Linux/Android devices connected by WiFi require iptables to add NEW state in FORWARD chain for external interface to connect to internet

Question

Iptables rule for external interface (ens33 has a public IP):

iptables -A FORWARD -i ens33 -m state --state ESTABLISHED,RELATED -j ACCEPT

allows access to internet for all computers connected to wired LAN and Windows laptops connected by a wireless Access Point. But Android smartphones and Linux laptops connected by the same WiFi AP have a problem "connected, but no internet" - they have access to all local computers, but not to internet. If I change above rule to:

iptables -A FORWARD -i ens33 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT

then all devices have access to internet.

Why do Linux/Android wireless devices require adding a "NEW" state to connect to internet?

Here is a complete iptables script: iptables_tests.sh

Networks in the script:

10.215.121.0 - our internal network for all devices, wired and wireless

10.121.216.0 - our VPN network for remote workers

10.171.172.0 - second company network, VPN tunnel 1

10.10.3.19 - third company server, VPN tunnel 2

I left a new rule "FORWARD ... NEW" as it is above - I don't like this, but I have no idea, what better configuration could I use. — Artur, Nov 17 '21 at 15:03

Linux/Android devices connected by WiFi require iptables to add NEW state in FORWARD chain for external interface to connect to internet

0 Answers0