Jump to content

Recommended Posts

Posted (edited)

Hello im new and im Italian so i hope you will not hate me if i write not perfectly (Who said Google Translate?? No No No)

 

This Guide is for a "client to client" setup of the box, we will internally switch Wifi to Eth, so a working computer can access internet from its eth port even if the router signal source is wireless.

 

Router AP -----> ARM BOX [WIFI internal or usb dongle] ===>> internal eth0 ------> ethernet cable --> client eth port

 

  • Make sure WiFi in arm box is connected using nmtui command
    • FROM NOW ON <WIFI CARD> is the wifi adapter name es: replace "<WIFI CARD>" with "wlx0013eff301ee"
  • Execute: sudo apt-get update && sudo apt-get install dnsmasq iptables iptables-persistent -y
    • say no to save actual iptables rules (we dont have any yet)
  • Edit /etc/network/interfaces
    • comment if exist the part of eth0 "iface eth0" to "#iface eth0"
    • add those lines
    • allow-hotplug eth0
      	iface eth0 inet static
      		address 172.24.1.1
      		netmask 255.255.255.0
      		network 172.24.1.0
      		broadcast 172.24.1.255
      		dns-nameservers 1.1.1.1 1.0.0.1
      	#########{Static}###########
      	up ip addr add 172.24.0.1/24 dev eth0
  • execute those commands
    • REMEMBER TO REPLACE <WIFI CARD>
    • ip addr add 172.24.0.1/24 dev eth0
      iptables -A FORWARD -o <WIFI CARD> -i eth0 -s 172.24.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
      iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
      iptables -t nat -F POSTROUTING
      iptables -t nat -A POSTROUTING -o <WIFI CARD> -j MASQUERADE
      sh -c "iptables-save > /etc/iptables.ipv4.nat"
      sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
      /etc/init.d/dnsmasq stop
      cp /etc/dnsmasq.conf /etc/dnsmasq.conf-backup
  • Edit /etc/dnsmasq.conf inserting
    • interface=eth0
      listen-address=172.24.1.1
      bind-interfaces
      server=1.1.1.1 
      domain-needed
      bogus-priv
      dhcp-range=172.24.0.100,172.24.0.250,72h
  • Edit /etc/sysctl.conf inserting
    • net.ipv4.conf.default.forwarding=1
      net.ipv4.conf.all.forwarding=1
  • Edit /etc/rc.local inserting before "exit 0"
    • iptables-restore < /etc/iptables.ipv4.nat
  • execute those commands
    • systemctl enable dnsmasq
      systemctl enable iptables

 

 

Explainations:

 

We set static net to eht0 then we set routing in iptables [forward and back] wlan<->eth then we make this setup persistent so that will persist after reboot.

Working on my RK3318 Armbian bullseye 5.15 minimal and USB3 dongle RTL8814AU (also tested with a 8812au)

Edited by MR01
Posted

Remember that with 

Quote

dhcp-range=172.24.0.100,172.24.0.250,72h

IP will change after 72h of system-up, just remove ,72h for always.

 

 

13 hours ago, lmdc45 said:

seems to have some 172.24.0.1/24 network and some 172.24.1.1/24 network probably a mistake. 
Otherwise working ok thanks

Probably my mistake, should be all 172.24.0.1 if i remember right, anyway im using it as cheap low latency powerfull wifi-eth for my gaming pc.

 image.png.6d8f65d82eff6f6df4728f2401d0ed4f.png

Posted

@lmdc45 Yeah too many failing "how to" on web, when you know how to do it with firewall rules is not that hard, but on web many do things/commands without thinking too much.

Im not very happy with this mode by using firewall, because it trigger too much the cpu when in high load of packets (like when downloading games from Steam, the cpu temperature skyrock...).
Debian has bridge-util that should do the same thing but, hopefully, better then firewall redirections.
I didnt find enough doc material on web to be sure it works and works better then my actual firewall rules so for now im stuck to this setup.

If you try that bridge-util update me with your results, i just cant ruin my setup because its necessary for my main pc-setup internet connection.

Posted (edited)

Worked fine 👍 Thank you.

I've forwarded my Internet with a Banana Pi M3 from Eth0 to Enx00.... .

It has the IP  172.x.x.1.

On Enx00.... is a router with the IP 172.x.x.2 connected. But my Banana Pi isn't listed in the routers network. 

Is it possible to add my router to this second network?

Edited by bahtiyar57
Posted
Zitat

But my Banana Pi isn't listed in the routers network. 

 

Is it possible to add my router to this second network?

Solved by running DHPC with dnsmasq on the Banana Pi M3.

Posted

When I try to enable iptables (last step), I get the folowing error:

Failed to enable unit: Refusing to operate on alias name or linked unit file: iptables.service

Posted
7 hours ago, vinic.gui said:

iptables.service

 

Never heard of a service like this.

If you want persistent iptables rules install iptables-persistent package via apt.

iptables is active already once the kernel module is loaded which most likely is by default.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines