Igor Posted October 26, 2017 Posted October 26, 2017 You mean to connect with one adaptor (wifi or wired) to some network and run AP on the other adapter?
ayyeah Posted October 27, 2017 Author Posted October 27, 2017 using opi pc and usb wifi for connect to internet then share via lan
Igor Posted October 27, 2017 Posted October 27, 2017 I plan to implement this function to armbian-config, but until then, check this working example. Except for an extra wireless AP, this is what you want and it can be little simplified since you don't need a bridge when using a single adaptor. /etc/network/interfaces Spoiler auto lo iface lo inet loopback allow-hotplug eth0 iface eth0 inet manual allow-hotplug wlx7cdd905518f9 iface wlx7cdd905518f9 inet manual allow-hotplug br0 auto br0 iface br0 inet static address 172.24.1.1 netmask 255.255.255.0 network 172.24.1.0 broadcast 172.24.1.255 bridge_ports eth0 wlx7cdd905518f9 /etc/dnsmasq.conf (you need to install dnsmasq) Spoiler interface=br0 # Use bridge interface br0 listen-address=172.24.1.1 # Explicitly specify the address to listen on bind-interfaces # Bind to the interface to make sure we aren't sending things elsewhere server=8.8.8.8 # Forward DNS requests to Google DNS domain-needed # Don't forward short names bogus-priv # Never forward addresses in the non-routed address spaces dhcp-range=172.24.1.50,172.24.1.150,12h # Assign IP addresses between 172.24.1.50 and 172.24.1.150 with a 12 hour lease time /etc/iptables.ipv4.wlan.nat # add this to rc.local right before exit0: iptables-restore < /etc/iptables.ipv4.wlan.nat Spoiler # Generated by iptables-save v1.6.0 on Thu Jul 6 18:23:43 2017 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A FORWARD -i wlan0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i br0 -o wlan0 -j ACCEPT COMMIT # Completed on Thu Jul 6 18:23:43 2017 # Generated by iptables-save v1.6.0 on Thu Jul 6 18:23:43 2017 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o wlan0 -j MASQUERADE COMMIT # Completed on Thu Jul 6 18:23:43 2017 Edit and enable net.ipv4.ip_forward=1 in /etc/sysctl.conf We have two wireless adapters, one (wlan0) is connected to the internet via nmcli-connect. That's why it's not in a interfaces config, but you can add it there and forget about Network manager role. The other wireless adaptor acts as an AP and it's optional for this setup since it's a part of a bridge, together with ethernet. There, on the bridge br0, a DHCP service is giving IP addresses and iptables are here to provide masquerading. Remember that access to the machine is possible from both networks.
Recommended Posts