ssh breaks after Port Forwarding

[pbukowski]

Hi,

I have setup my Raspberry Pi 3 as an additional router in my house. The goal was to allow it to work as a Wireless Access Point, so that people who connect to it, can surf the internet. I followed the latest instructions to do that and that part works fine.

Part of the instructions require me to make changes inside this config file:
sudo nano /etc/network/interfaces

allow-hotplug wlan0
iface wlan0 inet static
address 192.168.0.201 (1 higher than the ethernet port)
netmask 255.255.255.0
network 192.168.0.200
broadcast 192.168.0.255
# wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

up sysctl -w net.ipv4.ip_forward=1

# restart hostapd and dnsmasq
   up /etc/init.d/hostapd restart
    up /etc/init.d/dnsmasq restart


After rebooting which runs the above code, it breaks my ssh ability (using Putty). I am attempting to connect to the pi from my main router inside my local network. The Pi has it's eth0 set to static 192.168.0.200. It also has it's wlan0 set to static 192.168.0.201. My main router which stands between the pi and the internet has static 192.168.0.2. As I attempt to initiate the ssh connection, it just hangs and eventually times out. If I remove the sudo iptables commands from inside the above file, I am able to successfully connect with ssh.

Can anyone please help me to correct the problem?

Thanks !
Paul

[DougieLawson]

If you're running Raspbian Jessie then that stuff you've added to /etc/network/interfaces will break your networking. Add static IP defintions to /etc/dhcpcd.conf

Code: Select all

interface eth0
static ip_address=192.168.0.201/24
static routers=192.168.0.254
static domain_name_servers=192.168.0.254 8.8.8.8
#
interface wlan0
static routers=192.168.0.254
static domain_name_servers=192.168.0.254 8.8.8.8
static domain_search=example.co.uk
static ip_address=192.168.0.202/24

[pbukowski]

I am indeed running Jessie. The instructions stated to apply the commands within that file.

[drgeoff]

The comment lines at the top of /etc/network/interfaces in Jessie trump those old instructions you followed.

[DougieLawson]

I am indeed running Jessie. The instructions stated to apply the commands within that file.

Undo your changes and do it properly using the September 2015 (and beyond) instructions not the old out of date stuff from 2014 (or before). Networking and the instructions for setting a static IP address changed with Raspbian Jessie. That came out a year ago.

[mfa298]

I have setup my Raspberry Pi 3 as an additional router in my house. The goal was to allow it to work as a Wireless Access Point,

Wireless access point often means a bridged network connection (i.e. the wifi devices are on the same subnet as the wired interface). Router implies that the two interfaces are on different networks

allow-hotplug wlan0
iface wlan0 inet static
address 192.168.0.201 (1 higher than the ethernet port)
netmask 255.255.255.0
network 192.168.0.200
broadcast 192.168.0.255
# wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

As well as the comments others have made about editing the right files.
If this is a routed subnet then the addresses should be on different networks i.e. you should change the 3rd digit.

You're network address is also wrong, the network address is the very first address on the network (with the broadcast being the very last address). You shouldn't normally need to specify these however for a device with an address of 192.168.0.201/24 the network address would be 192.168.0.0 and the broadcast is 192.168.0.255 ( the /24 is an alternative way of writing 255.255.255.0 as the subnet mask)

I'd suggest setting the wlan interface as something like 192.168.1.254 (if you want to configure them the network address is 192.168.1.0 and broadcast 192.168.1.255). You'll then need to update any dhcp server you setup on the Pi (dnsmasq) to give out addresses in the 192.168.1.0 range.

[pbukowski]

Thanks everyone for all the suggestions. I will try again tonight and will let you know if it works ok.