# [SOLVED]Network set up

## The Sk

Hello. 

I'm trying to bridge ppp0 with wlan0 (an access point) without using brtcl, since I can't:

```

can't add ppp0 to bridge br0: Invalid argument
```

What I'm really trying to accomplish is to forward WAN packets from ppp0 into my LAN in wlan0. I tried setting up NAT in iptables but i can't access the Internet (ppp0) from my phone connected on wlan0 using this guide.

I've been reading on ip route and that it's possible using this utility but can't understand how to actually do it.

Can someone help me out on this? ThanksLast edited by The Sk on Wed Feb 29, 2012 8:53 pm; edited 1 time in total

----------

## The Sk

I updated the rules with these:

 *Quote:*   

> 
> 
> iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o ppp0 -j MASQUERADE
> 
> iptables -A FORWARD -s 10.10.0.0/24 -o ppp0 -j ACCEPT
> ...

 

and dhcpd.conf with:

 *Quote:*   

> ###wlan0 Access Point: ATT5x7
> 
> subnet 10.10.0.0 netmask 255.255.255.128 {
> 
>   range 10.10.0.0 10.10.0.25;
> ...

 

They seem right but i still can't access the internet from 10.10.0.25(phone) on wlan0 or ping it from my computer. The phone and hostapd does show it is connected though. I will keep looking through googleLast edited by The Sk on Wed Feb 29, 2012 7:24 pm; edited 2 times in total

----------

## Hu

If your phone is assigned an address in 10.10.0.x, then why do you only NAT traffic which has a source address of 10.42.43.x?

----------

## The Sk

My mistake. I copied it from the guide I was using. 

I forwarded with 10.10.0.0/24.

Isn't it strange that I can't ping my phone from the computer even though hostapd shows it's connected?

I hope this doesn't mean I have to configure my phone somehow as I lack the tools.

----------

## Gusar

This

```
iptables -A FORWARD -s 10.10.0.0/24 -o ppp0 -j ACCEPT
```

should be

```
]iptables -A FORWARD -s 10.10.0.0/24 -i wlan0 -j ACCEPT
```

----------

## The Sk

 *Gusar wrote:*   

> This
> 
> ```
> iptables -A FORWARD -s 10.10.0.0/24 -o ppp0 -j ACCEPT
> ```
> ...

 

Question,

Is the IP address supposed to be the one on the phone or the one assigned by my ISP on ppp0?

When I ping the phone I get:

 *Quote:*   

> # ping 10.10.0.25
> 
> PING 10.10.0.25 (10.10.0.25) 56(84) bytes of data.
> 
> From 10.10.0.1: icmp_seq=2 Destination Host Unreachable
> ...

 

I think that means wlan0 isn't routing the packages correctly.

----------

## The Sk

OK.

I tried endless combinations of iptable rules and i still can't access the internet or ping my phone (10.10.0.25).

What else could be amiss?

- All modules have been loaded or built in

- DHCP is running and providing IPs

- hostapd is running and reporting connected devices

Ifconfig:

```
# ifconfig

lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:377 errors:0 dropped:0 overruns:0 frame:0

          TX packets:377 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:35148 (34.3 KiB)  TX bytes:35148 (34.3 KiB)

mon.wlan0 Link encap:UNSPEC  HWaddr 00-1E-2A-D6-3F-7B-00-00-00-00-00-00-00-00-00-00  

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:28 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:1915 (1.8 KiB)  TX bytes:0 (0.0 B)

ppp0      Link encap:Point-to-Point Protocol  

          inet addr:10.184.196.183  P-t-P:172.29.122.162  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:1805 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1873 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3 

          RX bytes:1092544 (1.0 MiB)  TX bytes:305588 (298.4 KiB)

wlan0     Link encap:Ethernet  HWaddr 00:1e:2a:d6:3f:7b  

          inet addr:10.10.0.1  Bcast:10.255.255.255  Mask:255.0.0.0

          inet6 addr: fe80::21e:2aff:fed6:3f7b/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:322 errors:0 dropped:0 overruns:0 frame:0

          TX packets:594 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:28516 (27.8 KiB)  TX bytes:57130 (55.7 KiB)

```

Another thing that happens when I run hostapd is that I lose my internet connection on my computer.

ifconfig wlan0 down solves this.

Any help would be appreciated.

----------

## Carnildo

 *The Sk wrote:*   

> What I'm really trying to accomplish is to forward WAN packets from ppp0 into my LAN in wlan0. I tried setting up NAT in iptables but i can't access the Internet (ppp0) from my phone connected on wlan0 using this guide.

 

If I'm interpreting this correctly, you have a computer of some sort and a phone of some sort.  The computer is connected to a wireless LAN that can access the Internet (wlan0), and the phone is connected to the computer using some sort of IP-compatible connection (ppp0).  You wish to have the phone access the Internet through the computer.  If these assumptions are not correct, then the following won't work.

First, you can't bridge.  Linux doesn't support bridges that include a wifi connection, and I don't know if it supports bridges that involve a PPP connection.  You'll need to set up your computer as a router.

