First, thank you for reading and possibly answering my question.
On a A computer, an opensuse 12.3 x86_64 has been installed, connected
to internet via wlan1 (ip address 192.168.1.74) and to a LAN via eth0
(192.168.177.1).
Of course, wlan1 has been assigned to the external zone of the firewall, and eth0 to the internal.
I can access all the services on A from a B computer on my LAN. I can go on internet from A, but I can’t have an access to internet from B, nor even ping the wifi hub (192.168.1.1) connected to wlan1. In other words, no route. However /proc/sys/net/ipv4/ip_forward is 1, same stuff in /etc/sysctl.conf
I can’t route with or even without firewall, i.e. ‘iptables -L’ ACCEPTs everything.
‘ip route list’ returns:
default via 192.168.1.1 dev wlan1
127.0.0.0/8 dev lo scope link
169.254.0.0/16 dev eth0 scope link
192.168.1.0/24 via 192.168.1.1 dev wlan1
192.168.177.0/24 dev eth0 proto kernel scope link src 192.168.177.1
I was able to route my connection before. Do I really need masquerading ?
On 04/28/2013 08:56 AM, skylendar wrote:
>
> First, thank you for reading and possibly answering my question.
>
> On a A computer, an opensuse 12.3 x86_64 has been installed, connected
> to internet via wlan1 (ip address 192.168.1.74) and to a LAN via eth0
> (192.168.177.1).
>
> Of course, wlan1 has been assigned to the external zone of the
> firewall, and eth0 to the internal.
>
> I can access all the services on A from a B computer on my LAN. I can
> go on internet from A, but I can’t have an access to internet from B,
> nor even ping the wifi hub (192.168.1.1) connected to wlan1. In other
> words, no route. However /proc/sys/net/ipv4/ip_forward is 1, same stuff
> in /etc/sysctl.conf
>
> I can’t route with or even without firewall, i.e. ‘iptables -L’ ACCEPTs
> everything.
>
> ‘ip route list’ returns:
>
> default via 192.168.1.1 dev wlan1
> 127.0.0.0/8 dev lo scope link
> 169.254.0.0/16 dev eth0 scope link
> 192.168.1.0/24 via 192.168.1.1 dev wlan1
> 192.168.177.0/24 dev eth0 proto kernel scope link src 192.168.177.1
>
> I was able to route my connection before. Do I really need masquerading
Yes, I think you need masquerading as those 192.168.177.X addresses cannot be
routed through a 192.168.1.X network without it. In addition, you need iptables
rules to forward packets from eth0 to wlan1 and back. Copy the shell code below
to a script file, make it executable, and running it (as root) after every
reboot should do the trick.
#!/bin/sh
IPTABLES=/usr/sbin/iptables
NET_INT=eth0
NET_EXT=wlan1
#Set up forwarding
$IPTABLES -t nat -A POSTROUTING -o $NET_EXT -j MASQUERADE
$IPTABLES -A FORWARD -i $NET_EXT -o $NET_INT -m state \
--state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $NET_INT -o $NET_EXT -j ACCEPT
# Enable packet forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward