Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
wireless server (ip of this server is 192.168.1.1) -- target board ( wireless client [ip of this is got for wireless server is 192.168.1.3 ] , bridge (192.168.36.1) )-- linux pc ( 192.168.36.3)
as show above i have target board for that i have a wireless interface and a linux pc is connected to target board
now the ips are like this for linux pc 192.168.36.3
and my target board bridge ip s 192.168.36.1
my wireless interface got ip from another server like 192.168.1.3 ,now if i do ping on my target board for 192.168.1.1 it goes through wireless interface to the 192.168.1.1 wireless server.
but when i do the same from target board connected linux pc its not pinging
from linux pc i could able to ping to 192.168.1.3 but not 192.168.1.1
So any ideas..?
your help will be hightly appreciated
I think i need to write a iptable rule properly on my target board to forward the 192.168.1.* packtes to wireless interface.
wireless server (ip of this server is 192.168.1.1) -- target board ( wireless client [ip of this is got for wireless server is 192.168.1.3 ] , bridge (192.168.36.1) )-- linux pc ( 192.168.36.3)
as show above i have target board for that i have a wireless interface and a linux pc is connected to target board
now the ips are like this for linux pc 192.168.36.3
and my target board bridge ip s 192.168.36.1
my wireless interface got ip from another server like 192.168.1.3 ,now if i do ping on my target board for 192.168.1.1 it goes through wireless interface to the 192.168.1.1 wireless server.
but when i do the same from target board connected linux pc its not pinging
from linux pc i could able to ping to 192.168.1.3 but not 192.168.1.1
So any ideas..?
your help will be hightly appreciated
I think i need to write a iptable rule properly on my target board to forward the 192.168.1.* packtes to wireless interface.
If you have box with two or more interfaces, you need to allow FORWARD between them. You can simply change default rule to ACCEPT and put "1" to /proc/sys/net/ipv4/ip_forward.
You need to either enable SNAT on the wireless interface, or set up a static route on the wireless router telling it that the 192.168.1.0/24 network is reached via 192.168.1.3.
I have done following packet capturing using tcpdump
1. put ping on my linux board ( connected with target board )
2. capture the packetrs coming ath0 interface ( wireless ).
here the result is it is receving packets from my linux pc .
Conclusion is packets are forwarded to ath0
3. capture the packets ont the wireless router ( i.e 192.168.1.1 )
Hers the result is , replieing with "udp port 137 unreachable"
So i guess i need to do the SNAT on my target board wireless interface
as like coming with ip 192.168.48.0/24 snat to 192.168.1.3
You should not need a DNAT rule unless you want to allow traffic back in from the wireless. You will need to add in another rule to FORWARD accepting incoming traffic.
Code:
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
Please enclose any output in [code] tags, as it is very difficult to read without fixed width fonts.
I was going to say google it but I tried, and found nothing really informative...
--DNAT (Destination NAT) is for changing the destination of a packet.
Common Usage: If you only have an external IP address (66.66.66.66) and you want people to be able to connect to a webserver you have on an internal LAN address (10.1.1.20). You would change any packets that come to the 66.66.66.66 address on port 80 so that they get routed to the internal address. It is commonly called port forwarding with consumer routers.
-- SNAT (Source NAT) is for changing the source address of a packet.
Common Usage: If you have a LAN with many computers on private IP addresses, and you want them to be able to use the internet through one public IP address. You get your router to change the source address of packets coming from the LAN so that they match the outside IP address. This way when the computer that your LAN computers are communicating with get the packet, it will know where to send it (to your public IP)
Iam having my setup as told in my previous threads.
Iam having an issue here , except ping or dig i cannot do anything from my linux ip this is because my rules where very specific to the ip address.
Iam now trying to write a dynamic rule in forward chain , such a way that it should send all traffic which has not satisfied in br0 to the ath0
(what i mean is like , it should first see if any of the bridge satisifies the request or else , if first rule fails then it has to goto ath0 ).
while doing snat also it should be like , what ever ath0 ip we get it
should be my snat ip .
So that i can browse , ftp etc from linux machine
regards
To help your cause, it might be a good idea to create a rule that logs everything that is dropped. So anything not allowed...is dropped.
THis helps a great deal when troubleshooting.
An example being...
Code:
iptables -N LOG_DROP
iptables -A LOG_DROP -j LOG --log-prefix "<prefix>" --log-level <level>
iptables -A INPUT -j LOG_DROP
iptables -A FORWARD -j LOG_DROP
iptables -A OUTPUT -j LOG_DROP
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.