Jump to content

h3 nat

thorn

By thorn
in Allwinner sunxi

 Share

Recommended Posts

thorn

thorn

Posted
Posted

Hi,

 

I'm using the very latest armbian build fpr orangepi+, and i'm trying to nat the network from a wireless interface to another wireless interface. My own LAN works, dns server works too, so i can connect to the orangepi+ but i can't make nat working. Is there some known issue about it, or a custom tutorial for nat with this build?

 

thanks for help

Link to comment
Share on other sites
thorn

thorn

Posted
  • Author
Posted

i have these interfaces:

 

eth0      Link encap:Ethernet  HWaddr da:b6:f9:06:ce:bb  
          inet addr:192.168.0.21  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: 2a02:ab88:82:5880:dab6:f9ff:fe06:cebb/128 Scope:Global
          inet6 addr: 2a02:ab88:82:5880:d8b6:f9ff:fe06:cebb/128 Scope:Global
          inet6 addr: fe80::d8b6:f9ff:fe06:cebb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2856 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1742 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:400193 (390.8 KiB)  TX bytes:247854 (242.0 KiB)
          Interrupt:114 


lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1180 (1.1 KiB)  TX bytes:1180 (1.1 KiB)


wlan0     Link encap:Ethernet  HWaddr 28:f3:66:4a:91:1e  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:1010 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0   TX bytes:0 (0.0 


wlan1     Link encap:Ethernet  HWaddr 28:f3:66:4a:91:1c  
          inet addr:192.168.8.1  Bcast:192.168.8.255  Mask:255.255.255.0
          inet6 addr: fe80::2af3:66ff:fe4a:911c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:79897 errors:0 dropped:5 overruns:0 frame:0
          TX packets:739 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:85119 (83.1 KiB)  TX bytes:78621 (76.7 KiB)

i have a hostapd, and an isc-dhcp-server on wlan1. my iptables policies:

 

 

Chain PREROUTING (policy ACCEPT 4 packets, 280 bytes)
 pkts bytes target     prot opt in     out     source               destination         


Chain INPUT (policy ACCEPT 4 packets, 280 bytes)
 pkts bytes target     prot opt in     out     source               destination         


Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         


Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      eht0    0.0.0.0/0            0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      eth0    192.168.8.0/24       0.0.0.0/0  
 
  
Link to comment
Share on other sites
arox

arox

Posted
Posted

Traceroute is a tool to test network routing. You connect in a shell on a host on lan 192.168.8.0 an do a traceroute to a host behind your router/nat, for example in 192.168.1.x or in Internet.

(apt-get install inetutils-traceroute)

 

Ex : traceroute www.sncf.com

1  192.168.1.1 (192.168.1.1)  1.607 ms  3.134 ms  2.470 ms
 2  do-5-8-189-207-254.fbx.pad.net (88.111.207.254)  29.190 ms  28.712 ms  29.376 ms
 3  43.228.12.190 (43.228.12.190)  31.137 ms  31.738 ms  31.446 ms
...

...

 

It will send ICMP echo request with a limited and progressive "cross router" allowance (Time To Leave). Then each router in the path will send back an TTL exceeded and the tool will present 1 line per hop that succeed with  3 response time sample. (and * * * when it fails)

 

If you just reach your nat/router and don't see a address ping beyond, then your routing/translation fail. If you get no response or it presents more lines, then it is another problem.

Link to comment
Share on other sites
thorn

thorn

Posted
  • Author
Posted
upps sorry i didn't missread your post. well, i only tested this network with android devices. if i ping google dns, than it says that the destination host is unreachable. so for the first time i tried this network with windows and android devices too:
 