Step 0: Reset everything to the defaults.

Step 1: Put ppp0 and wlan0 on separate subnets.  Right now, wlan0 is using the 10.0.0.0/8 subnet, while ppp0 appears to be on a single-address subnet occupying part of that address space.  Either reduce the size of the wlan0 subnet (10.0.0.0/9 should work) or change ppp0 to use one of the other IPv4 private address spaces (192.168.0.0/16 or 172.16.0.0/12).

Step 2: Activate IP forwarding.  On the computer, run the following command:

```
echo 1 >> /proc/sys/net/ipv4/ip_forward
```

At this point, if you're lucky, things will Just Work.  Try pinging your phone's IP address from the computer.  If you can run ping from your phone, start working your way out to the larger internet: ping the phone's internal IP address, the computer's ppp0 address, the computer's wlan0 address, 8.8.8.8 (Google's public DNS server).  If one of these fails, which one and what error message shows up will give a strong indication of where the fault is.

If, in step 1, you moved ppp0 to one of the other private address spaces, whatever box is on the other end of wlan0 may refuse to do address translation for the phone.  In that case, you'll need to set up NAT on your computer; otherwise, you shouldn't.

If things fail, please provide the results of the following:

```
$ ifconfig -a

$ route -n

$ iptables -t nat -n -L

$ iptables -n -L
```

----------

## Gusar

Your posts are very confusing, I have no idea what kind of a setup you actually have. My understanding was actually the opposite of what Carnildo understood. I thought ppp0 is the internet connection and you want to share that connection via wlan0 to the phone.

You'll have to be a lot more clear about what exactly is it that you want.

----------

## The Sk

Thanks for the reply Carnildo. 

The setup is:

Internet USBMODEM <-------- ppp0 | COMPUTER | wlan0 (AP 10.10.0.1) ----------> Phone (LAN Range 10.10.0.0-10.10.0.0.25)

I can't switch the subnet on ppp0 since it is assigned by my ISP.

route -n

 *Quote:*   

> 
> 
> # route -n
> 
> Kernel IP routing table
> ...

 

ifconfing -a

 *Quote:*   

> 
> 
>  # ifconfig -a
> 
> eth0      Link encap:Ethernet  HWaddr 00:1e:90:1e:5c:31  
> ...

 

My iptables are clear.

After endless rules on iptables, I figure the problem must lie on the ip route setup i have. As you can see there is no gateway with 10.10.0.1 in the routes on wlan0. It only shows the one in bold. This must be the problem, right?

----------

## Gusar

 *The Sk wrote:*   

> It only shows the one in bold. This must be the problem, right?

 

No. Gateway is the one to the internet, which is ppp0. So those routes looks fine. As does ifconfig output. So now just set up iptables:

```
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o ppp0 -j MASQUERADE

iptables -I INPUT -i wlan0 -j ACCEPT

iptables -A FORWARD -s 10.10.0.0/24 -i wlan0 -j ACCEPT

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
```

Now assuming hostapd and dhcpd are running, this should be it. I haven't used hostapd yet though, just ad-hoc. So I can't help with configuring that.

----------

## The Sk

Thanks Guasr.

It still doesn't ping my phone, host unreachable. I'm going to try another method besides hostapd to see if it works. Thanks again

----------

## Gusar

Why exactly are you pinging your phone? Are you sure the phone even allows it?

----------

## The Sk

 *Gusar wrote:*   

> Why exactly are you pinging your phone? Are you sure the phone even allows it?

 

Thanks gusar, you sent me on the right direction.

These rules are working now:

```
# iptables --list-rules

-P INPUT ACCEPT

-P FORWARD ACCEPT

-P OUTPUT ACCEPT

-A INPUT -i wlan0 -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW -j ACCEPT

-A INPUT -p udp -m udp --sport 1024:65535 --dport 80 -m state --state NEW -j ACCEPT

-A FORWARD -s 10.10.0.0/25 -i wlan0 -j ACCEPT

-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# iptables --list-rules -t nat

-P PREROUTING ACCEPT

-P INPUT ACCEPT

-P OUTPUT ACCEPT

-P POSTROUTING ACCEPT

-A POSTROUTING -o ppp0 -j MASQUERADE

```

Thanks everyone =)

----------

## Hu

 *The Sk wrote:*   

> 
> 
> ```
> # iptables --list-rules
> 
> ...

 These rules are redundant.  As written, packets on INPUT will be accepted because:it came in on wlan0it is ICMPit is TCP to the web server you are running locallyit is UDP to port 80 locally (why?)No other reason, so the default of ACCEPT applies.Packets being forwarded will be accepted because:it is forwarded from the phone subnet and came in wlan0it is part of an established connectionNo other reason, so the default of ACCEPT applies.Packets generated locally will be accepted because:it is part of an established connectionNo other reason, so the default of ACCEPT applies.

----------

## The Sk

Hu, You're completely right.

I took them off and it still works.

I guess it was solved by updating hostapd to it's most current version.

----------

