Difference between revisions of "NAT Gateway by iptables dnsmasq"
Jump to navigation
Jump to search
(First Draft Comments Welcome please :)) |
(added bit about eth0<->usb0 tethering not in Freetether) |
||
| (13 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | The following guide can be followed on the palm to make a NAT gateway from a usb0 (tether) to ppp0 (EVDO). It is also possible this can be adapted to use a palm pre as a usb wireless adapter, that is NAT gateway from usb0 to eth0. | + | The following guide can be followed on the palm to make a NAT gateway from a usb0 (tether) to ppp0 (EVDO). It is also possible this can be adapted to use a palm pre as a usb wireless adapter, that is NAT gateway from usb0 to eth0. Since wpa_supplicant and wireless tools are included with webos it is also possible that these could be adapted to build your own wifi hotspot from built in commands. |
https://help.ubuntu.com/community/Internet/ConnectionSharing | https://help.ubuntu.com/community/Internet/ConnectionSharing | ||
| − | + | For ppp0<->usb0 tehtering this is however an academic exercise as FreeTether does a fine job | |
| − | + | ||
| + | http://www.webos-internals.org/wiki/Application:FreeTether | ||
| + | |||
| + | As of yet Freetether does not provide the facility to use your WebOs device as a wireless usb controller. That is, tethering eth0<->usb0 | ||
==Turn on USBnet on palm== | ==Turn on USBnet on palm== | ||
| Line 12: | Line 15: | ||
reboot | reboot | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | ==Make dhcp/dns availalbe to usb0 | + | |
| + | ==Make dnsmasq.palm.conf check our config file (only do once)== | ||
| + | <pre> | ||
| + | mount -o remount,rw / | ||
| + | echo conf-file=/etc/dnsmasq.usb.conf >> /etc/dnsmasq.palm.conf | ||
| + | mount -o remount,ro / | ||
| + | </pre> | ||
| + | |||
| + | ==Make dhcp/dns availalbe to usb0== | ||
get root terminal and use the following to make dhcp/dns available to usb0 | get root terminal and use the following to make dhcp/dns available to usb0 | ||
<pre><nowiki> | <pre><nowiki> | ||
mount -o remount,rw / | mount -o remount,rw / | ||
| − | echo interface=usb0 >> /etc/dnsmasq. | + | echo interface=usb0 >> /etc/dnsmasq.usb.conf |
| − | echo dhcp-range=192.168. | + | echo dhcp-host=192.169.0.202 >> /etc/dnsmasq.usb.conf |
| + | echo dhcp-range=192.168.0.203,192.168.0.203,15m >> /etc/dnsmasq.usb.conf | ||
stop dnsmasq | stop dnsmasq | ||
start dnsmasq | start dnsmasq | ||
| Line 23: | Line 35: | ||
</nowiki></pre> | </nowiki></pre> | ||
| − | == | + | ==Make Sure usb is correct address== |
| + | Attach the usb cable between your computer and palm. | ||
| + | Run <pre>ifconfig usb0</pre> on your palm and make sure the IP is 192.168.0.202 | ||
| + | |||
<pre><nowiki> | <pre><nowiki> | ||
ifconfig usb0 up | ifconfig usb0 up | ||
| − | ifconfig usb0 192.168. | + | ifconfig usb0 192.168.0.202 |
| − | sysctl -w net.ipv4.conf.default.forwarding=1 | + | </nowiki></pre> |
| − | + | ||
| − | iptables -t nat -A POSTROUTING -o ppp0 -s 192.168. | + | Technically, you don't need this address but it sure makes it easier if you are using ssh to get your root terminal as this appears to be the default usb address :/ |
| − | iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 3074 -j DNAT --to-destination 192.168. | + | |
| − | iptables -t nat -A PREROUTING -i ppp0 -p udp -m multiport --dports 88,3074 -j DNAT --to-destination 192.168. | + | ==A note on SSH root terminal== |
