I have a router which provides internet access using NAT, and a client Linux box (A) which is connected to this router on eth0.
This Linux box also has a wlan interface, wlan0; what I would like is for this box to advertise a wireless network using this interface, handing out IP addresses, and forwarding traffic from this network to the other network, provided by the gateway router.
So far, I have hostapd and a dhcp server working; a second Linux box (B) can connect to this new wireless network and get an IP address. However, B cannot ping outside the subnet, resolve addresses, etc.
B's ifconfig output:
wlan2 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.42.10 Bcast:192.168.42.255 Mask:255.255.255.0
inet6 addr: fe80::12fe:edff:fe1b:2bec/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:177 errors:0 dropped:0 overruns:0 frame:0
TX packets:757 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:26221 (26.2 KB) TX bytes:132884 (132.8 KB)
A's ifconfig output:
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.0.12 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:369 errors:0 dropped:0 overruns:0 frame:0
TX packets:267 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:31272 (30.5 KiB) TX bytes:33861 (33.0 KiB)
wlan0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:192.168.42.1 Bcast:192.168.42.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:79 errors:0 dropped:199 overruns:0 frame:0
TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:18114 (17.6 KiB) TX bytes:6874 (6.7 KiB)
Output of iptables -t nat -S on A:
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -o eth0 -j MASQUERADE
Output of iptables -S on A:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
Any ideas would be deeply appreciated!
EDIT:
route -n output from A:
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.42.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
A traceroute taken from B:
$ sudo traceroute -i wlan2 8.8.8.8
[sudo] password for eab:
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
etc.
EDIT:
I can successfully access the internet when connecting to the new wireless network produced by A from another device, C. B has two NICs, both wireless, and wlan2 is connected to this new wireless network. I cannot ping out:
output from B:
$ ping -I wlan2 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.42.10 wlan2: 56(84) bytes of data.
From 192.168.42.10 icmp_seq=1 Destination Host Unreachable
From 192.168.42.10 icmp_seq=2 Destination Host Unreachable
From 192.168.42.10 icmp_seq=3 Destination Host Unreachable
EDIT:
Running "route -n" on B produced the following output:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0
192.168.42.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan2
RESOLUTION: Running "sudo route add default gw 192.168.42.1 wlan2" fixed the connectivity issues. It turns out that Linux only allows there to be one default gateway, even if you have multiple NICs active connected to multiple networks. Running the above command produces the following:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.42.1 0.0.0.0 UG 0 0 0 wlan2
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
192.168.42.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan2
Answer
A few more details would be good, including doing a "route -n" on each box, as well as a traceroute from "b" to somewhere external. Also,
That said, I suspect your problem is that you have not enabled forwarding of packets on the router.
Please run "cat /proc/sys/net/ipv4/ip_forward" on A - if this value is "0", that could be [one of your] problem. You can fix this temporarily by issuing the command "echo 1 > /proc/sys/net/ipv4/ip_forward" - and permanently by adding/changing the appropriate line in /etc/sysctl.conf to "net.ipv4.ip_forward = 1" (Use sysctl -p /etc/sysctl.conf to "reload" this file)
No comments:
Post a Comment