Raspberry Pi Forums

A small, affordable computer with free resources to help people learn, make things, and have fun
https://www.raspberrypi.org/forums/

WiFi to Ethernet Port Forwording

https://www.raspberrypi.org/forums/viewtopic.php?f=28&t=157928

Page 1 of 1

WiFi to Ethernet Port Forwording

Posted: Mon Aug 22, 2016 9:02 pm
by Andre512
Hi,

I want to make my Pi to a WiFi to ethernet adapter. I created a subnet on eth0 (192.168.2.1). With iptables I managed to get internet from wlan0 (192.168.178.127) on my device (192.168.2.12). Now I would like to access port 80 throug 192.168.178.127:8080, but I don't get it running. :x

Here is my /etc/network/iptables:

Code: Select all

# Generated by iptables-save v1.4.21 on Mon Aug 22 21:56:13 2016
*mangle
:PREROUTING ACCEPT [59751:4052548]
:INPUT ACCEPT [59082:3875084]
:FORWARD ACCEPT [603:174099]
:OUTPUT ACCEPT [58194:5293464]
:POSTROUTING ACCEPT [58872:5477840]
COMMIT
# Completed on Mon Aug 22 21:56:13 2016
# Generated by iptables-save v1.4.21 on Mon Aug 22 21:56:13 2016
*nat
:PREROUTING ACCEPT [259:24459]
:INPUT ACCEPT [115:16286]
:OUTPUT ACCEPT [1797:108988]
:POSTROUTING ACCEPT [1690:101864]
-A POSTROUTING -o wlan0 -j SNAT --to-source 192.168.178.127
-A POSTROUTING -o wlan0 -j SNAT --to-source 192.168.178.127
COMMIT
# Completed on Mon Aug 22 21:56:13 2016
# Generated by iptables-save v1.4.21 on Mon Aug 22 21:56:13 2016
*filter
:INPUT ACCEPT [59085:3875436]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [58197:5293816]
-A FORWARD -i eth0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Mon Aug 22 21:56:13 2016
I created it with this script:

Code: Select all

#!/bin/sh
 IPT=/sbin/iptables
 LOCAL_IFACE=eth0
 INET_IFACE=wlan0
 INET_ADDRESS=192.168.178.127
# Flush the tables
 $IPT -F INPUT
 $IPT -F OUTPUT
 $IPT -F FORWARD
 $IPT -t nat -P PREROUTING ACCEPT
 $IPT -t nat -P POSTROUTING ACCEPT
 $IPT -t nat -P OUTPUT ACCEPT
# Allow forwarding packets:
 $IPT -A FORWARD -p ALL -i $LOCAL_IFACE -o $INET_IFACE -j ACCEPT
 $IPT -A FORWARD -i $INET_IFACE -o $LOCAL_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
# Packet masquerading
 $IPT -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_ADDRESS
 $IPT -A PREROUTING -t nat -i $INET_IFACE -p tcp --dport 8080 -j DNAT --to 192.168.2.12:80
 $IPT -A FORWARD -p tcp -d 192.168.2.12 --dport 80 -j ACCEPT
And here is my /etc/network/interfaces:

Code: Select all

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet static
  address 192.168.2.1
  network 192.168.2.0
  netmask 255.255.255.0
  broadcast 192.168.2.255
  gateway 192.168.2.1


allow-hotplug wlan0
iface wlan0 inet static
  address 192.168.178.127
  network 192.168.178.0
  netmask 255.255.255.0
  broadcast 192.168.178.255
  gateway 192.168.178.1
  wpa-ssid "MYSSID"
  wpa-psk "MYPASSWORD"

pre-up iptables-restore < /etc/network/iptables
Thanks,
Andre

Re: WiFi to Ethernet Port Forwording

Posted: Tue Aug 23, 2016 1:14 pm
by mfa298
your /etc/network/iptables doesn't appear to have the PREROUTING rule in it.

Rather than having the pre-up line in your interfaces file you can also use the iptables-persistent package to do the same thing (it puts the same format file in /etc/iptables/rules.v4)

Re: WiFi to Ethernet Port Forwording

Posted: Wed Aug 24, 2016 9:39 am
by Andre512
Thanks, now it runs.

With this configuration in /etc/network/iptables it works:

Code: Select all

# Generated by iptables-save v1.4.21 on Wed Aug 24 11:05:05 2016
*filter
:INPUT ACCEPT [18:1496]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [14:778]
-A FORWARD -d 192.168.2.12/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -i eth0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed Aug 24 11:05:05 2016
# Generated by iptables-save v1.4.21 on Wed Aug 24 11:05:05 2016
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [2:120]
:POSTROUTING ACCEPT [2:120]
-A PREROUTING -i wlan0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.2.12:80
-A POSTROUTING -o wlan0 -j SNAT --to-source 192.168.178.127
COMMIT
# Completed on Wed Aug 24 11:05:05 2016
# Generated by iptables-save v1.4.21 on Wed Aug 24 11:05:05 2016
*mangle
:PREROUTING ACCEPT [49:4198]
:INPUT ACCEPT [41:3656]
:FORWARD ACCEPT [8:542]
:OUTPUT ACCEPT [30:1660]
:POSTROUTING ACCEPT [38:2202]
COMMIT
# Completed on Wed Aug 24 11:05:05 2016
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/