| − | iptables -A FORWARD -i ppp0 -d 192.168. | + | <b>novaterm</b> users skip this step. |
| − | iptables -A FORWARD -i ppp0 -d 192.168. | + | |
| + | You'll want to connect to the root terminal from here on out using usbnet. So open your computers connection to the usbnet. | ||
| + | |||
| + | ==Saving your initial iptables settings (optional)== | ||
| + | iptables is reset every time your palm is rebooted. But if you wish to save your iptables settings to avoid a reboot here is how. | ||
| + | <pre> | ||
| + | iptables-save -c > /media/internal/iptables.save | ||
| + | </pre> | ||
| + | ==Setup packet forwarding to tether usb0 (cable) to ppp0 (EVDO)== | ||
| + | You will need to shut off wifi on your phone (it won't work otherwise). To do this tap on the upper left hand corner where the wifi icon is. Select "Wi-Fi" -> Turn off Wi-Fi | ||
| + | |||
| + | <pre><nowiki> | ||
| + | sysctl -w net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1 | ||
| + | iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MASQUERADE | ||
| + | iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 3074 -j DNAT --to-destination 192.168.0.203 | ||
| + | iptables -t nat -A PREROUTING -i ppp0 -p udp -m multiport --dports 88,3074 -j DNAT --to-destination 192.168.0.203 | ||
| + | iptables -A FORWARD -i ppp0 -d 192.168.0.203 -p tcp --dport 3074 -j ACCEPT | ||
| + | iptables -A FORWARD -i ppp0 -d 192.168.0.203 -p udp -m multiport --dports 88,3074 -j ACCEPT | ||
| + | </nowiki></pre> | ||
| + | |||
| + | ==Setup packet forwarding to tether usb0 (cable) to eth0 (Wi-Fi)== | ||
| + | Make sure your Wi-Fi is on and connected to an Access Point. | ||
| + | |||
| + | <pre><nowiki> | ||
| + | sysctl -w net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1 | ||
| + | iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE | ||
| + | iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3074 -j DNAT --to-destination 192.168.0.203 | ||
| + | iptables -t nat -A PREROUTING -i eth0 -p udp -m multiport --dports 88,3074 -j DNAT --to-destination 192.168.0.203 | ||
| + | iptables -A FORWARD -i eth0 -d 192.168.0.203 -p tcp --dport 3074 -j ACCEPT | ||
| + | iptables -A FORWARD -i eth0 -d 192.168.0.203 -p udp -m multiport --dports 88,3074 -j ACCEPT | ||
</nowiki></pre> | </nowiki></pre> | ||
==Setup your computer== | ==Setup your computer== | ||
| + | |||
| + | It may help to disconnect other network interfaces at this point on your computer (through network manager). If you used SSH to connect to your phone you need to disconnect the usb network connection (in the network manager not the cable). | ||
On Ubuntu Linux 10.04 in network manager right click the icon select "Edit Connections". Find the wired interface probably named "Auto usb" edit and uncheck "connect automatically" box. | On Ubuntu Linux 10.04 in network manager right click the icon select "Edit Connections". Find the wired interface probably named "Auto usb" edit and uncheck "connect automatically" box. | ||
| Line 42: | Line 88: | ||
Windows / Mac instructions coming soon. | Windows / Mac instructions coming soon. | ||
| + | ==Restoring your palm to it's original settings== | ||
| + | <pre> | ||
| + | sysctl -w net.ipv4.conf.default.forwarding=0 net.ipv4.conf.all.forwarding=0 | ||
| + | mount -o remount,rw / | ||
| + | echo -n "" > /etc/dnsmasq.usb.conf | ||
| + | stop dnsmasq | ||
| + | start dnsmasq | ||
| + | mount -o remount,ro / | ||
| + | </pre> | ||
| + | ===Restoring iptables (optional)=== | ||
| + | <pre> | ||
| + | iptables-restore -c /media/internal/iptables.save | ||
| + | </pre> | ||
==Trouble Shooting== | ==Trouble Shooting== | ||
| − | + | The following commands can hopefully give you and us an idea of what is going wrong. If you have difficulties please post the output of these with your phone carrier / phone model / webos version to http://forums.precentral.net/palm-pre/272021-pre-gateway-via-iptables-possible.html. For example | |
| − | <pre>< | + | Verizon / Palm Pre / webos 1.4.5. |
| + | |||
| + | <pre> | ||
| + | sysctl net.ipv4.conf.default.forwarding net.ipv4.conf.all.forwarding | ||
| + | iptables -L -n -v -t nat | ||
| + | iptables -L FORWARD | ||
| + | route | ||
| + | </pre> | ||
| + | |||
| + | ===sysctl=== | ||
| + | It is suspected that some carriers and models shut off ip_forwarding. Please report if this command reports zero. | ||
| + | <pre> | ||
| + | palm-webos-device root # sysctl net.ipv4.conf.default.forwarding net.ipv4.conf.all.forwarding | ||
| + | net.ipv4.conf.default.forwarding = 1 | ||
| + | net.ipv4.conf.all.forwarding = 1 | ||
| + | </pre> | ||
| + | Does the following change the values? | ||
| + | <pre> | ||
| + | sysctl net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1 | ||
sysctl net.ipv4.conf.default.forwarding net.ipv4.conf.all.forwarding | sysctl net.ipv4.conf.default.forwarding net.ipv4.conf.all.forwarding | ||
| − | </ | + | </pre> |
| − | + | ||
| + | === iptables === | ||
| + | There have been reports of iptables being flushed by certain carriers. Below is what it should look like. | ||
| + | <pre> | ||
| + | palm-webos-device root # iptables -L -n -v -t nat | ||
| + | Chain PREROUTING (policy ACCEPT 167 packets, 29504 bytes) | ||
| + | pkts bytes target prot opt in out source destination | ||
| + | 0 0 DNAT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3074 to:192.168.0.203 | ||
| + | 0 0 DNAT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 88,3074 to:192.168.0.203 | ||
| + | |||
| + | Chain POSTROUTING (policy ACCEPT 184 packets, 11672 bytes) | ||
| + | pkts bytes target prot opt in out source destination | ||
| + | 16 1002 MASQUERADE all -- * ppp0 192.168.0.0/24 0.0.0.0/0 | ||
| + | |||
| + | Chain OUTPUT (policy ACCEPT 184 packets, 11672 bytes) | ||
| + | pkts bytes target prot opt in out source destination | ||
| + | palm-webos-device root # iptables -L FORWARD | ||
| + | Chain FORWARD (policy ACCEPT) | ||
| + | target prot opt source destination | ||
| + | INVALID_PACKETS all -- anywhere anywhere state INVALID | ||
| + | ACCEPT tcp -- anywhere monkeybear tcp dpt:3074 | ||
| + | ACCEPT udp -- anywhere monkeybear multiport dports kerberos,3074 | ||
| + | </pre> | ||
| + | |||
| + | ===route=== | ||
| + | Sometimes there are extra routes floating around (maybe you forgot to turn off eth0 or usb0 sometimes makes an appearance). Usually deleting the route helps. Don't delete ppp0. Deleting eth0 or usb0 is safe. To fix eth0 cycle the Wi-Fi on the phone off then on. | ||
| + | <pre> | ||
| + | palm-webos-device root # route | ||
| + | Kernel IP routing table | ||
| + | Destination Gateway Genmask Flags Metric Ref Use Iface | ||
| + | 66.174.62.1 * 255.255.255.255 UH 0 0 0 ppp0 | ||
| + | 192.168.2.0 * 255.255.255.0 U 0 0 0 usb0 | ||
| + | 192.168.0.0 * 255.255.255.0 U 0 0 0 usb0 | ||
| + | default 66.174.62.1 0.0.0.0 UG 30 0 0 ppp0 | ||
| + | default 192.168.0.200 0.0.0.0 UG 40 0 0 usb0 | ||
| + | palm-webos-device root # route del default usb0 | ||
| + | </pre> | ||
