LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-23-2016, 04:33 PM   #1
ChronicUser
Member
 
Registered: Mar 2015
Posts: 31

Rep: Reputation: Disabled
Connection sharing between two interfaces


Okay so either I am dummer then I look or there is a real problem here.

Fedora 23
Interface 1: enp9s0 192.168.1.137 255.255.255.0 Wired (Internet connection)
Interface 2: wlp0s20u14 192.168.10.1 255.255.255.128 Wireless (no internet connection)

Here is what I am trying to do:

Create a wireless hotspot on interface 2 and then have anyone who connects to have access to the internet via interface 1 which is connected to the internet.

The list of things that I have tried thus far is hilariously long.
Tried switching from firewalld to iptables, follow a good amount of guides on the net but to no avail.

Can anyone help me share the connection from interface 1 to interface 2 and all the devices connected to the interface 2?

Creating a hotspot seams to work and I get the dhcpd server to run on interface 2 and the devices get the ip addresses but they do not have internet access.

Could someone please help me out? I ran out of options here. If possible at all I would like to stick with firewalld due to some virtual machines that are running but if not I ll gladly take what I can get and iptables will do just fine.
 
Old 07-23-2016, 08:11 PM   #2
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,757

Rep: Reputation: 1138Reputation: 1138Reputation: 1138Reputation: 1138Reputation: 1138Reputation: 1138Reputation: 1138Reputation: 1138Reputation: 1138
Well, NetworkManager should take care of all of the steps required, including making sure that IP forwarding is enabled, and that NAT is configured for masquerading. Check with
Code:
cat /proc/sys/net/ipv4/ip_forward
Code:
iptables -L
The following hostapd thread might be helpful to showing what's required under the hood....
http://unix.stackexchange.com/questi...omething-wrong
 
Old 07-24-2016, 11:13 AM   #3
ChronicUser
Member
 
Registered: Mar 2015
Posts: 31

Original Poster
Rep: Reputation: Disabled
Quote:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
OUTPUT_direct all -- anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]
FWDI_public all -- anywhere anywhere [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]
FWDO_public all -- anywhere anywhere [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_public (2 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere

Chain FWDI_public_allow (1 references)
target prot opt source destination

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDO_public (2 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere

Chain FWDO_public_allow (1 references)
target prot opt source destination

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]
IN_public all -- anywhere anywhere [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_public (2 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination


cat /proc/sys/net/ipv4/ip_forward
1
 
Old 07-24-2016, 02:42 PM   #4
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,757

Rep: Reputation: 1138Reputation: 1138Reputation: 1138Reputation: 1138Reputation: 1138Reputation: 1138Reputation: 1138Reputation: 1138Reputation: 1138
Ok, so IP forwarding is enabled, but you need as a minimum something like
Code:
iptables -t nat -A POSTROUTING -o enp9s0 -j MASQUERADE
and perhaps
Code:
iptables -A FORWARD -i wlp0s20u14 -j ACCEPT
However, NM internet sharing should take care of all the networking requirements for you. If it doesn't a bug report might be in order.

Just in case these are helpful to you to get a better idea with respect to manual configuration...
https://www.howtoforge.com/internet-...ading-on-linux
http://superuser.com/questions/61664...es-for-hostapd
https://wiki.archlinux.org/index.php...ket_forwarding

Last edited by ferrari; 07-24-2016 at 02:44 PM.
 
Old 07-24-2016, 03:25 PM   #5
ChronicUser
Member
 
Registered: Mar 2015
Posts: 31

Original Poster
Rep: Reputation: Disabled
I ve done what you have suggested even though MASQUERADE was enabled by the firewalld.

I suspect that the problem is not the firewall itself but rather instead that the routes are unknown.
Here is my reasoning behind the conclusion.

route -n
Quote:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.50 0.0.0.0 UG 100 0 0 enp9s0
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 enp9s0
192.168.10.0 0.0.0.0 255.255.255.128 U 0 0 0 wlp0s20u9u1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
ping -I enp9s0 192.168.10.1 [Works]
ping -I wlp0s20u9u1 192.168.1.137 [Does not work[
Quote:
From 192.168.10.1 icmp_seq=1 Destination Host Unreachable
From 192.168.10.1 icmp_seq=2 Destination Host Unreachable
From 192.168.10.1 icmp_seq=3 Destination Host Unreachable
From 192.168.10.1 icmp_seq=4 Destination Host Unreachable
Could I ask you or anyone else to help me set up the routes? Because it appears that anything coming from 192.168.10.1 ip address or from the network 192.168.10.0/25 simply does not know where to go.

I could be mistaken but that is my conclusion.

Thank you all for your time.
 
  


Reply

Tags
fedora, firewalld, interface, network


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple network interfaces in debian w/ sporadic connection JohnLocke Linux - Networking 4 09-16-2013 02:25 PM
[SOLVED] multiple interfaces - intermittent connection td3201 Linux - Networking 2 01-08-2012 05:23 PM
Do I need a new stanza in network-interfaces to get wireless connection up? sonichedgehog Linux - Networking 9 08-26-2009 05:30 AM
Internet Connection issue with 2 Network interfaces Andrea_44 Ubuntu 1 10-05-2006 04:08 PM
idea: sharing net connection, method: iptables..., problem: broken net connection :( danny2055 Linux - Networking 4 06-09-2003 08:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration