IP forwarding problem

[Matthai]

I have OrangePi Zero and want to use it the following way:

1. OrangePi Zero is connected to internet via Wi-fi

2. on OrangePi's eth0 port is running DHCP server

3. I connect a computer to eth0 port on OrangePi, get IP address via DHCP and access to the internet

 

So internet is provided to eth0 via wlan0.

Now, I managed to install dnsmasq, and it is working. Basically my config (/etc/dnsmasq.conf) is:

interface=eth0
listen-address=172.16.0.1
bind-interfaces
addn-hosts=/etc/dnsmasq/hosts.conf
dhcp-range=172.16.0.50,172.16.0.150,12h
dhcp-leasefile=/var/lib/misc/dnsmasq.leases

 

IP of eth0 on OrangePi Zero is:

ifconfig
eth0      Link encap:Ethernet  HWaddr e6:a4:5a:d5:e5:0b  
          inet addr:172.16.0.1  Bcast:172.16.0.255  Mask:255.255.255.0
          inet6 addr: fe80::e4a4:5aff:fed5:e50b/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:238 (238.0 B)
          Interrupt:114

 

So, when I connect a computer to OrangePi's eth0 port, I get IP address 172.16.0.97 (on this external computer).

 

I can ping OrangePi Zero (172.16.0.1), from OrangePi Zero I can ping this device (ping 172.16.0.97), however, IP forwarding is not working.

 

I said:
 

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

and also:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

Still, IP forwarding does not work (while DHCP and ping works perfectly).

 

Any idea what could be a problem?

[hkubota]

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

and also:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEsudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPTsudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

Still, IP forwarding does not work (while DHCP and ping works perfectly).
 
Any idea what could be a problem?

My guess: you got wlan0 and eth0 wrong for the iptables section.

Harald


Sent from my Nexus 9 using Tapatalk

[Matthai]

I don't think so. On some other device I set up Wifi access point. And I just "flipped" eth0/wlan0 from those settings (which in fact are working).

[Igor]

Here is my very similar but working configuration:

wlan0 is connected to "the internet", eth0 and second wireless (currently not attached) are local networks, bridged to br0.

Spoiler

br0       Link encap:Ethernet  HWaddr 02:8a:08:82:8f:3e  
          inet addr:172.24.1.1  Bcast:172.24.1.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth0      Link encap:Ethernet  HWaddr 02:8a:08:82:8f:3e  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:51 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:52 errors:0 dropped:0 overruns:0 frame:0
          TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4698 (4.6 KB)  TX bytes:4698 (4.6 KB)

wlan0     Link encap:Ethernet  HWaddr 00:22:f4:f2:fc:50  
          inet addr:172.16.100.183  Bcast:172.16.100.255  Mask:255.255.255.0
          inet6 addr: fe80::92ab:2546:2ded:fb58/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:461 errors:0 dropped:0 overruns:0 frame:0
          TX packets:421 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:38757 (38.7 KB)  TX bytes:65293 (65.2 KB)

 

 

/etc/rc.local and /etc/iptables.ipv4.wlan.nat

Spoiler

iptables-restore < /etc/iptables.ipv4.wlan.nat
service dnsmasq restart

# Generated by iptables-save v1.6.0 on Thu Jul  6 18:23:43 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -i wlan0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i br0 -o wlan0 -j ACCEPT
COMMIT
# Completed on Thu Jul  6 18:23:43 2017
# Generated by iptables-save v1.6.0 on Thu Jul  6 18:23:43 2017
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Thu Jul  6 18:23:43 2017

 

 

 

/etc/dnsmasq.conf

Spoiler

interface=br0                           # Use interface wlan0
listen-address=172.24.1.1               # Explicitly specify the address to listen on
bind-interfaces                         # Bind to the interface to make sure we aren't sending things elsewhere
server=8.8.8.8                          # Forward DNS requests to Google DNS
domain-needed                           # Don't forward short names
bogus-priv                              # Never forward addresses in the non-routed address spaces
dhcp-range=172.24.1.50,172.24.1.150,12h # Assign IP addresses between 172.24.1.50 and 172.24.1.150 with a 12 hour lease time

 

 

I hope it helps.