| IP tables question in ubuntu hello, I'm trying to share my Internet connection with the rest of the family using ubuntu as the hotspot.
I already get the IP to the devices but I am stuck at IP forwarding. I already set up the forwarding but the firewall is blocking it. I can't access the internet so I need help.
This is the log I see..
[UFW BLOCK] IN= OUT=wlan0 SRC=10.10.0.1 DST=224.0.0.251 LEN=67 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=47
how would I go about in writing this in the IP tables?
The wlan0 is the hotspot and wlan1 is the internet adapter...thanks in advance. |
|
 DeHackEdBill Ate Tux's Rocket
join:2000-12-07 | This particular packet is multicast from your PC out the wireless. You can tell because
IN is blank (not forwarded, no input interface)
DST is 224.0.0.0 through 239.255.255.255 (multicast group)
Assuming the system in question is working to ping both Internet hosts (ping www.google.com works) and the internal network, all you need is:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o wlan1 -j MASQUERADE
That assumes nothing in the main 'FORWARD' table is blocking traffic. (See output of iptables -L FORWARD -nv and be sure to check the default policy at the top)
That's the fast and dirty version. At this time I offer no further information such as how to protect it better.
--
That's odd... |
|
| sorry i posted the wrong log.
i did try that command and still was not forwarding
i believe i have it working now thanks. what i did was do this...
quote:
First, packet forwarding needs to be enabled in ufw. Two configuration files will need to be adjusted, in /etc/default/ufw change the DEFAULT_FORWARD_POLICY to “ACCEPT”:
DEFAULT_FORWARD_POLICY="ACCEPT"
Then edit /etc/ufw/sysctl.conf and uncomment:
net.ipv4.ip_forward=1
Similarly, for IPv6 forwarding uncomment:
net.ipv6.conf.default.forwarding=1
Now we will add rules to the /etc/ufw/before.rules file. The default rules only configure the filter table, and to enable masquerading the nat table will need to be configured. Add the following to the top of the file just after the header comments:
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic from eth1 through eth0.
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
Finally, disable and re-enable ufw to apply the changes:
sudo ufw disable && sudo ufw enable
from here »help.ubuntu.com/8.04/serverguide···all.html
thanks... a second question please since i'm new to linux how do i run a batch file to automate this...
first, do i have this correct..
#!/bin/bash
sudo /bin/bash -c "
start isc-dhcp-server
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -o wlan1 -j MASQUERADE
hostapd $HOME/hostapd-minimal.conf -B
"
and second how do i run it in ubuntu? |
|
 graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | You shouldn't have to come up with a script to automate this.
If you have done things properly according to your specific distribution, the changes you made become permanent. |
|
 jimkyleBtrieve GuyPremium
join:2002-10-20
Oklahoma City, OK
kudos:2
 ·AT&T Southwest
3 edits | reply to needhelp
Don't even think about doing anything to iptables if you use UFW. While UFW stands for Uncomplicated FireWall, what it actually does is turn iptables into a much more complicated can of worms than it actually needs to be. UFW is simply a front end to the built-in iptables firewall and creates literally dozens of rules in the process of translating its own commands into actual working filters. Your manually added rules will, in all probability, never be reached by any packets.
If you want to stay with UFW, then do all of your customization through it and its before.rules and after.rules files. Then it will survive the other rules that UFW adds.
Or, if you prefer, you can get a working system following the route you've already done, then (as root via sudo) issue the command "iptables-save >/etc/myrules" to save the working set of rules, and add the command "iptables-restore </etc/myrules" to the /etc/rc.local file so that it's executed every time you boot. Then you won't need to enable UFW at all, since its actions are recorded in your /etc/myrules file. In fact if you leave it enabled, it may wipe out the effects of your customization.
--
Jim Kyle |
|
|
|
