Otdfbt

What is the color associated with lukewarm?

Do items with curse of vanishing disappear from shulker boxes?

Why is gun control associated with the socially liberal Democratic party?

Is it possible to install Firefox on Ubuntu with no desktop enviroment?

How do you translate “talk shit”?

How can I detect if I'm in a subshell?

Do legislators hold the right of legislative initiative?

The last tree in the Universe

Nth term of Van Eck Sequence

Can Dive Down protect a creature against Pacifism?

Idiom for 'person who gets violent when drunk"

What should I be aware of in buying second-hand sinks and toilets?

Is it a good security practice to force employees hide their employer to avoid being targeted?

How do credit card companies know what type of business I'm paying for?

Are there any rules for identifying what spell an opponent is casting?

How many times to repeat an event with known probability before it has occurred a number of times

Digital signature that is only verifiable by one specific person

Is it unethical to quit my job during company crisis?

Is there a risk to write an invitation letter for a stranger to obtain a Czech (Schengen) visa?

Are athletes' college degrees discounted by employers and graduate school admissions?

Can I give my friend the sour dough "throw away" as a starter to their sourdough starter?

Is it possible to have battery technology that can't be duplicated?

How can Caller ID be faked?

Print the phrase "And she said, 'But that's his.'" using only the alphabet

Iptables packet forwarding vs NAT

Marking packets with iptables with a NATLinux IPTables Destination NAT with Asymmetrical Routing?iptables port forwardingiptables NAT with multiple interfacesNAT, iptables and problematic portsNAT / Port Forwarding with iptables firewallHow to configure iptables rules for connecting 2 eth to the net (forwarding & masquerading)CentOS, dual route, natiptables foward to multiple interfaces with NATBlock linux bridge traffic (only one way) using iptables or ebtables

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

-1

From what I have read on packet forwarding, in case of a multihomed host that is connected to two different networks, packet forwarding allows packets to travel from one network to another through its two network interfaces.

Given the above, I have a Raspberry Pi setup with its WiFi connected to the Internet via a router. The WiFi interface has an IP address of 10.0.0.10 obtained via DHCP from the router. I have the RPI's Ethernet interface connected to a computer. The Ethernet interface has a static IP address of 192.168.0.1 and the computer obtains an IP address 192.168.0.15 from the DHCP server running on the RPI. The setup looks like this:

Router[10.0.0.1] <--> RPI WiFi[10.0.0.10] <--> RPI Ethernet[192.168.0.1] <--> PC[192.168.0.15]

Going by the definition of packet forwarding for a multihomed host, on applying the following Iptable rules that forwards packets from RPI's Ethernet to WiFi, I expect the computer to be able to ping the router [10.0.0.1] and also connect to the Internet.

iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

However, things do not work as I expected. Whereas, on removing the above rules and adding the NAT rule:

iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

The computer is able to connect to the Internet.

• Why doesn't the packet forwarding work?


• Or if it works why can't I ping or get the computer to access the Internet?


• What would I need to do to have all traffic on the Ethernet interface go out via the WiFi?

Note: I have forwarding enabled on the RPI.

iptables nat forwarding raspbian

share|improve this question

asked May 30 at 17:54

JohnJohn

99

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  You need the masquerade because the router has no idea that the 192.168.0.0/24 network is reachable via the raspberry pi. Masquerade changes the address to that of the pi, which the router knows how to reach (it's the same local network).
  
  – yoonix
  May 30 at 17:57
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @yoonix Just to re-phrase, what you are saying is the computer is able to reach the router via forwarding, however, the router itself is not able to respond to the ping or send the requested webpage back to the computer as it cannot reach the 192.168.0.0/24 network? Then a question arises, can we masquerade without NATting? What other options do we have to enable cross communication?
  
  – John
  May 30 at 18:07
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @John, you would need to add a route to the router so that it knows that it can reach the 192.168.0.0/24 network via the RPi. The steps for doing that depend greatly on your router model, and may in fact not be possible.
  
