Re: Routing per access point WiFi creato su Debian
On Mon, Oct 02, 2017 at 08:04:55PM +0200, Lucio Marinelli wrote:
> Ciao a tutti, ho un PC con Debian 9.1 collegato a internet via cavo
> (interfaccia enp2s0) che vorrei utilizzare come router wifi. Ho collegato
> un usb dongle Netgear che viene perfettamente riconosciuto (l'interfaccia
> di rete viene chiamata wlxe0469aa53965 invece che wlan0). Ho quindi seguito
> le istruzioni riportate qui per creare la rete wifi a cui collegare altri
> dispositivi utilizzando hostapd:
>
> https://seravo.fi/2014/create-wireless-access-point-hostapd
>
> Di fatto ho creato una rete WiFi con indirizzi 192.168.8.0/24 che dovrebbe
> riuscire a fare routing dei pacchetti sull'indirizzo IP della macchina
> host. La rete funziona così come il DHCP e riesco quindi a collegarmi con
> il cellulare o altri dispositivi, tuttavia i pacchetti non sembrano
> entrare/uscire e quindi di fatto non funziona internet.
Non conosco ufw.
Non vedo accenni al masquerading nella tua configurazione, o sbaglio?
Se non intendi usare il NAT penso che il gateway a cui si allaccia enp2s0
dovrebbe esserne informato, aggiungendo la relativa route per
192.168.8.0/24.
Un consiglio; data la complessità della tua configurazione paragonata
al tutorial da cui hai preso spunto (e a molti altri tutorial simili)
e date le difficoltà che stai avendo per far funzionare il tutto,
cerca di tenere tutto il più semplice possibile.
> Sapete dirmi dove è l'inghippo e come posso risolvere il problema?
>
>
> Riporto di seguito l'attuale configurazione di iptables:
>
> Chain INPUT (policy DROP)
> target prot opt source destination
> ufw-before-logging-input all -- anywhere anywhere
> ufw-before-input all -- anywhere anywhere
> ufw-after-input all -- anywhere anywhere
> ufw-after-logging-input all -- anywhere anywhere
> ufw-reject-input all -- anywhere anywhere
> ufw-track-input all -- anywhere anywhere
>
> Chain FORWARD (policy DROP)
> target prot opt source destination
> ufw-before-logging-forward all -- anywhere
> anywhere
> ufw-before-forward all -- anywhere anywhere
> ufw-after-forward all -- anywhere anywhere
> ufw-after-logging-forward all -- anywhere
> anywhere
> ufw-reject-forward all -- anywhere anywhere
> ufw-track-forward all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere ctstate
> RELATED,ESTABLISHED
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> ufw-before-logging-output all -- anywhere
> anywhere
> ufw-before-output all -- anywhere anywhere
> ufw-after-output all -- anywhere anywhere
> ufw-after-logging-output all -- anywhere anywhere
> ufw-reject-output all -- anywhere anywhere
> ufw-track-output all -- anywhere anywhere
>
> Chain ufw-after-forward (1 references)
> target prot opt source destination
>
> Chain ufw-after-input (1 references)
> target prot opt source destination
> ufw-skip-to-policy-input udp -- anywhere
> anywhere udp dpt:netbios-ns
> ufw-skip-to-policy-input udp -- anywhere
> anywhere udp dpt:netbios-dgm
> ufw-skip-to-policy-input tcp -- anywhere
> anywhere tcp dpt:netbios-ssn
> ufw-skip-to-policy-input tcp -- anywhere
> anywhere tcp dpt:microsoft-ds
> ufw-skip-to-policy-input udp -- anywhere
> anywhere udp dpt:bootps
> ufw-skip-to-policy-input udp -- anywhere
> anywhere udp dpt:bootpc
> ufw-skip-to-policy-input all -- anywhere
> anywhere ADDRTYPE match dst-type BROADCAST
>
> Chain ufw-after-logging-forward (1 references)
> target prot opt source destination
> LOG all -- anywhere anywhere limit: avg
> 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
>
> Chain ufw-after-logging-input (1 references)
> target prot opt source destination
> LOG all -- anywhere anywhere limit: avg
> 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
>
> Chain ufw-after-logging-output (1 references)
> target prot opt source destination
>
> Chain ufw-after-output (1 references)
> target prot opt source destination
>
> Chain ufw-before-forward (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere ctstate
> RELATED,ESTABLISHED
> ACCEPT icmp -- anywhere anywhere icmp
> destination-unreachable
> ACCEPT icmp -- anywhere anywhere icmp
> source-quench
> ACCEPT icmp -- anywhere anywhere icmp
> time-exceeded
> ACCEPT icmp -- anywhere anywhere icmp
> parameter-problem
