Re: Routing per access point WiFi creato su Debian

To: debian-italian@lists.debian.org
Subject: Re: Routing per access point WiFi creato su Debian
From: Felipe Salvador <felipe.salvador@gmail.com>
Date: Tue, 3 Oct 2017 12:32:34 +0200
Message-id: <[🔎] 20171003103234.bsegx53du7mvwzjl@gnurante>
Mail-followup-to: debian-italian@lists.debian.org
In-reply-to: <[🔎] CA+R1mU+UPVwaSLtGtJSEO5kvSSRU4_sCwiJavkSyHwYb00F-4Q@mail.gmail.com>
References: <[🔎] CA+R1mU+UPVwaSLtGtJSEO5kvSSRU4_sCwiJavkSyHwYb00F-4Q@mail.gmail.com>
On Mon, Oct 02, 2017 at 08:04:55PM +0200, Lucio Marinelli wrote:
> Ciao a tutti, ho un PC con Debian 9.1 collegato a internet via cavo
> (interfaccia enp2s0) che vorrei utilizzare come router wifi. Ho collegato
> un usb dongle Netgear che viene perfettamente riconosciuto (l'interfaccia
> di rete viene chiamata wlxe0469aa53965 invece che wlan0). Ho quindi seguito
> le istruzioni riportate qui per creare la rete wifi a cui collegare altri
> dispositivi utilizzando hostapd:
>
> https://seravo.fi/2014/create-wireless-access-point-hostapd
> 
> Di fatto ho creato una rete WiFi con indirizzi 192.168.8.0/24 che dovrebbe
> riuscire a fare routing dei pacchetti sull'indirizzo IP della macchina
> host. La rete funziona così come il DHCP e riesco quindi a collegarmi con
> il cellulare o altri dispositivi, tuttavia i pacchetti non sembrano
> entrare/uscire e quindi di fatto non funziona internet.

Non conosco ufw.
Non vedo accenni al masquerading nella tua configurazione, o sbaglio?
Se non intendi usare il NAT penso che il gateway a cui si allaccia enp2s0
dovrebbe esserne informato, aggiungendo la relativa route per
192.168.8.0/24.

Un consiglio; data la complessità della tua configurazione paragonata
al tutorial da cui hai preso spunto (e a molti altri tutorial simili)
e date le difficoltà che stai avendo per far funzionare il tutto,
cerca di tenere tutto il più semplice possibile.

