You are not logged in.

Pages: 1

#1 2015-09-13 12:48:33

Tomtix
Member
Registered: 2015-03-03
Posts: 5

[SOLVED] LAN router not sending responses to clients.

Basically I'm trying to share my connection with a second computer (client)


(https://wiki.archlinux.org/index.php/Internet_sharing)

When I dump (with tcpdump -n) both the Interface to Internet (wlp5s0) and the one connected to the 'client' (enp3s0) (on the 'SERVER' machine), I can see that the forwarding is done and masquerading works as well:

DNS / ping request from client are retransmitted with the wlp5s0 interface's IP address
I can see response from the internet to these requests, BUT the computer acting as SERVER is not sending back any response
to the client machine on the enp3s0 interface.


I've already had this setup working before and I don't understand what is different from back then
Here's the configuration.

SERVER:

# ifconfig 
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.2  netmask 255.0.0.0  broadcast 10.255.255.255
        inet6 fe80::468a:5bff:fe45:dc4e  prefixlen 64  scopeid 0x20<link>
        ether 44:8a:5b:45:dc:4e  txqueuelen 1000  (Ethernet)
        RX packets 9771  bytes 858962 (838.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 17799  bytes 26623516 (25.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 2575  bytes 51290815 (48.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2575  bytes 51290815 (48.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.206.253  netmask 255.255.255.0  broadcast 172.16.206.255
        inet6 fe80::1a67:b0ff:fe8e:1658  prefixlen 64  scopeid 0x20<link>
        ether 18:67:b0:8e:16:58  txqueuelen 1000  (Ethernet)
        RX packets 690558  bytes 1004898795 (958.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 123557  bytes 12349505 (11.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.16.206.254  0.0.0.0         UG    303    0        0 wlp5s0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 enp3s0
172.16.206.0    0.0.0.0         255.255.255.0   U     303    0        0 wlp5s0
# iptables-save 
# Generated by iptables-save v1.4.21 on Sun Sep 13 14:37:02 2015
*filter
:INPUT ACCEPT [14726:11270325]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [14347:1708981]
-A FORWARD -i enp3s0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sun Sep 13 14:37:02 2015
# Generated by iptables-save v1.4.21 on Sun Sep 13 14:37:02 2015
*nat
:PREROUTING ACCEPT [174:12362]
:INPUT ACCEPT [5:836]
:OUTPUT ACCEPT [971:71094]
:POSTROUTING ACCEPT [971:71094]
-A POSTROUTING -s 10.0.0.0/8 -o wlp5s0 -j MASQUERADE
COMMIT
# Completed on Sun Sep 13 14:37:02 2015
# sysctl -a | egrep -e ipv4.*forward
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.enp3s0.forwarding = 1
net.ipv4.conf.enp3s0.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.wlp5s0.forwarding = 1
net.ipv4.conf.wlp5s0.mc_forwarding = 0
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
sysctl: lecture de la clé « net.ipv6.conf.all.stable_secret »
sysctl: lecture de la clé « net.ipv6.conf.default.stable_secret »
sysctl: lecture de la clé « net.ipv6.conf.enp3s0.stable_secret »
sysctl: lecture de la clé « net.ipv6.conf.lo.stable_secret »
sysctl: lecture de la clé « net.ipv6.conf.wlp5s0.stable_secret »

and CLIENT:


Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.2        0.0.0.0         UG    0      0        0 enp3s0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 enp3s0
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.1  netmask 255.0.0.0  broadcast 10.255.255.255
        inet6 fe80::1a67:b0ff:fe44:b992  prefixlen 64  scopeid 0x20<link>
        ether 18:67:b0:44:b9:92  txqueuelen 1000  (Ethernet)
        RX packets 17791  bytes 26622868 (25.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9799  bytes 862413 (842.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
#iptables-save

(blank : the firewall is default configuration: no rules, all policy ACCEPT)


Is there something that I didn't get there?



EDIT: SOLUTION:
I eventually realized that the network I was in, (and more specifically the router) was delivering every IP packet after setting its TTL to 1,
(I think the purpose is to prevent people from sharing easily the connection when they have few knowledge about IP networks)
when the time has come for my kernel to route the packet, it decremented the TTL, and drop the packet as the TTL reached 0 and the destination was not the local machine (IP routing specification).

I solved it by increasing the TTL before routing:

# iptables -t mangle -A PREROUTING -j TTL  --ttl-inc 1

Last edited by Tomtix (2016-01-15 20:16:33)

Offline

Pages: 1

Board footer

Powered by FluxBB