Connected to hostapd hotspot but no Internet

0

I'm setting up a Gentoo Linux home router with following configuration:

  • eth0: connected to WAN (managed by systemd-networkd)
  • wlan0: access point for LAN (managed by hostapd)

I use dnsmasq as DNS and DHCP server for the LAN machines.

Current problem: I can connect to the router but no internet connection from the clients.

Few information:

  • Client nameserver: router's IP.
  • Ping from the router to google.com is normal.
  • Ping from client machines to router is normal.
  • Ping from client machines to google.com always timeout (but the domain name is resolved)
  • Router: iptables -t {filter,nat,mangle,raw} -L shows all chains in all tables have policies ACCEPT
  • Router: iptables -t nat -L shows expected result of iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  • Confirmed sys.net.ipv4.ip_forward = 1

I tested those above on different client machines, and those client machines are tested to work well with other wifi hotspots.

I have no idea on how to troubleshoot this problem, it seems like following the regular procedure but the internet access from client is just simple not working. Any hint on what to check next or idea on how to fix this problem will be greatly appreciated!

EDIT:

The issue here looks similar to this one: Traffic not being forwarded through NAT. However, I have indeed confirmed sys.net.ipv4.ip_forward = 1.

Take the router as A and a client as B.

ifconfig on B:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether xx:xx:xx:xx:xx:xx
    inet6 fe80::xxxx:xxxx:xxxx:xxxx%en0 prefixlen 64 scopeid 0x4
    inet 192.168.1.62 netmask 0xffffff00 broadcast 192.168.1.255
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active

ifconfig on A:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet xx.xx.xx.154  netmask 255.255.254.0  broadcast xx.xx.xx.255
        inet6 fe80::xxxx:xxxx:xxxx:xxxx  prefixlen 64  scopeid 0x20<link>
        ether xx:xx:xx:xx:xx:xx  txqueuelen 1000  (Ethernet)
        RX packets 251116  bytes 22652889 (21.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11731  bytes 979877 (956.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  memory 0xdf100000-df120000

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.199  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::xxxx:xxxx:xxxx:xxxx  prefixlen 64  scopeid 0x20<link>
        ether xx:xx:xx:xx:xx:xx  txqueuelen 1000  (Ethernet)
        RX packets 12867  bytes 1090816 (1.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1272  bytes 306689 (299.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

iptables -S on A:

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

iptables -S -t nat on A:

-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -o eth0 -j MASQUERADE

ping -n google.com on A:

PING google.com (216.58.192.206) 56(84) bytes of data.
64 bytes from 216.58.192.206: icmp_seq=1 ttl=57 time=1.29 ms
64 bytes from 216.58.192.206: icmp_seq=2 ttl=57 time=1.52 ms
[continued]

ping -n google.com on B:

PING google.com (216.58.192.206): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
[continued]

traceroute -i en0 8.8.8.8 on B:

traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
 1  192.168.1.199 (192.168.1.199)  2.054 ms  2.033 ms  2.018 ms
 2  * * *
 3  * * *
 4  * * *

Shou Ya

Posted 2016-04-05T21:33:43.023

Reputation: 967

Answers

1

edit /etc/sysctl.conf to include this line, then reboot:

net.ipv4.ip_forward=1

Martijn van Wezel

Posted 2016-04-05T21:33:43.023

Reputation: 123

0

I figured it out that I have set the kernel flag ip_forward before I set up the iptables rule. I found that if I disable and enable it again after everything the NAT will work well. So now I put echo 1 > /proc/sys/net/ipv4/ip_forward after iptables command in my script and it's working!

I still don't know about the mechanism of why the order matters so much. Any explanation will still be welcomed.

Shou Ya

Posted 2016-04-05T21:33:43.023

Reputation: 967

/proc value is what is loaded, /etc is whats loaded from boot into the proc – Martijn van Wezel – 2018-11-02T18:13:00.400