| + | |||
| + | ==References== | ||
| + | |||
| + | *https://help.ubuntu.com/community/Internet/ConnectionSharing | ||
| + | |||
| + | *http://forums.precentral.net/palm-pre/272021-pre-gateway-via-iptables-possible.html | ||
| + | |||
| + | *http://www.webos-internals.org/wiki/Reverse_Tethering | ||
| + | |||
| + | *http://www.webos-internals.org/wiki/Application:FreeTether | ||
Latest revision as of 18:10, 5 January 2011
The following guide can be followed on the palm to make a NAT gateway from a usb0 (tether) to ppp0 (EVDO). It is also possible this can be adapted to use a palm pre as a usb wireless adapter, that is NAT gateway from usb0 to eth0. Since wpa_supplicant and wireless tools are included with webos it is also possible that these could be adapted to build your own wifi hotspot from built in commands.
https://help.ubuntu.com/community/Internet/ConnectionSharing
For ppp0<->usb0 tehtering this is however an academic exercise as FreeTether does a fine job
http://www.webos-internals.org/wiki/Application:FreeTether
As of yet Freetether does not provide the facility to use your WebOs device as a wireless usb controller. That is, tethering eth0<->usb0
Turn on USBnet on palm
get a root terminal and enter the commands: This requires a reboot so exit anything you're doing on your phone.
usbnet enable reboot
Make dnsmasq.palm.conf check our config file (only do once)
mount -o remount,rw / echo conf-file=/etc/dnsmasq.usb.conf >> /etc/dnsmasq.palm.conf mount -o remount,ro /
Make dhcp/dns availalbe to usb0
get root terminal and use the following to make dhcp/dns available to usb0
mount -o remount,rw / echo interface=usb0 >> /etc/dnsmasq.usb.conf echo dhcp-host=192.169.0.202 >> /etc/dnsmasq.usb.conf echo dhcp-range=192.168.0.203,192.168.0.203,15m >> /etc/dnsmasq.usb.conf stop dnsmasq start dnsmasq mount -o remount,ro /
Make Sure usb is correct address
Attach the usb cable between your computer and palm.
Run
ifconfig usb0
on your palm and make sure the IP is 192.168.0.202
ifconfig usb0 up ifconfig usb0 192.168.0.202
Technically, you don't need this address but it sure makes it easier if you are using ssh to get your root terminal as this appears to be the default usb address :/
A note on SSH root terminal
novaterm users skip this step.
You'll want to connect to the root terminal from here on out using usbnet. So open your computers connection to the usbnet.
Saving your initial iptables settings (optional)
iptables is reset every time your palm is rebooted. But if you wish to save your iptables settings to avoid a reboot here is how.
iptables-save -c > /media/internal/iptables.save
Setup packet forwarding to tether usb0 (cable) to ppp0 (EVDO)
You will need to shut off wifi on your phone (it won't work otherwise). To do this tap on the upper left hand corner where the wifi icon is. Select "Wi-Fi" -> Turn off Wi-Fi
sysctl -w net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1 iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MASQUERADE iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 3074 -j DNAT --to-destination 192.168.0.203 iptables -t nat -A PREROUTING -i ppp0 -p udp -m multiport --dports 88,3074 -j DNAT --to-destination 192.168.0.203 iptables -A FORWARD -i ppp0 -d 192.168.0.203 -p tcp --dport 3074 -j ACCEPT iptables -A FORWARD -i ppp0 -d 192.168.0.203 -p udp -m multiport --dports 88,3074 -j ACCEPT
Setup packet forwarding to tether usb0 (cable) to eth0 (Wi-Fi)
Make sure your Wi-Fi is on and connected to an Access Point.