> ACCEPT icmp -- anywhere anywhere icmp
> echo-request
> ufw-user-forward all -- anywhere anywhere
>
> Chain ufw-before-input (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere ctstate
> RELATED,ESTABLISHED
> ufw-logging-deny all -- anywhere anywhere
> ctstate INVALID
> DROP all -- anywhere anywhere ctstate
> INVALID
> ACCEPT icmp -- anywhere anywhere icmp
> destination-unreachable
> ACCEPT icmp -- anywhere anywhere icmp
> source-quench
> ACCEPT icmp -- anywhere anywhere icmp
> time-exceeded
> ACCEPT icmp -- anywhere anywhere icmp
> parameter-problem
> ACCEPT icmp -- anywhere anywhere icmp
> echo-request
> ACCEPT udp -- anywhere anywhere udp
> spt:bootps dpt:bootpc
> ufw-not-local all -- anywhere anywhere
> ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
> ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900
> ufw-user-input all -- anywhere anywhere
>
> Chain ufw-before-logging-forward (1 references)
> target prot opt source destination
>
> Chain ufw-before-logging-input (1 references)
> target prot opt source destination
>
> Chain ufw-before-logging-output (1 references)
> target prot opt source destination
>
> Chain ufw-before-output (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere ctstate
> RELATED,ESTABLISHED
> ufw-user-output all -- anywhere anywhere
>
> Chain ufw-logging-allow (0 references)
> target prot opt source destination
> LOG all -- anywhere anywhere limit: avg
> 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
>
> Chain ufw-logging-deny (2 references)
> target prot opt source destination
> RETURN all -- anywhere anywhere ctstate
> INVALID limit: avg 3/min burst 10
> LOG all -- anywhere anywhere limit: avg
> 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
>
> Chain ufw-not-local (1 references)
> target prot opt source destination
> RETURN all -- anywhere anywhere ADDRTYPE
> match dst-type LOCAL
> RETURN all -- anywhere anywhere ADDRTYPE
> match dst-type MULTICAST
> RETURN all -- anywhere anywhere ADDRTYPE
> match dst-type BROADCAST
> ufw-logging-deny all -- anywhere anywhere limit:
> avg 3/min burst 10
> DROP all -- anywhere anywhere
>
> Chain ufw-reject-forward (1 references)
> target prot opt source destination
>
> Chain ufw-reject-input (1 references)
> target prot opt source destination
>
> Chain ufw-reject-output (1 references)
> target prot opt source destination
>
> Chain ufw-skip-to-policy-forward (0 references)
> target prot opt source destination
> DROP all -- anywhere anywhere
>
> Chain ufw-skip-to-policy-input (7 references)
> target prot opt source destination
> DROP all -- anywhere anywhere
>
> Chain ufw-skip-to-policy-output (0 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> Chain ufw-track-forward (1 references)
> target prot opt source destination
>
> Chain ufw-track-input (1 references)
> target prot opt source destination
>
> Chain ufw-track-output (1 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere ctstate NEW
> ACCEPT udp -- anywhere anywhere ctstate NEW
>
> Chain ufw-user-forward (1 references)
> target prot opt source destination
>
> Chain ufw-user-input (1 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
> ACCEPT tcp -- anywhere anywhere tcp dpt:http
> ACCEPT udp -- anywhere anywhere udp dpt:bootps
> ACCEPT tcp -- anywhere anywhere tcp dpt:domain
> ACCEPT udp -- anywhere anywhere udp dpt:domain
>
> Chain ufw-user-limit (0 references)
> target prot opt source destination
> LOG all -- anywhere anywhere limit: avg
> 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
> REJECT all -- anywhere anywhere reject-with
> icmp-port-unreachable
>
> Chain ufw-user-limit-accept (0 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> Chain ufw-user-logging-forward (0 references)
> target prot opt source destination
>
> Chain ufw-user-logging-input (0 references)
> target prot opt source destination
>
> Chain ufw-user-logging-output (0 references)
> target prot opt source destination
>
> Chain ufw-user-output (1 references)
> target prot opt source destination
> ACCEPT udp -- anywhere anywhere udp dpt:bootps
> ACCEPT tcp -- anywhere anywhere tcp dpt:domain
> ACCEPT udp -- anywhere anywhere udp dpt:domain
>
>
> Grazie!
>
> --
> Lucio Marinelli
Saluti
--
Felipe Salvador
Reply to: