Allowing internet access overt ppp0 from eth2

1

So i'm trying to set up access over a hotspot to internet via a ppp0 interface (similar to a 4g dongle).

I've setup the default route with highest priority (Metric 1) for ppp0.

Set all iptable policies to ALLOW and enabled ip forwarding (as below) but I still cannot ping 

ping -I eth2 8.8.8.8

Note that ping -I ppp0 8.8.8.8 works and also the default one (ping 8.8.8.8) goes over ppp0

Here is my configuration

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.16.172.175   0.0.0.0         UG    1      0        0 ppp0
0.0.0.0         192.168.0.1     0.0.0.0         UG    10     0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.82.0    0.0.0.0         255.255.255.0   U     0      0        0 eth2

# cat /proc/sys/net/ipv4/ip_forward
1

iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P POSTROUTING ACCEPT

Sorin C

Posted 2019-11-23T11:29:03.297

Reputation: 11

1You need to NAT or masquerade outgoing packets, otherwise they won't have a valid IP address to return to. – davidgo – 2019-11-23T23:28:00.113

That is correct. However I still don't have the pings going through iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE and iptables -A FORWARD -i eth2 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT and iptables -A PREROUTING -i eth2 -j ACCEPT – Sorin C – 2019-11-25T10:04:05.027

Answers

0

Only the port forward is not enough.

The devices on your local wifi network have the IP 192.168.0.* . You set up them to forward to your router. Then your router forwards their packets to the Internet - without changing them.

The problem is that only your router knows, how to handle 192.168.0.*, because it is a local address space.

You need to set up your IP masquerading on your router. Essentially, it needs to alter the outgoing packets on a way, as if they would came from him, directly. Of course it needs to do the reverse to the incoming packets. More details can you read here.

Beside that, you need also a DHCP server for network autoconfiguration, and at least a local caching DNS server would be also useful.

peterh - Reinstate Monica

Posted 2019-11-23T11:29:03.297

Reputation: 2 043

So the DHCP is running for eth2 and it gives IP is in the rage 192.168.82.* and the gateway being 192.168.82.1. – Sorin C – 2019-11-25T09:48:22.103

You're right. I enabled also the masquerading though iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE and iptables -A FORWARD -i eth2 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT and iptables -A PREROUTING -i eth2 -j ACCEPT – Sorin C – 2019-11-25T10:01:07.117

@SorinC That looks good, but not enough - you need also a DHCP server on your network, or your devices will see the net only with manual IP settings. They won't be able to get the network settings automatically (most end-user requires that). – peterh - Reinstate Monica – 2019-11-25T10:25:13.767

the dhcp is there. When I connect to eth2 (which is an access point) i'm being issued an IP – Sorin C – 2019-11-25T14:12:19.717

Asked: 2019-11-23T11:29:03.297

Viewed: 50 times

Active: 2019-11-24T21:58:27.197