sysctl -w net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3074 -j DNAT --to-destination 192.168.0.203 iptables -t nat -A PREROUTING -i eth0 -p udp -m multiport --dports 88,3074 -j DNAT --to-destination 192.168.0.203 iptables -A FORWARD -i eth0 -d 192.168.0.203 -p tcp --dport 3074 -j ACCEPT iptables -A FORWARD -i eth0 -d 192.168.0.203 -p udp -m multiport --dports 88,3074 -j ACCEPT
Setup your computer
It may help to disconnect other network interfaces at this point on your computer (through network manager). If you used SSH to connect to your phone you need to disconnect the usb network connection (in the network manager not the cable).
On Ubuntu Linux 10.04 in network manager right click the icon select "Edit Connections". Find the wired interface probably named "Auto usb" edit and uncheck "connect automatically" box.
Windows / Mac instructions coming soon.
Restoring your palm to it's original settings
sysctl -w net.ipv4.conf.default.forwarding=0 net.ipv4.conf.all.forwarding=0 mount -o remount,rw / echo -n "" > /etc/dnsmasq.usb.conf stop dnsmasq start dnsmasq mount -o remount,ro /
Restoring iptables (optional)
iptables-restore -c /media/internal/iptables.save
Trouble Shooting
The following commands can hopefully give you and us an idea of what is going wrong. If you have difficulties please post the output of these with your phone carrier / phone model / webos version to http://forums.precentral.net/palm-pre/272021-pre-gateway-via-iptables-possible.html. For example Verizon / Palm Pre / webos 1.4.5.
sysctl net.ipv4.conf.default.forwarding net.ipv4.conf.all.forwarding iptables -L -n -v -t nat iptables -L FORWARD route
sysctl
It is suspected that some carriers and models shut off ip_forwarding. Please report if this command reports zero.
palm-webos-device root # sysctl net.ipv4.conf.default.forwarding net.ipv4.conf.all.forwarding net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.all.forwarding = 1
Does the following change the values?
sysctl net.ipv4.conf.default.forwarding=1 net.ipv4.conf.all.forwarding=1 sysctl net.ipv4.conf.default.forwarding net.ipv4.conf.all.forwarding
iptables
There have been reports of iptables being flushed by certain carriers. Below is what it should look like.
palm-webos-device root # iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 167 packets, 29504 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3074 to:192.168.0.203
0 0 DNAT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 multiport dports 88,3074 to:192.168.0.203
Chain POSTROUTING (policy ACCEPT 184 packets, 11672 bytes)
pkts bytes target prot opt in out source destination
16 1002 MASQUERADE all -- * ppp0 192.168.0.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 184 packets, 11672 bytes)
pkts bytes target prot opt in out source destination
palm-webos-device root # iptables -L FORWARD
Chain FORWARD (policy ACCEPT)
target prot opt source destination
INVALID_PACKETS all -- anywhere anywhere state INVALID
ACCEPT tcp -- anywhere monkeybear tcp dpt:3074
ACCEPT udp -- anywhere monkeybear multiport dports kerberos,3074
route
Sometimes there are extra routes floating around (maybe you forgot to turn off eth0 or usb0 sometimes makes an appearance). Usually deleting the route helps. Don't delete ppp0. Deleting eth0 or usb0 is safe. To fix eth0 cycle the Wi-Fi on the phone off then on.
palm-webos-device root # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 66.174.62.1 * 255.255.255.255 UH 0 0 0 ppp0 192.168.2.0 * 255.255.255.0 U 0 0 0 usb0 192.168.0.0 * 255.255.255.0 U 0 0 0 usb0 default 66.174.62.1 0.0.0.0 UG 30 0 0 ppp0 default 192.168.0.200 0.0.0.0 UG 40 0 0 usb0 palm-webos-device root # route del default usb0