Linux box (as router) not forwarding traffic (between interfaces)

Posted on

Problem :

Info:

I have a router, linux box, and clients connected to a switch.

Router is the link to the outside/internet with IP and subnet of:

  • 192.168.8.1

  • 192.168.8.0/24

respectively, my linux box (raspberry pi) is setup with a static IP config (see below for details) which connects to the router using ip 192.168.8.254

My clients (and me) all utilize a ethernet switch which connects to the linux box. The linux box ip (on ethernet switch) is 192.168.1.254 and operates with subnet of 192.168.1.0/24

I have enabled packet forwarding on the linux box, aswel as added iptables rules to forward traffic between both interfaces

clients <--> switch < --- > eth0(PI) <==> wlan0(PI) < ---- > router <--> google

I have found this question on SF, but I am not sure if/how this applies.

Problem:

Traffic is not being forwarded.

On my PC, I can ping the linux box (eth0) 192.168.1.254 , but not 8.8.8.8.

On the linux box, I can ping my pc 192.168.1.245 , the router 192.168.8.1 , and google 8.8.8.8

Some googling regarding this problem does not show anything I have not tried.

Please see info below

help would be greatly appreciated, if extra info is required, please leave a comment

Details: (pastebin details link)

// sudo route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.8.1     0.0.0.0         UG    0      0        0 wlan0
0.0.0.0         192.168.8.1     0.0.0.0         UG    303    0        0 wlan0
169.254.0.0     0.0.0.0         255.255.0.0     U     202    0        0 eth0
192.168.0.0     0.0.0.0         255.255.0.0     U     0      0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.8.0     0.0.0.0         255.255.255.0   U     303    0        0 wlan0

// sudo iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere             state NEW,RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             state NEW,RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

// /etc/network/interfaces

# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

allow-hotplug wlan0
iface wlan0 inet static
        address 192.168.8.254
        netmask 255.255.0.0
        gateway 192.168.8.1
        network 192.168.8.0
        broadcast 192.168.8.255
        metric 0
    post-up route add default gw 192.168.8.1 metric 0
    pre-down route del default gw 192.168.8.1
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

allow-hotplug eth0
iface eth0 inet static
        address 192.168.1.254
        gateway 192.168.8.254
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        metric 1
    post-up route add default gw 192.168.8.254 metric 1
    pre-down route del default gw 192.168.8.254

Solution :

Please note:

When creating this question, I have figured out the solution,

But I felt others might benefit from this too:

I had done some reading up on the subject, but I had a thought that it might be something relating to pre/post routing, but could not place my finger on it.

Solution:

Reading here I came across a few interesting topics, but had little luck trying them myself,

after more searching, I found this helpful git page explaining a similar situation.

Thus, I attempted:

sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

Any my problem was solved.

Hope this helps someone

Leave a Reply

Your email address will not be published.