Bridge hostapd coonected user to internet router

Kf Lee kflee2000
Fri Nov 15 19:42:05 PST 2013 

 Hi, Jan,

 Thanks for the advice. I follow your example and put a script as follow:
 #
 sysctl -w net.ipv4.ip_forward=1
 iptables -Z
 iptables -F
 iptables -A FORWARD -o eth0 -i wlan0 -s 10.0.0.0/24 -m conntrack
--ctstate NEW -j ACCEPT
 iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 echo 1 > /proc/sys/net/ipv4/ip_forward

 Then I ping using (router address is set to: 192.168.1.5) :

 ping -c 3 -I eth0 192.168.1.5  and it echo back ok;
 ping -c 3 -I wlan0 192.168.1.5  and it does not respond.
 So I guess the iptables forwarding mechanism is still not working.

 I use phone to connect to the TESTAP and the connection dhcp of IP address ok.
 I can ping the PC from the Phone, so I guess hostapd is working properly,
 but I also can not ping 192.168.1.5 router.

 The iptables-save shows:
 # Generated by iptables-save v1.4.12 on Sat Nov 16 10:45:10 2013
 *nat
 :PREROUTING ACCEPT [17:5234]
 :INPUT ACCEPT [4:857]
 :OUTPUT ACCEPT [3:252]
 :POSTROUTING ACCEPT [2:168]
 -A POSTROUTING -o eth0 -j MASQUERADE
 COMMIT

# Completed on Sat Nov 16 10:45:10 2013
 # Generated by iptables-save v1.4.12 on Sat Nov 16 10:45:10 2013
 *filter
 :INPUT ACCEPT [17:2185]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [15:1344]
 -A FORWARD -i wlan0 -o eth0 -m conntrack --ctstate NEW -j ACCEPT
 -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 COMMIT
 # Completed on Sat Nov 16 10:45:10 2013

 I have try many different way of scripting with -d 192.168.1.0 or
remove -s alltogether as well as replace conntrack by state as some
said in the web but all to no  result.

 I noted the above FORWARD ACCEPT is [0:0] so possibly it is the
problem. Can you  please take a look of the script to see what could
be wrong?

 I also noted that in your example, you use eth1 instead of wlan0,
could there some other setup needed?

 One other possibility is: do I need to use 'route' command to setup something?

Thanks, kfl.


On Sat, Nov 16, 2013 at 1:51 AM, jan <jan at jabra-server.net> wrote:
> root at server:~# cat  /etc/iptables.rules
> # Generated by iptables-save v1.4.12 on Mon Oct 21 14:20:11 2013
> *filter
> :INPUT ACCEPT [139186815:198760302176]
> :FORWARD ACCEPT [164720:119001188]
> :OUTPUT ACCEPT [71521197:51782117907]
> -A FORWARD -i wlan0 -j ACCEPT
> COMMIT
> # Completed on Mon Oct 21 14:20:11 2013
> # Generated by iptables-save v1.4.12 on Mon Oct 21 14:20:11 2013
> *nat
> :PREROUTING ACCEPT [20829:1924943]
> :INPUT ACCEPT [15083:1550208]
> :OUTPUT ACCEPT [377940:23333519]
> :POSTROUTING ACCEPT [334113:20054009]
> -A POSTROUTING -o eth0 -j MASQUERADE
> COMMIT
> # Completed on Mon Oct 21 14:20:11 2013
>
>
> This is working config for me. Just save it an restore it with
> iptables-restore.
> Or you can try the solution from the ubuntuusers.de wiki:
>
> sysctl -w net.ipv4.ip_forward=1  #Activate the ipv4 forwarding
> iptables -A FORWARD -o eth0 -i eth1 -s 10.0.0.0/24 -m conntrack --ctstate
> NEW -j ACCEPT
> iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> To activate ipv4 forwarding permantly you need to edit your
> /etc/sysctl.conf.
> /etc/sysctl.conf:
> net.ipv4.ip_forward = 1
>
>
> Jan
>
> Am 15.11.2013 18:21, schrieb Kf Lee:
>
> HI,
>
> I just managed to install hostapd +  dhcpd and configure wlan0 to act as ap
> in 10.0.0.1
> with android  user is able to connect the ap with an assigned ip  10.0.0.65.
> The pc (Linuxmint 15) that Is cable wired to the  router is in 192.1.168.111
> and the router  ip set to 192.168.1.1
>
> I thought tthat the Android user should be able to connect to internet via
> pc using  iptables to forward the package but it can't.  First question : is
> this right thinking ? If it in the rght track, can  anyone provide  a
> working example ?
>
> I search through a lot write up in the web and none actually work which
> surprised me. This seem a quite typical use of hostapd.
>
> I also try use bridge but the brctl command say that bridge does not support
> wlan0 .  From reading it become clear bridge is for bridging wired network
> segments.
>
> Any help is appreciated .
> Rgds ,  kfl.
>
>
>
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
>
>
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>



-- 
-----------------------------------------------------------------------------------------------------------
IT&C (HK) Ltd. www.itnc.com  Tel:+852 6913 0049
PENIT (China) Ltd. www.penit.com : Tel: +86 755 26811370
E-Mail: kflee2000 at gmail.COM
           KFLee at ITNC.COM

SKYPE: kflee2000  QQ?129929-6015
19A, Seascape Plaza, 18 Taizi Road, Shekou, Shenzhen, PROC.
**** ACW: Alternative Class of Webspace ?????? *****
www.itnc.com  - Hong Kong Based HQ
www.penit.com - Logistic Software Developer
www.jpfree.com - ACW for Japan
www.twfree.com - ACW for Taiwan
www.cnfree.com - ACW for China
www.asiafree.net    -  Free Business Card Site

---------------------------------------------------------------------------------------------

More information about the Hostap mailing list