Bridge hostapd coonected user to internet router

jan jan
Sat Nov 16 06:43:31 PST 2013


Hi,

I've insert the wrong devices. Clearly, eth1 must be wlan0 ;)
Before I used iptables-save/restore, i wrote a little script, which I 
execute with a cronjob every boot up.

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface wlan0 -j ACCEPT

This worked for me flawlessly.
Router: 192.168.178.1
Hostapd-AP: 192.168.178.22 (eth0)
                         10.0.0.1 (wlan0)
Android-Cellphone: 10.0.0.10

Whats with your DHCP config, did you set the default-gateway?
(I'm using isc-dhcp-server)

ddns-update-style none;
ignore client-updates;
authoritative;
default-lease-time 172800;
max-lease-time 182800;

#$ TELEFONMAST
subnet 10.0.0.0 netmask 255.255.255.0 {
     option routers 10.0.0.1;
     option subnet-mask 255.255.255.0;
     option broadcast-address 10.0.0.255;
     option domain-name-servers 8.8.8.8, 8.8.4.4;
     option time-offset 0;
     range 10.0.0.10 10.0.0.110;
     interface wlan0;

}



Jan


Am 16.11.2013 04:42, schrieb Kf Lee:
>   Hi, Jan,
>
>   Thanks for the advice. I follow your example and put a script as follow:
>   #
>   sysctl -w net.ipv4.ip_forward=1
>   iptables -Z
>   iptables -F
>   iptables -A FORWARD -o eth0 -i wlan0 -s 10.0.0.0/24 -m conntrack
> --ctstate NEW -j ACCEPT
>   iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
>   iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>   echo 1 > /proc/sys/net/ipv4/ip_forward
>
>   Then I ping using (router address is set to: 192.168.1.5) :
>
>   ping -c 3 -I eth0 192.168.1.5  and it echo back ok;
>   ping -c 3 -I wlan0 192.168.1.5  and it does not respond.
>   So I guess the iptables forwarding mechanism is still not working.
>
>   I use phone to connect to the TESTAP and the connection dhcp of IP address ok.
>   I can ping the PC from the Phone, so I guess hostapd is working properly,
>   but I also can not ping 192.168.1.5 router.
>
>   The iptables-save shows:
>   # Generated by iptables-save v1.4.12 on Sat Nov 16 10:45:10 2013
>   *nat
>   :PREROUTING ACCEPT [17:5234]
>   :INPUT ACCEPT [4:857]
>   :OUTPUT ACCEPT [3:252]
>   :POSTROUTING ACCEPT [2:168]
>   -A POSTROUTING -o eth0 -j MASQUERADE
>   COMMIT
>
> # Completed on Sat Nov 16 10:45:10 2013
>   # Generated by iptables-save v1.4.12 on Sat Nov 16 10:45:10 2013
>   *filter
>   :INPUT ACCEPT [17:2185]
>   :FORWARD ACCEPT [0:0]
>   :OUTPUT ACCEPT [15:1344]
>   -A FORWARD -i wlan0 -o eth0 -m conntrack --ctstate NEW -j ACCEPT
>   -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
>   COMMIT
>   # Completed on Sat Nov 16 10:45:10 2013
>
>   I have try many different way of scripting with -d 192.168.1.0 or
> remove -s alltogether as well as replace conntrack by state as some
> said in the web but all to no  result.
>
>   I noted the above FORWARD ACCEPT is [0:0] so possibly it is the
> problem. Can you  please take a look of the script to see what could
> be wrong?
>
>   I also noted that in your example, you use eth1 instead of wlan0,
> could there some other setup needed?
>
>   One other possibility is: do I need to use 'route' command to setup something?
>
> Thanks, kfl.
>
>
> On Sat, Nov 16, 2013 at 1:51 AM, jan <jan at jabra-server.net> wrote:
>> root at server:~# cat  /etc/iptables.rules
>> # Generated by iptables-save v1.4.12 on Mon Oct 21 14:20:11 2013
>> *filter
>> :INPUT ACCEPT [139186815:198760302176]
>> :FORWARD ACCEPT [164720:119001188]
>> :OUTPUT ACCEPT [71521197:51782117907]
>> -A FORWARD -i wlan0 -j ACCEPT
>> COMMIT
>> # Completed on Mon Oct 21 14:20:11 2013
>> # Generated by iptables-save v1.4.12 on Mon Oct 21 14:20:11 2013
>> *nat
>> :PREROUTING ACCEPT [20829:1924943]
>> :INPUT ACCEPT [15083:1550208]
>> :OUTPUT ACCEPT [377940:23333519]
>> :POSTROUTING ACCEPT [334113:20054009]
>> -A POSTROUTING -o eth0 -j MASQUERADE
>> COMMIT
>> # Completed on Mon Oct 21 14:20:11 2013
>>
>>
>> This is working config for me. Just save it an restore it with
>> iptables-restore.
>> Or you can try the solution from the ubuntuusers.de wiki:
>>
>> sysctl -w net.ipv4.ip_forward=1  #Activate the ipv4 forwarding
>> iptables -A FORWARD -o eth0 -i eth1 -s 10.0.0.0/24 -m conntrack --ctstate
>> NEW -j ACCEPT
>> iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>
>> To activate ipv4 forwarding permantly you need to edit your
>> /etc/sysctl.conf.
>> /etc/sysctl.conf:
>> net.ipv4.ip_forward = 1
>>
>>
>> Jan
>>
>> Am 15.11.2013 18:21, schrieb Kf Lee:
>>
>> HI,
>>
>> I just managed to install hostapd +  dhcpd and configure wlan0 to act as ap
>> in 10.0.0.1
>> with android  user is able to connect the ap with an assigned ip  10.0.0.65.
>> The pc (Linuxmint 15) that Is cable wired to the  router is in 192.1.168.111
>> and the router  ip set to 192.168.1.1
>>
>> I thought tthat the Android user should be able to connect to internet via
>> pc using  iptables to forward the package but it can't.  First question : is
>> this right thinking ? If it in the rght track, can  anyone provide  a
>> working example ?
>>
>> I search through a lot write up in the web and none actually work which
>> surprised me. This seem a quite typical use of hostapd.
>>
>> I also try use bridge but the brctl command say that bridge does not support
>> wlan0 .  From reading it become clear bridge is for bridging wired network
>> segments.
>>
>> Any help is appreciated .
>> Rgds ,  kfl.
>>
>>
>>
>> _______________________________________________
>> HostAP mailing list
>> HostAP at lists.shmoo.com
>> http://lists.shmoo.com/mailman/listinfo/hostap
>>
>>
>>
>> _______________________________________________
>> HostAP mailing list
>> HostAP at lists.shmoo.com
>> http://lists.shmoo.com/mailman/listinfo/hostap
>>
>
>




More information about the Hostap mailing list