.168.0.12  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:369 errors:0 dropped:0 overruns:0 frame:0
          TX packets:267 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:31272 (30.5 KiB)  TX bytes:33861 (33.0 KiB)

wlan0     Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX  
          inet addr:192.168.42.1  Bcast:192.168.42.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:79 errors:0 dropped:199 overruns:0 frame:0
          TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:18114 (17.6 KiB)  TX bytes:6874 (6.7 KiB)

Output of iptables -t nat -S on A:


-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -o eth0 -j MASQUERADE

Output of iptables -S on A:


-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT

Any ideas would be deeply appreciated!


EDIT:


route -n output from A:


$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.42.0    0.0.0.0         255.255.255.0   U     0      0        0 wlan0

A traceroute taken from B:


$ sudo traceroute -i wlan2 8.8.8.8
[sudo] password for eab: 
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *

etc.


EDIT:


I can successfully access the internet when connecting to the new wireless network produced by A from another device, C. B has two NICs, both wireless, and wlan2 is connected to this new wireless network. I cannot ping out:


output from B:


$ ping -I wlan2 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.42.10 wlan2: 56(84) bytes of data.
From 192.168.42.10 icmp_seq=1 Destination Host Unreachable
From 192.168.42.10 icmp_seq=2 Destination Host Unreachable
From 192.168.42.10 icmp_seq=3 Destination Host Unreachable

EDIT:


Running "route -n" on B produced the following output:


Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 wlan0
192.168.0.0     0.0.0.0         255.255.255.0   U     9      0        0 wlan0
192.168.42.0    0.0.0.0         255.255.255.0   U     0      0        0 wlan2

RESOLUTION: Running "sudo route add default gw 192.168.42.1 wlan2" fixed the connectivity issues. It turns out that Linux only allows there to be one default gateway, even if you have multiple NICs active connected to multiple networks. Running the above command produces the following:


Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.42.1    0.0.0.0         UG    0      0        0 wlan2
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
192.168.42.0    0.0.0.0         255.255.255.0   U     0      0        0 wlan2

Answer



A few more details would be good, including doing a "route -n" on each box, as well as a traceroute from "b" to somewhere external. Also,


That said, I suspect your problem is that you have not enabled forwarding of packets on the router.


Please run "cat /proc/sys/net/ipv4/ip_forward" on A - if this value is "0", that could be [one of your] problem. You can fix this temporarily by issuing the command "echo 1 > /proc/sys/net/ipv4/ip_forward" - and permanently by adding/changing the appropriate line in /etc/sysctl.conf to "net.ipv4.ip_forward = 1" (Use sysctl -p /etc/sysctl.conf to "reload" this file)


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...