Linux as Proxy Server for Wi-Fi (intermediary gateway)

_Rado_ · 08-12-2013, 03:38 AM

Hi Guys

I need your help with configuration of linux station - 10.10.1.2
I would like to set it up as gateway (traffic analyzer/load balancer) for my wifi subnet.
I get connection to Internet from Linux station but I still don't get connection to it from wifi side when I use linux station as gateway for wifi clients.
For now I enebled packet forwarding on linux machine and I set up default gateway at 10.10.1.1 but as I see it's not enough.

I read some materials about iptables configuration and I know I probably need to use -nat table with POSTROUTING chain.
These materials say I should use SNAT instead of MASQUERADE because I have static ip.
Anyway I tried both of them and I couldn't access Internet from wifi side.
When I change configuration of wifi router and I set 10.10.1.1 as default gateway instead of 10.10.1.2 everything works fine but it's not my point;-).
Please help me with this configiration ang explain what I missed.

PS. I saw few examples on forum but they explained situation using two nic's with traffic forwarding between two different networks. In my situation I would like to use one nic and forward traffic inside one network. Is it even possible?

INTERNET GATEWAY
|10.10.1.1|
|
| SUBNET 10.10.1.0/24
|
|
|10.10.1.2| ----------SWITCH-----------|10.10.1.8|
LINUX PROXY WIFI ROUTER GW-10.10.1.2
GW-10.10.1.1 |
|192.168.0.0/24|
WIFI SUBNET

_Rado_ · 08-12-2013, 03:40 AM

I apologise - network schema doesn't look fine. I will try fix it up.

Ok, I added picture with network schema - now it should be readable;-)

_Rado_ · 08-12-2013, 08:34 AM

Ok I tested some configurations and I achieve some positive results(for now).
My configuration was done using Fedora 19.
I used commands described below:

1. iptables-save > iptablesOriginalRules.conf (write predefined installation rules to file)
2. systemctl restart iptables.service (system erased all iptables rules, don't know why, in my opinion it should reload iptables with it's saved rules)

For myself the above are just fine. I could write basic configuration rules.

3. iptables -P INPUT DROP
4. iptables -P FORWARD DROP
5. iptables -P OUTPUT DROP

Three above are to block all trafic [no communication in/out Linux box, very secure box;-)]

6. iptables -A INPUT -i lo -j ACCEPT
7. iptables -A OUTPUT -o lo -j ACCEPT

Two above are to set up loopback interface

8. iptables -A FORWARD -j ACCEPT [allow packets forwarding via Linux box, probably not so secure at this stage]

9. iptables ... [build your own iptables security rules;-)]

For now it's ok. I have 'routing' via my Fedora linux box and I can make new steps;-).

Thank you for viewing my thread. If somebody has better solution I appreciate it. Have a nice day!