MR01 Posted April 29, 2022 Share Posted April 29, 2022 (edited) Hello im new and im Italian so i hope you will not hate me if i write not perfectly (Who said Google Translate?? No No No) This Guide is for a "client to client" setup of the box, we will internally switch Wifi to Eth, so a working computer can access internet from its eth port even if the router signal source is wireless. Router AP -----> ARM BOX [WIFI internal or usb dongle] ===>> internal eth0 ------> ethernet cable --> client eth port Make sure WiFi in arm box is connected using nmtui command FROM NOW ON <WIFI CARD> is the wifi adapter name es: replace "<WIFI CARD>" with "wlx0013eff301ee" Execute: sudo apt-get update && sudo apt-get install dnsmasq iptables iptables-persistent -y say no to save actual iptables rules (we dont have any yet) Edit /etc/network/interfaces comment if exist the part of eth0 "iface eth0" to "#iface eth0" add those lines allow-hotplug eth0 iface eth0 inet static address 172.24.1.1 netmask 255.255.255.0 network 172.24.1.0 broadcast 172.24.1.255 dns-nameservers 1.1.1.1 1.0.0.1 #########{Static}########### up ip addr add 172.24.0.1/24 dev eth0 execute those commands REMEMBER TO REPLACE <WIFI CARD> ip addr add 172.24.0.1/24 dev eth0 iptables -A FORWARD -o <WIFI CARD> -i eth0 -s 172.24.0.0/24 -m conntrack --ctstate NEW -j ACCEPT iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -t nat -F POSTROUTING iptables -t nat -A POSTROUTING -o <WIFI CARD> -j MASQUERADE sh -c "iptables-save > /etc/iptables.ipv4.nat" sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward" /etc/init.d/dnsmasq stop cp /etc/dnsmasq.conf /etc/dnsmasq.conf-backup Edit /etc/dnsmasq.conf inserting interface=eth0 listen-address=172.24.1.1 bind-interfaces server=1.1.1.1 domain-needed bogus-priv dhcp-range=172.24.0.100,172.24.0.250,72h Edit /etc/sysctl.conf inserting net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1 Edit /etc/rc.local inserting before "exit 0" iptables-restore < /etc/iptables.ipv4.nat execute those commands systemctl enable dnsmasq systemctl enable iptables Explainations: We set static net to eht0 then we set routing in iptables [forward and back] wlan<->eth then we make this setup persistent so that will persist after reboot. Working on my RK3318 Armbian bullseye 5.15 minimal and USB3 dongle RTL8814AU (also tested with a 8812au) Edited April 29, 2022 by MR01 0 Quote Link to comment Share on other sites More sharing options...
lmdc45 Posted July 5, 2022 Share Posted July 5, 2022 seems to have some 172.24.0.1/24 network and some 172.24.1.1/24 network probably a mistake. Otherwise working ok thanks 0 Quote Link to comment Share on other sites More sharing options...
MR01 Posted July 5, 2022 Author Share Posted July 5, 2022 Remember that with Quote dhcp-range=172.24.0.100,172.24.0.250,72h IP will change after 72h of system-up, just remove ,72h for always. 13 hours ago, lmdc45 said: seems to have some 172.24.0.1/24 network and some 172.24.1.1/24 network probably a mistake. Otherwise working ok thanks Probably my mistake, should be all 172.24.0.1 if i remember right, anyway im using it as cheap low latency powerfull wifi-eth for my gaming pc. 0 Quote Link to comment Share on other sites More sharing options...
lmdc45 Posted August 16, 2022 Share Posted August 16, 2022 thanks a lot for posting this helped me heaps. not a very wide used system (wifi to ethernet) so quite hard to find good infos 0 Quote Link to comment Share on other sites More sharing options...
MR01 Posted September 12, 2022 Author Share Posted September 12, 2022 @lmdc45 Yeah too many failing "how to" on web, when you know how to do it with firewall rules is not that hard, but on web many do things/commands without thinking too much. Im not very happy with this mode by using firewall, because it trigger too much the cpu when in high load of packets (like when downloading games from Steam, the cpu temperature skyrock...). Debian has bridge-util that should do the same thing but, hopefully, better then firewall redirections. I didnt find enough doc material on web to be sure it works and works better then my actual firewall rules so for now im stuck to this setup. If you try that bridge-util update me with your results, i just cant ruin my setup because its necessary for my main pc-setup internet connection. 0 Quote Link to comment Share on other sites More sharing options...
Dmitry Streltsov Posted October 11, 2023 Share Posted October 11, 2023 Thanks, it's working well. Subnet should be the same. Now if only router can eat it in some mode (DHCP or wired repeater) to make it good Wi-Fi again! 😀 1 Quote Link to comment Share on other sites More sharing options...
bahtiyar57 Posted April 17 Share Posted April 17 (edited) Worked fine 👍 Thank you. I've forwarded my Internet with a Banana Pi M3 from Eth0 to Enx00.... . It has the IP 172.x.x.1. On Enx00.... is a router with the IP 172.x.x.2 connected. But my Banana Pi isn't listed in the routers network. Is it possible to add my router to this second network? Edited April 17 by bahtiyar57 0 Quote Link to comment Share on other sites More sharing options...
bahtiyar57 Posted April 30 Share Posted April 30 Zitat But my Banana Pi isn't listed in the routers network. Is it possible to add my router to this second network? Solved by running DHPC with dnsmasq on the Banana Pi M3. 0 Quote Link to comment Share on other sites More sharing options...
vinic.gui Posted May 8 Share Posted May 8 When I try to enable iptables (last step), I get the folowing error: Failed to enable unit: Refusing to operate on alias name or linked unit file: iptables.service 0 Quote Link to comment Share on other sites More sharing options...
Werner Posted May 8 Share Posted May 8 7 hours ago, vinic.gui said: iptables.service Never heard of a service like this. If you want persistent iptables rules install iptables-persistent package via apt. iptables is active already once the kernel module is loaded which most likely is by default. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.