RedCat962
Posts: 9
Joined: Tue Dec 05, 2017 5:24 pm

How to raise NAT on the raspberry

Wed Dec 06, 2017 3:56 pm

Hi all!
I ask help from the collective consciousness because Google rejects all my desires to know the truth! ))
There is such a task:
- optics are entered into the house;
- from the optics goes the cable to the raspberries;
- on the raspberry is configured wifi AP access point to which several devices are connected with the static IPs written in them;
- How can I get access to the final devices from the outside (from the big Internet) ???

About the port forwarding on the modem (optics) I know, to the raspberry connected through the cable access from the Internet have, how to reach the devices connected through wifi raspberries?
I'm hoping for your help. :roll:

drgeoff
Posts: 8440
Joined: Wed Jan 25, 2012 6:39 pm

Re: How to raise NAT on the raspberry

Wed Dec 06, 2017 6:20 pm

You should only have one NAT. If your "modem" is really a modem then port forwarding is not applicable to it. If it actually includes a NAT router then yes you need port forwarding there but not on your RPi. You say that the RPi is an AP. The term "AP" does not mean that it includes a router.

So please describe accurately what you have.

User avatar
topguy
Posts: 4736
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: How to raise NAT on the raspberry

Wed Dec 06, 2017 6:26 pm

I think it would be helpful for people to know more about how you configured the AP on the Pi and how your current ip-tables look.

Relevant thread I think: https://raspberrypi.stackexchange.com/q ... ding-my-pc

RedCat962
Posts: 9
Joined: Tue Dec 05, 2017 5:24 pm

Re: How to raise NAT on the raspberry

Thu Dec 07, 2017 4:39 pm

drgeoff wrote:
Wed Dec 06, 2017 6:20 pm
So please describe accurately what you have.
OK, I described the problem is not entirely clear.

I have optic router. The input of the optical cable is connected to the router, which has an ethertnet and wifi interfaces. By ethertnet cable to the router is connected Raspberry Pi (eth0). At the Raspberry another Wi-Fi access point is configured. Some devices are connected to the access point on Raspberry by wifi (wlan0).
The router is configured for port forwarding and I have access from the Internet to the Raspberry by the IP on the interface eth0.
Now it's all set up and working. The devices connected to the raspberry through the wlan0 have access to the Internet.

The problem is how to configure access to these devices from the Internet?
WAN --> Router --> Raspberry (eth0) --> Raspberry (wlan0) --> ESP8266 web server.
I can't configure access to the ESP8266 web server from Internet.

drgeoff
Posts: 8440
Joined: Wed Jan 25, 2012 6:39 pm

Re: How to raise NAT on the raspberry

Thu Dec 07, 2017 7:54 pm

You should be setting up the RPI as a Wi-Fi Access Point. (No routeing, no NAT, no DHCP server.) The devices connecting to the RPI Wi-Fi will be on the router's subnet and you can port forward from the router to the IP address of the ESP8266.

https://www.raspberrypi.org/documentati ... et-sharing

RedCat962
Posts: 9
Joined: Tue Dec 05, 2017 5:24 pm

Re: How to raise NAT on the raspberry

Fri Dec 08, 2017 3:23 pm

Thank you for your reply!
I've read this article and I know how to set up a bridge-type connection. There is a small problem. On the 4.4.x kernel, Raspberry work unstably, this bug was fixed in older versions of the kernel. But on the 4.9 version of the kernel, I do not have a LCD screen, since the firmware for it is only for the 4.4.x kernel. I could not find the LCD driver for the 4.9.x kernel.
So I'm looking for ways to get out of this situation.

User avatar
topguy
Posts: 4736
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: How to raise NAT on the raspberry

Fri Dec 08, 2017 3:39 pm

Maybe you should tell us more about this LCD screen then.

RedCat962
Posts: 9
Joined: Tue Dec 05, 2017 5:24 pm

Re: How to raise NAT on the raspberry

Fri Dec 08, 2017 6:03 pm

The most common Chinese screen for Raspberry, like this: https://www.ebay.com/itm/322901512794?ul_noapp=true
When installing the driver, it overwrites the kernel files, and thus downgrade to version 4.4.
Negotiations with the Chinese salespeople on the driver for the updated kernel did not lead to anything. Search for the driver in Google did not bring the result.


epoch1970
Posts: 1925
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: How to raise NAT on the raspberry

Fri Dec 08, 2017 9:32 pm

RedCat962 wrote:
Thu Dec 07, 2017 4:39 pm
The router is configured for port forwarding and I have access from the Internet to the Raspberry by the IP on the interface eth0.
Now it's all set up and working. The devices connected to the raspberry through the wlan0 have access to the Internet.

The problem is how to configure access to these devices from the Internet?
WAN --> Router --> Raspberry (eth0) --> Raspberry (wlan0) --> ESP8266 web server.
I can't configure access to the ESP8266 web server from Internet.
You're using NAT in the router: Source NAT (aka Masquerade) and Destintation NAT (aka port-forwarding).
It looks like you're already using SNAT on the Pi, since your devices have Internet access.

You say you can't bridge. Too bad, you'd have a single network and nothing to worry about.
So your choices are either:
  • Add DNAT rules on the Pi.
    You will be able to do this: "WAN IP port 12345/tcp -> Pi's eth IP port 8080/tcp -> ESP8266 port 80/tcp"
    Ain't pretty but it should work ok for HTTP.
    Or,
  • Remove SNAT on the Pi and add a static route on your Router that defines the gateway to the Pi's WLAN network as the Pi's eth0 address.
    You will be able to do this: "WAN IP port 12345/tcp -> ESP8266 port 80/tcp, via Pi's eth0"
    That is much cleaner. You still have 2 internal networks.
I'm sure making either option work will rekindle your interest in bridging ;)
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

drgeoff
Posts: 8440
Joined: Wed Jan 25, 2012 6:39 pm

Re: How to raise NAT on the raspberry

Fri Dec 08, 2017 10:45 pm

Or just purchase a Wi-Fi Access Point and put it in place of the RPi. They can be had for less than the price of a bare RPI never mind the additional cost of SD card and PSU and possibly case.

RedCat962
Posts: 9
Joined: Tue Dec 05, 2017 5:24 pm

Re: How to raise NAT on the raspberry

Sat Dec 09, 2017 3:04 pm

Thank you for your advice!
Could you please describe in detail how to do this:
epoch1970 wrote:
Fri Dec 08, 2017 9:32 pm
You will be able to do this: "WAN IP port 12345/tcp -> ESP8266 port 80/tcp, via Pi's eth0"
And yes, eth0 and wlan0 Raspberry are in different subnets. 192.168.1.100 for eth0 and 192.168.100.100 for wlan0

epoch1970
Posts: 1925
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: How to raise NAT on the raspberry

Sat Dec 09, 2017 6:18 pm

RedCat962 wrote:
Sat Dec 09, 2017 3:04 pm
Could you please describe in detail how to do this:
epoch1970 wrote:
Fri Dec 08, 2017 9:32 pm
You will be able to do this: "WAN IP port 12345/tcp -> ESP8266 port 80/tcp, via Pi's eth0"
I'm afraid I can't do that job for you, it depends on your hardware and your configuration in the Pi. But in general:

First you should check if your ISP router supports handling multiple subnets and has an option to configure static routes. If the GUI and documentation doesn't mention static routing, you can forget that option.

If it looks ok then in the Pi you have to remove one of the lines you've added to your iptables configuration. The one with MASQUERADE in it. Reboot to make sure the rule is gone. (Actually, just enabling routing "echo 1 > /proc/sys/net/ipv4/ip_forward" and no firewall rules at all in the Pi would be simpler in the beginning)

From another computer in the LAN, add a temporary static route and try pinging the device. If that machine were a linux machine, you would do:
"sudo route add -net 192.168.100.0/24 gw 192.168.1.100" and then "ping 192.168.100.xxx" (where xxx can be .100 for the wlan0 interface of the Pi and .??? for the ESP8266)
Verify pinging also goes across when pinging LAN targets from within WLAN: "ping 192.168.1.xxx" (where xxx can be .100 for the Pi's eth0 interface and .??? for that PC, or the router)
If that part doesn't work well, check the Pi is routing properly, see if there isn't a firewall rule blocking communication.

If that part works, go to the router and add the static route equivalent to "net 192.168.100.0/24 gateway 192.168.1.100" in your router GUI.
If you have the possibility to ping hosts from the router GUI, try to ping the ESP8266 by its own address (192.168.100.xxx).
If that doesn't work, try rebooting the router, and then check your documentation.
Once this works, verify the ESP8266 still has access to the Internet. Some routers will gladly NAT any network address that reaches them via the internal interface, some others will only accept source addresses belonging to the LAN (192.168.1.0/24) unless you also authorise other networks (192.168.100.0/24)

Lastly you'll need to add a port forward to the ESP8266 in the router, so that you can get its web pages from the Internet. Make sure that machine has a fixed address, otherwise the port forward could suddenly cease working.

(If you have a dhcp server in the Pi, try to make sure it does not compete with the one in the Router. If some LAN machines suddenly attach themselves to 192.168.100.0/24, you'll need to take care of that.)

Good luck.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

RedCat962
Posts: 9
Joined: Tue Dec 05, 2017 5:24 pm

Re: How to raise NAT on the raspberry

Fri Dec 15, 2017 6:40 pm

Many thanks to all for your advice!
I solved the problem by setting port forwarding from the router to the interface eth0 Raspberry and setting iptables port forwarding to wlan0.

Good luck!

Return to “Advanced users”

Who is online

Users browsing this forum: Bing [Bot] and 14 guests