madmage
Posts: 3
Joined: Wed Sep 11, 2019 9:32 am

Connect to Internet from the Pi

Wed Sep 11, 2019 9:44 am

Hi all,
I have a Raspberry Pi (version 1B) and I want to connect to Internet using my laptop as router. The Pi is connected to my laptop with a wired connection (enp0s25). My laptop is connected to a WiFi router through its wlp3s0 interface. On the Pi I have the last version of Raspbian, on the laptop I have Kubuntu 18.04.

I am trying to do what I typically do in this kind of situations.

On the laptop:

Code: Select all

$ cat /proc/sys/net/ipv4/ip_forward
1
$ sudo iptables --flush -t nat
$ sudo iptables --table nat --append POSTROUTING --out-interface wlp3s0 -j MASQUERADE
$ sudo iptables --append FORWARD --in-interface enp0s25 -j ACCEPT

Then, on the Pi (I am connected through ssh):

Code: Select all

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     203    0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     203    0        0 eth0
$ sudo route del -net 0.0.0.0  # what is that??
$ sudo route add default gw 169.254.0.12
$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         169.254.0.12    0.0.0.0         UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     203    0        0 eth0
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
21 packets transmitted, 0 received, 100% packet loss, time 800ms
(The CTRL-C is due to the fact that the ping is hanging). What am I missing? What should I check? What is happening?

epoch1970
Posts: 3875
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Connect to Internet from the Pi

Wed Sep 11, 2019 1:37 pm

You're using an ipv4ll address on the Pi.
Does the laptop have an ipv4ll address on enp0s25?
If it does, perhaps the route/masquerade option fails to apply, since ipv4ll is not routable by definition.

The easiest would be to start some "ICS" (Internet connection sharing) service on the laptop if that is available.
What ICS does is:
- define a network/static IP for the secondary network (e.g. 10.199.199.0/24 / 10.199.199.1)
- add some routing/NATting rules (the ones above will do)
- start a dhcp server on the interface managing the secondary network (e.g. dnsmasq listening on enp0s25)
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

ejolson
Posts: 3823
Joined: Tue Mar 18, 2014 11:47 am

Re: Connect to Internet from the Pi

Wed Sep 11, 2019 2:57 pm

madmage wrote:
Wed Sep 11, 2019 9:44 am
Hi all,
I have a Raspberry Pi (version 1B) and I want to connect to Internet using my laptop as router. The Pi is connected to my laptop with a wired connection (enp0s25). My laptop is connected to a WiFi router through its wlp3s0 interface. On the Pi I have the last version of Raspbian, on the laptop I have Kubuntu 18.04.

I am trying to do what I typically do in this kind of situations.

On the laptop:

Code: Select all

$ cat /proc/sys/net/ipv4/ip_forward
1
$ sudo iptables --flush -t nat
$ sudo iptables --table nat --append POSTROUTING --out-interface wlp3s0 -j MASQUERADE
$ sudo iptables --append FORWARD --in-interface enp0s25 -j ACCEPT

Then, on the Pi (I am connected through ssh):

Code: Select all

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     203    0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     203    0        0 eth0
$ sudo route del -net 0.0.0.0  # what is that??
$ sudo route add default gw 169.254.0.12
$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         169.254.0.12    0.0.0.0         UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     203    0        0 eth0
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
21 packets transmitted, 0 received, 100% packet loss, time 800ms
(The CTRL-C is due to the fact that the ping is hanging). What am I missing? What should I check? What is happening?
Since you can connect from the laptop to the Pi it would appear your local area network is set up correctly. Can you ping the notebook from the Pi?

Usually Google's servers are set up to respond to ping requests. That way they can store all those people setting up local area networks in their data mine. Is it possible to ping 8.8.8.8 from the laptop?

Have you tried flushing all the firewall rules on the laptop first and then setting up the IP masquerade?

madmage
Posts: 3
Joined: Wed Sep 11, 2019 9:32 am

Re: Connect to Internet from the Pi

Thu Sep 12, 2019 9:43 pm

Answering to the questions you made:
- yes I can ping the laptop from the Pi
- I did not know that ipv4ll cannot be routed, but see below

I tried with another network.

On the laptop, same commands as before.

On the Pi:

Code: Select all

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: usb0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 16:ac:87:ce:50:89 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:2c:c2:e8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.10/24 brd 192.168.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fd51:42f8:caae:d92e::ff/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::53d7:51e:1782:3a4b/64 scope link 
       valid_lft forever preferred_lft forever
$ ip route
default via 192.168.0.1 dev eth0 src 192.168.0.10 metric 203 
192.168.0.0/24 dev eth0 proto dhcp scope link src 192.168.0.10 metric 203 
On the laptop:

Code: Select all

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 3c:97:0e:86:de:10 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 brd 192.168.0.255 scope global noprefixroute enp0s25
       valid_lft forever preferred_lft forever
    inet6 fe80::11af:8d5b:720:437f/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 3c:a9:f4:17:6d:f8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.180/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp3s0
       valid_lft 21537sec preferred_lft 21537sec
    inet6 fe80::8b25:ce1b:f7b0:25c2/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:b5:b4:0d:6f brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
$ ip route
default via 192.168.1.1 dev wlp3s0 proto dhcp metric 600 
169.254.0.0/16 dev docker0 scope link metric 1000 linkdown 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.0.0/24 dev enp0s25 proto kernel scope link src 192.168.0.1 metric 100 
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.180 metric 600 
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (1 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            
I am a little bit concerned about the "Chain FORWARD (policy DROP)", is it wrong?
However, the result is always the same:

Code: Select all

[email protected]:~ $ ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.870 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.857 ms
^C
--- 192.168.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 0.857/0.863/0.870/0.030 ms
[email protected]:~ $ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
13 packets transmitted, 0 received, 100% packet loss, time 433ms

epoch1970
Posts: 3875
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Connect to Internet from the Pi

Thu Sep 12, 2019 10:28 pm

I think the firewall on the laptop is now the problem I think. There is no masquerading rule, and the drop policy on forwarding might not help.
If you stop docker you won't have as many rules. In general I would suggest to set everything to ACCEPT policy until you ping.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

madmage
Posts: 3
Joined: Wed Sep 11, 2019 9:32 am

Re: Connect to Internet from the Pi

Sun Sep 15, 2019 1:58 pm

@epoch1970 it works now.
I used the network 192.168.0.0/24 instead of ipv4ll addresses and I put a default to ACCEPT everywhere. (sudo iptables -P INPUT ACCEPT, sudo iptables -P FORWARD ACCEPT).

Thanks!

Return to “Networking and servers”