# IP Masquerading setup? [SOLVED]

## cwr

I've been trying to connect a Raspberry Pi to the internet

via a laptop, and failing completely.  The last time I did

this it was pretty straightforward, but I must have forgotten

some of the details, because I can't make it work now.

On the laptop I have usb0, 192.168.4.10, and wlan0, 192.168.4.20.

The RPi is on usb0, with an address of 192.168.4.9.  I can ping

the RPi and the internet from the laptop, and the laptop from

the RPi, but not the internet from the RPi.

I've set up forwarding through /proc/sys/net/ipv4/ip_forward

and loaded all the relevant modules, but I can't get a iptables

policy which connects usb0 and wlan0.  I think the problem

must be in the routing table, which is:

```

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         192.168.4.1     0.0.0.0         UG    0      0        0 wlan0

127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo

192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 usb0

```

Thanks for any ideas - WillLast edited by cwr on Sun May 21, 2017 2:58 pm; edited 1 time in total

----------

## Telemin

You have enabled forwarding but need to set rules to actually make sure packets get forwarded between interfaces on the laptop.  In addition you can't just forward packets and expect them to get delivered as the rest of your network, specifically your router, has no knowledge of the RPi and no rules to route traffic to it - you will need to NAT.

Something like the following is the usual recipe:

```

iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

iptables -A FORWARD -i wlan0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i usb1 -o wlan0 -j ACCEPT

```

The MASQUERADE rule performs address rewriting so that the rest of the network thinks that the laptop is communicating with them, rather than the RPi (hence the name), and the FORWARD rules actually make sure the packets pass between adapters.

-Telemin-

----------

## NeddySeagoon

cwr,

If you use ppp from the laptop to the pi. then  

```
#!/bin/bash

#

# ipaqnet       Control script for iPAQ USBNet connection

#

# Author: Michel Stempin

# Creation: 11/08/2002

# additional comments and minor tweaks

# Roy Bamford 6 Dec 2003

PC_ADDR=192.168.100.201

IPAQ_ADDR=192.168.100.202

IPAQ_NET=192.168.100.0/24

# WARNING:usb0 is hard coded in some places

UPLINK_IF=usb0

start() {

    # load the usb networking module

    /sbin/modprobe usbnet

    

    # bring up the PC end of the link with IP addr PC_ADDR

    # exit if it fails for some reason

    /sbin/ifconfig usb0 inet $PC_ADDR up

    if [ $? -ne 0 ]; then

        echo "Could not set up usb0"

        echo "Is the iPaq connected and switched on?"

        exit 1

    fi

 

    # set up proxy_arp for our usb interface 

    echo "1" >/proc/sys/net/ipv4/conf/usb0/proxy_arp

    UPLINK=`/sbin/ifconfig $UPLINK_IF >/dev/null 2>&1`

    # exit if it fails for some reason

    if [ $? -ne 0 ]; then

        echo "Could not set up proxy_arp for usb0"

        exit 1

    fi

 

    # set up proxy_arp for eth0, so this better be our

    # internet connection

    echo "1" >/proc/sys/net/ipv4/conf/eth0/proxy_arp

    # turn on IP forwarding

    echo "1" >/proc/sys/net/ipv4/ip_forward

    # delete the unwanted route via usb0

    # its wrong anyway

    /sbin/route del -net $IPAQ_NET dev usb0

    # add the route we really want

    /sbin/route add $IPAQ_ADDR dev usb0

}

stop() {

    /sbin/ifconfig usb0 down

    # rmmod -r usbnet

}

case "$1" in

    start|add)

        start

        ;;

    stop|remove)

        stop

        ;;

    *)

        echo $"Usage: $0 {start|stop|add|remove}"

        exit 1

esac
```

running on the laptop will do what you want.  No extra firewall rules required.

The script was originally used for an iPaq.

----------

## cwr

Thanks - I've been trying iptables setups very like those Telemin, and so I'll go back

and try again.  It's been a long day of frustration, so just to know that I wasn't dreaming

when I last set it up and that it can work is nice.

I'll also tinker with Neddy Seagoon's script - the RPi is communicating via usb OTG,

so networking, from that point of view, is pretty standard.

In hope - Will

UPDATE

Telemin's setup was one I'd tried; where I'd apparently failed was in not enabling

the usb0 proxy_arp according to Neddy Seagoon's script.

Many, many thanks - Will

----------

