Difference between revisions of "NAT Gateway by iptables dnsmasq"
(→Trouble Shooting: Added to troubleshooting) |
(Added links to freetether) |
||
Line 2: | Line 2: | ||
https://help.ubuntu.com/community/Internet/ConnectionSharing | https://help.ubuntu.com/community/Internet/ConnectionSharing | ||
+ | |||
+ | This is however an academic exercise as FreeTether does a fine job | ||
+ | http://www.webos-internals.org/wiki/Application:FreeTether | ||
==Turn on USBnet on palm== | ==Turn on USBnet on palm== | ||
Line 163: | Line 166: | ||
*http://www.webos-internals.org/wiki/Reverse_Tethering | *http://www.webos-internals.org/wiki/Reverse_Tethering | ||
+ | |||
+ | *http://www.webos-internals.org/wiki/Application:FreeTether |
Revision as of 17:07, 5 January 2011
The following guide can be followed on the palm to make a NAT gateway from a usb0 (tether) to ppp0 (EVDO). It is also possible this can be adapted to use a palm pre as a usb wireless adapter, that is NAT gateway from usb0 to eth0. Since wpa_supplicant and wireless tools are included with webos it is also possible that these could be adapted to build your own wifi hotspot from built in commands.
https://help.ubuntu.com/community/Internet/ConnectionSharing
This is however an academic exercise as FreeTether does a fine job http://www.webos-internals.org/wiki/Application:FreeTether
Turn on USBnet on palm
get a root terminal and enter the commands: This requires a reboot so exit anything you're doing on your phone.
usbnet enable reboot
Make dnsmasq.palm.conf check our config file (only do once)
mount -o remount,rw / echo conf-file=/etc/dnsmasq.usb.conf >> /etc/dnsmasq.palm.conf mount -o remount,ro /
Make dhcp/dns availalbe to usb0
get root terminal and use the following to make dhcp/dns available to usb0
mount -o remount,rw / echo interface=usb0 >> /etc/dnsmasq.usb.conf echo dhcp-host=192.169.0.202 >> /etc/dnsmasq.usb.conf echo dhcp-range=192.168.0.203,192.168.0.203,15m >> /etc/dnsmasq.usb.conf stop dnsmasq start dnsmasq mount -o remount,ro /
Make Sure usb is correct address
Attach the usb cable between your computer and palm.
Run
ifconfig usb0
on your palm and make sure the IP is 192.168.0.202
ifconfig usb0 up ifconfig usb0 192.168.0.202
Technically, you don't need this address but it sure makes it easier if you are using ssh to get your root terminal as this appears to be the default usb address :/
A note on SSH root terminal
novaterm users skip this step.
You'll want to connect to the root terminal from here on out using usbnet. So open your computers connection to the usbnet.
Saving your initial iptables settings (optional)
iptables is reset every time your palm is rebooted. But if you wish to save your iptables settings to avoid a reboot here is how.
iptables-save -c > /media/internal/iptables.save
Setup packet forwarding to tether usb0 (cable) to ppp0 (EVDO)
You will need to shut off wifi on your phone (it won't work otherwise). To do this tap on the upper left hand corner where the wifi icon is. Select "Wi-Fi" -> Turn off Wi-Fi
sysctl -w net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1 iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MASQUERADE iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 3074 -j DNAT --to-destination 192.168.0.203 iptables -t nat -A PREROUTING -i ppp0 -p udp -m multiport --dports 88,3074 -j DNAT --to-destination 192.168.0.203 iptables -A FORWARD -i ppp0 -d 192.168.0.203 -p tcp --dport 3074 -j ACCEPT iptables -A FORWARD -i ppp0 -d 192.168.0.203 -p udp -m multiport --dports 88,3074 -j ACCEPT
Setup packet forwarding to tether usb0 (cable) to eth0 (Wi-Fi)
Make sure your Wi-Fi is on and connected to an Access Point.
sysctl -w net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3074 -j DNAT --to-destination 192.168.0.203 iptables -t nat -A PREROUTING -i eth0 -p udp -m multiport --dports 88,3074 -j DNAT --to-destination 192.168.0.203 iptables -A FORWARD -i eth0 -d 192.168.0.203 -p tcp --dport 3074 -j ACCEPT iptables -A FORWARD -i eth0 -d 192.168.0.203 -p udp -m multiport --dports 88,3074 -j ACCEPT
Setup your computer
It may help to disconnect other network interfaces at this point on your computer (through network manager). If you used SSH to connect to your phone you need to disconnect the usb network connection (in the network manager not the cable).
On Ubuntu Linux 10.04 in network manager right click the icon select "Edit Connections". Find the wired interface probably named "Auto usb" edit and uncheck "connect automatically" box.
Windows / Mac instructions coming soon.
Restoring your palm to it's original settings
sysctl -w net.ipv4.conf.default.forwarding=0 net.ipv4.conf.all.forwarding=0 mount -o remount,rw / echo -n "" > /etc/dnsmasq.usb.conf stop dnsmasq start dnsmasq mount -o remount,ro /
Restoring iptables (optional)
iptables-restore -c /media/internal/iptables.save
Trouble Shooting
The following commands can hopefully give you and us an idea of what is going wrong. If you have difficulties please post the output of these with your phone carrier / phone model / webos version to http://forums.precentral.net/palm-pre/272021-pre-gateway-via-iptables-possible.html. For example Verizon / Palm Pre / webos 1.4.5.
sysctl net.ipv4.conf.default.forwarding net.ipv4.conf.all.forwarding iptables -L -n -v -t nat iptables -L FORWARD route
sysctl
It is suspected that some carriers and models shut off ip_forwarding. Please report if this command reports zero.
palm-webos-device root # sysctl net.ipv4.conf.default.forwarding net.ipv4.conf.all.forwarding net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.all.forwarding = 1
Does the following change the values?
sysctl net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1 sysctl net.ipv4.conf.default.forwarding net.ipv4.conf.all.forwarding
iptables
There have been reports of iptables being flushed by certain carriers. Below is what it should look like.
palm-webos-device root # iptables -L -n -v -t nat Chain PREROUTING (policy ACCEPT 167 packets, 29504 bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3074 to:192.168.0.203 0 0 DNAT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 88,3074 to:192.168.0.203 Chain POSTROUTING (policy ACCEPT 184 packets, 11672 bytes) pkts bytes target prot opt in out source destination 16 1002 MASQUERADE all -- * ppp0 192.168.0.0/24 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 184 packets, 11672 bytes) pkts bytes target prot opt in out source destination palm-webos-device root # iptables -L FORWARD Chain FORWARD (policy ACCEPT) target prot opt source destination INVALID_PACKETS all -- anywhere anywhere state INVALID ACCEPT tcp -- anywhere monkeybear tcp dpt:3074 ACCEPT udp -- anywhere monkeybear multiport dports kerberos,3074
route
Sometimes there are extra routes floating around (maybe you forgot to turn off eth0 or usb0 sometimes makes an appearance). Usually deleting the route helps. Don't delete ppp0. Deleting eth0 or usb0 is safe. To fix eth0 cycle the Wi-Fi on the phone off then on.
palm-webos-device root # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 66.174.62.1 * 255.255.255.255 UH 0 0 0 ppp0 192.168.2.0 * 255.255.255.0 U 0 0 0 usb0 192.168.0.0 * 255.255.255.0 U 0 0 0 usb0 default 66.174.62.1 0.0.0.0 UG 30 0 0 ppp0 default 192.168.0.200 0.0.0.0 UG 40 0 0 usb0 palm-webos-device root # route del default usb0