Windows:
Tracing route to google-public-dns-a.google.com [8.8.8.8] over maximum 30 hops:
1  *   *  *  Request timed out.
 2  7 ms  8 ms  7 ms  hu-bud02a-ra4-ae54-0.aorta.net [84.116.240.205]
 3  9 ms  7 ms  7 ms 84.116.137.82
 4  7 ms  13 ms  7 ms 72.14.209.116
 5  7 ms  7 ms  7 ms 72.14.238.119
 6  6 ms  7 ms  7 ms  google-public-dns-a.google.com [8.8.8.8]
Android:
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 bytes packets
 1  192.168.8.11 (192.168.8.11)  2990.518 ms !H  726.875 ms  !H  2998.021 ms  !H
after this result i tried with an odroid debian 8:
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  192.168.8.13 (192.168.8.13)  2997.242 ms !H  2997.044 ms !H  2996.976 ms !H

so now i really have no idea why it doesn't work with linux os :/

Link to comment
Share on other sites
arox

arox

Posted
Posted

You should verify you netmask and your default router on 192.168.8.11 and 192.168.8.13 !

 

(netstat -rn)

 

Your default router should be 192.168.8.1 if I understand your network configuration and the mask 255.255.255.0

Link to comment
Share on other sites
thorn

thorn

Posted
  • Author
Posted

and it is true, i set everything to static in my devices and it is working now. the netstat -rn result is:

 

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.8.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan1
 
so i guess here the gateway missing is the problem and i think i don't have any default nameserver set on my orangepi+. thanks :)
Link to comment
Share on other sites
arox

arox

Posted
Posted

To point to a nameserver, put 'nameserver 8.8.8.8' in /etc/resolv.conf on your workstations.

 

Your isc-dhcp-server config is probably bad. It should distribute everything properly to your hosts.

 

And if I were you, I would use dnsmasq that can serve as DHCP server and DNS cache/relay server.

 

Nota Bene :

 

"so i guess here the gateway missing is the problem and i think i don't have any default nameserver set on my orangepi+."

 

Your orangepi+ is your nat/router, it doesn't really need to point to a nameserver. A nameserver pointer is just a user interface help to avoid using addresses or fill /etc/hosts. But it is the best place to provide name service for the users worstation (with dnsmasq - much lighter than bind), and in that case you will probably want to fill /etc/resolv.conf on orangepi+

Link to comment
Share on other sites
thorn

thorn

Posted
  • Author
Posted

here is my conf file of isc-dhcp-server:

subnet 192.168.8.0 netmask 255.255.255.0 {
        range 192.168.8.10 192.168.8.254;
        option routers 192.168.8.2;
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.8.254;
        option ntp-servers 192.168.8.1;
        option netbios-name-servers 192.168.8.1;
        option netbios-node-type 8;
}
so added the line:
option domain-name-servers 8.8.8.8, 8.8.4.4;
and change the router ip to 192.186.8.1. 
and now it is working. 
 
I tried dnsmasq before, but -probably i couldn't configure it properly- it didn't work as dhcp server, so than i decided to change to isc-dhcp-server. Maybe, if i will have time for it, i will try to check the dnsmasq again. Thanks for the help
Link to comment
Share on other sites
arox

arox

Posted
Posted

 

here is my conf file of isc-dhcp-server:

subnet 192.168.8.0 netmask 255.255.255.0 {
        range 192.168.8.10 192.168.8.254;
        option routers 192.168.8.2;
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.8.254;
        option ntp-servers 192.168.8.1;
        option netbios-name-servers 192.168.8.1;
        option netbios-node-type 8;
}
so added the line:
option domain-name-servers 8.8.8.8, 8.8.4.4;
and change the router ip to 192.186.8.1. 
and now it is working. 
 
I tried dnsmasq before, but -probably i couldn't configure it properly- it didn't work as dhcp server, so than i decided to change to isc-dhcp-server. Maybe, if i will have time for it, i will try to check the dnsmasq again. Thanks for the help

 

 

 

"option netbios-name-servers 192.168.8.1;"

 

Note sure dnsmasq can do netbios name service ... But with a simple line :

 

dhcp-range=192.168.8.10,192.168.8.254,255.255.255.0,12h

 

it should works. (By default, it will advertise itself as router)

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines

  I accept