1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Hello. This is the the first time I'm dealing with wifi and the second |
5 |
time with NAT. |
6 |
I have a server (access point) with a ppp0 interface (internet), eth0, |
7 |
wlan0, tun0 and sit0. A dhcp server is listening on wlan0 and provides |
8 |
local ip addresses, dns (= my isp dns) and router (= server wlan0 ip |
9 |
address). Nat is configured on the server like this: |
10 |
# Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014 |
11 |
*raw |
12 |
:PREROUTING ACCEPT [1000941:974106726] |
13 |
:OUTPUT ACCEPT [775261:165606146] |
14 |
COMMIT |
15 |
# Completed on Fri Jan 10 21:34:26 2014 |
16 |
# Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014 |
17 |
*nat |
18 |
:PREROUTING ACCEPT [888:45008] |
19 |
:INPUT ACCEPT [63:9590] |
20 |
:OUTPUT ACCEPT [442:27137] |
21 |
:POSTROUTING ACCEPT [36:1728] |
22 |
- -A POSTROUTING -o ppp0 -j MASQUERADE |
23 |
COMMIT |
24 |
# Completed on Fri Jan 10 21:34:26 2014 |
25 |
# Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014 |
26 |
*mangle |
27 |
:PREROUTING ACCEPT [1000941:974106726] |
28 |
:INPUT ACCEPT [951658:947497602] |
29 |
:FORWARD ACCEPT [39262:26279024] |
30 |
:OUTPUT ACCEPT [775261:165606146] |
31 |
:POSTROUTING ACCEPT [814621:191890787] |
32 |
COMMIT |
33 |
# Completed on Fri Jan 10 21:34:26 2014 |
34 |
# Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014 |
35 |
*filter |
36 |
:INPUT ACCEPT [371:35432] |
37 |
:FORWARD ACCEPT [0:0] |
38 |
:OUTPUT ACCEPT [33994:3725352] |
39 |
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
40 |
- -A FORWARD -i wlan0 -o ppp0 -j ACCEPT |
41 |
- -A FORWARD -i ppp0 -o wlan0 -j ACCEPT |
42 |
- -A FORWARD -i eth0 -j DROP |
43 |
- -A FORWARD -i tun0 -j DROP |
44 |
COMMIT |
45 |
# Completed on Fri Jan 10 21:34:26 2014 |
46 |
I have a client that connects to my wifi, obtains an address via dhcp |
47 |
and ... can't acces almost all of internet sites. |
48 |
I was able to ping any web service I could think of, but I was able to |
49 |
use only google/youtube. I can do text/ image serches on google and |
50 |
can open youtube(but videos aren't loading). On other services wget |
51 |
says connection established, but it can't retrieve anything. if I ssh |
52 |
to an external server (not my nat server) I can ls, but if I try to ls |
53 |
- -alh I receive only a half of the files list and the terminal hangs |
54 |
after that. |
55 |
If I do $python -m http.server on my server I can do file transfers |
56 |
and open html pages on my client. I have tried this |
57 |
https://wiki.archlinux.org/index.php/Software_Access_Point#WLAN_is_very_slow |
58 |
Also I have tried to insert LOG target in FORWARD of filter. |
59 |
It showed that I send way more pakets(>10) to a http server than I |
60 |
receive(~2-4). |
61 |
The client is fine and behaves normally with wifi, used it many times. |
62 |
Thanks for your time. |
63 |
-----BEGIN PGP SIGNATURE----- |
64 |
Version: GnuPG v2.0.22 (GNU/Linux) |
65 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
66 |
|
67 |
iQEcBAEBAgAGBQJS0DQTAAoJEK64IL1uI2hafvwIAIDd3LM3iKTUKNSacou2NhTR |
68 |
W9CTSS+1fVgQKww+Biseo4jj9Hiek/vo9t7Kxv2YrCw8DwCxW8j+sRUHK6//SY9O |
69 |
z2abLUUxXq1q9POIy19CYXP3LVFpRSJpPtvAMADgx0roZCQWodwiVUWBZ2BI+lEF |
70 |
2/T34JEqPna6NZsrtdufRWLII/zSbu9EuM5/atQe5HenI5Vkhz0rBXrLXEuRO4Gx |
71 |
1bNvOmuupD5NMEVTCiwnCpGwikbZIkWswFaD89vRLBFnZwPJeE6ArwJvCMBxHhlw |
72 |
OgpxpMPi1oBKNHmVnLiR5d1efkhksQhL9OcEWi0Jiw6cm2u3eLVt3CxtU4OjnQc= |
73 |
=86dE |
74 |
-----END PGP SIGNATURE----- |