# NetworkManager connection sharing + port forwarding

## big_gie

Hi,

I connect to my wireless network through NetworkManager. In addition I have another computer connected to the first one through ethernet. I'm using NetworkManager to share the wireless connection of the first computer to the second one. Here's a diagram:

```
                Internet

                    |

                Wireless router (internal ip: 10.0.1.1)

                    |

                (Wifi)

                    |

Computer 1:     wlan0         eth0

                10.0.1.3      10.42.0.1

                                |

Computer 2:                   eth0

                              10.42.0.48
```

This setup works; Computer 2 has internet access. Additionally I can VNC or RDP from Computer 1 to 2.

Now I want to do some port forwarding so I can access the second computer from the wifi network (10.0.1.*), for example VNC (port 5900).

I couldn't find anything in NetworkManager to do that, so I tried iptables directly but without success. Here's an example of command I've tried (ran on Computer 1):

```
# iptables -A PREROUTING -t nat -i wlan0 -p tcp --dport 5900 -j DNAT --to 10.42.0.48:5900

# ptables -A FORWARD -p tcp -d 10.42.0.48 --dport 5900 -j ACCEPT
```

But this did not work, or anything else for that mater. To test, I run (on Computer 1):

```
vncviewer 10.0.1.3 ::5900
```

or even

```
telnet 10.0.1.3 5900
```

but I always get connection refused.

Any idea or suggestion as to how to setup iptables correctly?

Thanks!

----------

## eyoung100

Does this Help   :Question: 

Wired/Wireless Forwarding

----------

## big_gie

Thanks for your suggestion.

Unfortunately, it is far from what I am trying to achieve... Maybe I did not explained it correctly?

My wireless network is not fast enough for transfers between my workstation and a second computer. So instead of using a wireless connection for the second one I directly plug both computers using an ethernet cable. That way the network transfer between the two is super fast.

This network setup is configured on my workstation using NetworkManager which sets up these iptables rules:

```
iptables -nL

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67

ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  0.0.0.0/0            10.42.0.0/24         state RELATED,ESTABLISHED

ACCEPT     all  --  10.42.0.0/24         0.0.0.0/0           

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable                                                                                                                                                                                

                                                                                                                                                                                                                                                                               

Chain OUTPUT (policy ACCEPT)                                                                                                                                                                                                                                                   

target     prot opt source               destination
```

From what I understand, it basically forwards everything it receives from the wired network (10.42.0.0/24) to anywhere required, effectively giving internet access to the second computer.

But by putting the second computer behind my workstation my colleagues, which are on the wireless network, cannot access the machine anymore (for smaller data transfers, VNC or remote desktop).

My idea was to add some port forwarding on my workstation using iptables so they could access the second computer (through the wireless network).

The different rules I tried did not worked, so I guess I might have an error in my iptables rule. But my knowledge of iptables is not strong enough... Additionally, I'm not sure how to test this without bugging my colleagues. I guess the packet s generated for testing (using vncviewer or telnet) should be sent to the right interface...

I'm probably wrong on many aspects! Hopefully someone will understand all this  :Wink: 

Thanks again!

----------

## eyoung100

```
ACCEPT     all  -- 10.42.0.48       10.0.1.3        state RELATED,ESTABLISHED 

ACCEPT     all  --  10.0.1.3         0.0.0.0/0 
```

The problem is 10.42 and 10.0 are on different subnets...

----------

## big_gie

 *eyoung100 wrote:*   

> The problem is 10.42 and 10. are on different subnets...

 

Hum ok... so you suggest changing the iptables rule as what you pasted so the packets can go from one to the other, it that it?

----------

## eyoung100

No, I'm suggesting it would be easier to put all the machines on 10.0.1.x

----------

## big_gie

Ok. I don't have control over them though; my workstation's subnet is set by the office's router (which I don't control) and the second computer's subnet is set by my workstation's NetworkManager...

----------

## lm_66

I recently had a similar setup and problem, and found out the problem is not different subnets.

What finally helped for me was using:

```

# iptables -I FORWARD -p tcp -d 10.42.0.48 --dport 5900 -j ACCEPT

```

instead of

```

# iptables -A FORWARD -p tcp -d 10.42.0.48 --dport 5900 -j ACCEPT

```

I.e. insert the rule at the beginning instead of appending at the end of the chain.

----------