> Sapete dirmi dove è l'inghippo e come posso risolvere il problema?
> 
> 
> Riporto di seguito l'attuale configurazione di iptables:
> 
> Chain INPUT (policy DROP)
> target     prot opt source               destination
> ufw-before-logging-input  all  --  anywhere             anywhere
> ufw-before-input  all  --  anywhere             anywhere
> ufw-after-input  all  --  anywhere             anywhere
> ufw-after-logging-input  all  --  anywhere             anywhere
> ufw-reject-input  all  --  anywhere             anywhere
> ufw-track-input  all  --  anywhere             anywhere
> 
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> ufw-before-logging-forward  all  --  anywhere
> anywhere
> ufw-before-forward  all  --  anywhere             anywhere
> ufw-after-forward  all  --  anywhere             anywhere
> ufw-after-logging-forward  all  --  anywhere
> anywhere
> ufw-reject-forward  all  --  anywhere             anywhere
> ufw-track-forward  all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere             ctstate
> RELATED,ESTABLISHED
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> ufw-before-logging-output  all  --  anywhere
> anywhere
> ufw-before-output  all  --  anywhere             anywhere
> ufw-after-output  all  --  anywhere             anywhere
> ufw-after-logging-output  all  --  anywhere             anywhere
> ufw-reject-output  all  --  anywhere             anywhere
> ufw-track-output  all  --  anywhere             anywhere
> 
> Chain ufw-after-forward (1 references)
> target     prot opt source               destination
> 
> Chain ufw-after-input (1 references)
> target     prot opt source               destination
> ufw-skip-to-policy-input  udp  --  anywhere
> anywhere             udp dpt:netbios-ns
> ufw-skip-to-policy-input  udp  --  anywhere
> anywhere             udp dpt:netbios-dgm
> ufw-skip-to-policy-input  tcp  --  anywhere
> anywhere             tcp dpt:netbios-ssn
> ufw-skip-to-policy-input  tcp  --  anywhere
> anywhere             tcp dpt:microsoft-ds
> ufw-skip-to-policy-input  udp  --  anywhere
> anywhere             udp dpt:bootps
> ufw-skip-to-policy-input  udp  --  anywhere
> anywhere             udp dpt:bootpc
> ufw-skip-to-policy-input  all  --  anywhere
> anywhere             ADDRTYPE match dst-type BROADCAST
> 
> Chain ufw-after-logging-forward (1 references)
> target     prot opt source               destination
> LOG        all  --  anywhere             anywhere             limit: avg
> 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
> 
> Chain ufw-after-logging-input (1 references)
> target     prot opt source               destination
> LOG        all  --  anywhere             anywhere             limit: avg
> 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
> 
> Chain ufw-after-logging-output (1 references)
> target     prot opt source               destination
> 
> Chain ufw-after-output (1 references)
> target     prot opt source               destination
> 
> Chain ufw-before-forward (1 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere             ctstate
> RELATED,ESTABLISHED
> ACCEPT     icmp --  anywhere             anywhere             icmp
> destination-unreachable
> ACCEPT     icmp --  anywhere             anywhere             icmp
> source-quench
> ACCEPT     icmp --  anywhere             anywhere             icmp
> time-exceeded
> ACCEPT     icmp --  anywhere             anywhere             icmp
> parameter-problem
> ACCEPT     icmp --  anywhere             anywhere             icmp
> echo-request
> ufw-user-forward  all  --  anywhere             anywhere
> 
> Chain ufw-before-input (1 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere             ctstate
> RELATED,ESTABLISHED
> ufw-logging-deny  all  --  anywhere             anywhere
> ctstate INVALID
> DROP       all  --  anywhere             anywhere             ctstate
> INVALID
> ACCEPT     icmp --  anywhere             anywhere             icmp
> destination-unreachable
> ACCEPT     icmp --  anywhere             anywhere             icmp
> source-quench
> ACCEPT     icmp --  anywhere             anywhere             icmp
> time-exceeded
> ACCEPT     icmp --  anywhere             anywhere             icmp
> parameter-problem
> ACCEPT     icmp --  anywhere             anywhere             icmp
> echo-request
> ACCEPT     udp  --  anywhere             anywhere             udp
> spt:bootps dpt:bootpc
> ufw-not-local  all  --  anywhere             anywhere
> ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns
> ACCEPT     udp  --  anywhere             239.255.255.250      udp dpt:1900
> ufw-user-input  all  --  anywhere             anywhere
> 
> Chain ufw-before-logging-forward (1 references)
> target     prot opt source               destination
> 
> Chain ufw-before-logging-input (1 references)
> target     prot opt source               destination
> 
> Chain ufw-before-logging-output (1 references)
> target     prot opt source               destination
> 
> Chain ufw-before-output (1 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere             ctstate
> RELATED,ESTABLISHED
> ufw-user-output  all  --  anywhere             anywhere
> 
> Chain ufw-logging-allow (0 references)
> target     prot opt source               destination
> LOG        all  --  anywhere             anywhere             limit: avg
> 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
> 
> Chain ufw-logging-deny (2 references)
> target     prot opt source               destination
> RETURN     all  --  anywhere             anywhere             ctstate
> INVALID limit: avg 3/min burst 10
> LOG        all  --  anywhere             anywhere             limit: avg
> 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
> 
> Chain ufw-not-local (1 references)
> target     prot opt source               destination
> RETURN     all  --  anywhere             anywhere             ADDRTYPE
> match dst-type LOCAL
> RETURN     all  --  anywhere             anywhere             ADDRTYPE
> match dst-type MULTICAST
> RETURN     all  --  anywhere             anywhere             ADDRTYPE
> match dst-type BROADCAST
> ufw-logging-deny  all  --  anywhere             anywhere             limit:
> avg 3/min burst 10
> DROP       all  --  anywhere             anywhere
> 
> Chain ufw-reject-forward (1 references)
> target     prot opt source               destination
> 
> Chain ufw-reject-input (1 references)
> target     prot opt source               destination
> 
> Chain ufw-reject-output (1 references)
> target     prot opt source               destination
> 
> Chain ufw-skip-to-policy-forward (0 references)
> target     prot opt source               destination
> DROP       all  --  anywhere             anywhere
> 
> Chain ufw-skip-to-policy-input (7 references)
> target     prot opt source               destination
> DROP       all  --  anywhere             anywhere
> 
> Chain ufw-skip-to-policy-output (0 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> 
> Chain ufw-track-forward (1 references)
> target     prot opt source               destination
> 
> Chain ufw-track-input (1 references)
> target     prot opt source               destination
> 
> Chain ufw-track-output (1 references)
> target     prot opt source               destination
> ACCEPT     tcp  --  anywhere             anywhere             ctstate NEW
> ACCEPT     udp  --  anywhere             anywhere             ctstate NEW
> 
> Chain ufw-user-forward (1 references)
> target     prot opt source               destination
> 
> Chain ufw-user-input (1 references)
> target     prot opt source               destination
> ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
> ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
> ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
> ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
> ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
> 
> Chain ufw-user-limit (0 references)
> target     prot opt source               destination
> LOG        all  --  anywhere             anywhere             limit: avg
> 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
> REJECT     all  --  anywhere             anywhere             reject-with
> icmp-port-unreachable
> 
> Chain ufw-user-limit-accept (0 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> 
> Chain ufw-user-logging-forward (0 references)
> target     prot opt source               destination
> 
> Chain ufw-user-logging-input (0 references)
> target     prot opt source               destination
> 
> Chain ufw-user-logging-output (0 references)
> target     prot opt source               destination
> 
> Chain ufw-user-output (1 references)
> target     prot opt source               destination
> ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
> ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
> ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
> 
> 
> Grazie!
> 
> -- 
> Lucio Marinelli

Saluti
-- 
Felipe Salvador
Reply to:
References:
- Routing per access point WiFi creato su Debian
  - From: Lucio Marinelli <luciomarinelli@gmail.com>
Prev by Date: Re: Routing per access point WiFi creato su Debian
Next by Date: Re: Routing per access point WiFi creato su Debian
Previous by thread: Routing per access point WiFi creato su Debian
Next by thread: Re: Routing per access point WiFi creato su Debian
Index(es):
- Date
- Thread