  – Joel C
  May 30 at 19:14
  

  
  
  
  

add a comment | 

-1

From what I have read on packet forwarding, in case of a multihomed host that is connected to two different networks, packet forwarding allows packets to travel from one network to another through its two network interfaces.

Given the above, I have a Raspberry Pi setup with its WiFi connected to the Internet via a router. The WiFi interface has an IP address of 10.0.0.10 obtained via DHCP from the router. I have the RPI's Ethernet interface connected to a computer. The Ethernet interface has a static IP address of 192.168.0.1 and the computer obtains an IP address 192.168.0.15 from the DHCP server running on the RPI. The setup looks like this:

Router[10.0.0.1] <--> RPI WiFi[10.0.0.10] <--> RPI Ethernet[192.168.0.1] <--> PC[192.168.0.15]

Going by the definition of packet forwarding for a multihomed host, on applying the following Iptable rules that forwards packets from RPI's Ethernet to WiFi, I expect the computer to be able to ping the router [10.0.0.1] and also connect to the Internet.

iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

However, things do not work as I expected. Whereas, on removing the above rules and adding the NAT rule:

iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

The computer is able to connect to the Internet.

• Why doesn't the packet forwarding work?


• Or if it works why can't I ping or get the computer to access the Internet?


• What would I need to do to have all traffic on the Ethernet interface go out via the WiFi?

Note: I have forwarding enabled on the RPI.

iptables nat forwarding raspbian

share|improve this question

asked May 30 at 17:54

JohnJohn

99

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  You need the masquerade because the router has no idea that the 192.168.0.0/24 network is reachable via the raspberry pi. Masquerade changes the address to that of the pi, which the router knows how to reach (it's the same local network).
  
  – yoonix
  May 30 at 17:57
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @yoonix Just to re-phrase, what you are saying is the computer is able to reach the router via forwarding, however, the router itself is not able to respond to the ping or send the requested webpage back to the computer as it cannot reach the 192.168.0.0/24 network? Then a question arises, can we masquerade without NATting? What other options do we have to enable cross communication?
  
  – John
  May 30 at 18:07
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @John, you would need to add a route to the router so that it knows that it can reach the 192.168.0.0/24 network via the RPi. The steps for doing that depend greatly on your router model, and may in fact not be possible.
  
  – Joel C
  May 30 at 19:14
  

  
  
  
  

add a comment | 

From what I have read on packet forwarding, in case of a multihomed host that is connected to two different networks, packet forwarding allows packets to travel from one network to another through its two network interfaces.

Given the above, I have a Raspberry Pi setup with its WiFi connected to the Internet via a router. The WiFi interface has an IP address of 10.0.0.10 obtained via DHCP from the router. I have the RPI's Ethernet interface connected to a computer. The Ethernet interface has a static IP address of 192.168.0.1 and the computer obtains an IP address 192.168.0.15 from the DHCP server running on the RPI. The setup looks like this:

Router[10.0.0.1] <--> RPI WiFi[10.0.0.10] <--> RPI Ethernet[192.168.0.1] <--> PC[192.168.0.15]

Going by the definition of packet forwarding for a multihomed host, on applying the following Iptable rules that forwards packets from RPI's Ethernet to WiFi, I expect the computer to be able to ping the router [10.0.0.1] and also connect to the Internet.

iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

However, things do not work as I expected. Whereas, on removing the above rules and adding the NAT rule:

iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

The computer is able to connect to the Internet.

• Why doesn't the packet forwarding work?


• Or if it works why can't I ping or get the computer to access the Internet?


• What would I need to do to have all traffic on the Ethernet interface go out via the WiFi?

Note: I have forwarding enabled on the RPI.

iptables nat forwarding raspbian

share|improve this question

asked May 30 at 17:54

JohnJohn

99

share|improve this question

asked May 30 at 17:54

JohnJohn

99

share|improve this question

asked May 30 at 17:54

JohnJohn

99

asked May 30 at 17:54

JohnJohn

99

asked May 30 at 17:54

JohnJohn

99