You are not logged in.
My goal is to give my pi3 internet via wifi from the laptop it is connected to via ethernet cable. I have a so-so understanding of how networks work so I'm not sure if all I will need it iptables for this project. I'm using an rpi3 (using raspbian) set to a static-ip of 192.168.1.124 on boot, to ssh into it I set my laptop's static ip to 192.168.1.123 via
sudo ifconfig enp0s25 up 192.168.1.123
then log into the rpi3 with
putty -load rpi3
Arch ifconfig
http://sprunge.us/BPFF
Now I'm not so sure about what to do next, could use a little help!
Offline
Welcome to the Arch Linux forums!
Have you read https://wiki.archlinux.org/index.php/Internet_sharing?
It essentially boils down to:
Enabling IP packet forwarding (sysctl, or manually in /proc/sys)
Setting up IP packet masquerading (with iptables or nftables)
Running a DHCP server (dnsmasq, ...) (you set your Pi's IP address manually, so there is no need for that)
Slightly offtopic questions: why use ifconfig instead of ip, and why use putty instead of simply ssh?
Last edited by ayekat (2016-09-21 12:34:46)
Offline
Welcome to the Arch Linux forums!
Have you read https://wiki.archlinux.org/index.php/Internet_sharing?
It essentially boils down to:
Enabling IP packet forwarding (sysctl, or manually in /proc/sys)
Setting up IP packet masquerading (with iptables or nftables)
Running a DHCP server (dnsmasq, ...)(you set your Pi's IP address manually, so there is no need for that)Slightly offtopic questions: why use ifconfig instead of ip, and why use putty instead of simply ssh?
Yes, I have read that link and I wasn't sure if the enp0s25 device (or is this an interface?) needed to be bridged with the wlp3s0 device for the rpi3 to receive internet. Also I would rather use DHCP server instead of a static IP so I could run this on brand new rpi3s by just enabling SSH on them. If I run
https://wiki.archlinux.org/index.php/dnsmasq
how would I be able to view the ip assigned to an rpi3 that is directly tethered to my laptop? Does the dhcpcd server have a base subnet of 192 and could it still detect a rpi3 that had a static of 10.X
Offline
I wasn't sure if the enp0s25 device (or is this an interface?) needed to be bridged with the wlp3s0 device for the rpi3 to receive internet.
No, I'd suggest keeping the two networks separate rather than bridging.
If I run dnsmasq how would I be able to view the ip assigned to an rpi3 that is directly tethered to my laptop?
If you run dnsmasq as described in https://wiki.archlinux.org/index.php/Dn … rver_setup (and you set e.g. dhcp-range=172.16.0.1,172.16.0.2), you will need to assign an IP address to enp0s25 in that range (otherwise, dnsmasq will not react on DHCP requests).
/var/lib/misc/dnsmasq.leases should then usually contain all address leases that have currently been handed out to clients. You can also check the journal (dnsmasq usually prints useful info whenever a new client gets an address lease). If you know the Pi's network card's MAC address, you can also configure a static lease with something like dhcp-host=01:23:45:67:89:AB,172.16.0.2 to always assign 172.16.0.2 to your Pi.
Once your Pi gets an IP address, you need to configure your firewall to masquerade outgoing packets coming from your Pi, so that you don't send out packets with bogus source addresses to the outside world.
Offline
Stencon281 wrote:I wasn't sure if the enp0s25 device (or is this an interface?) needed to be bridged with the wlp3s0 device for the rpi3 to receive internet.
No, I'd suggest keeping the two networks separate rather than bridging.
If I run dnsmasq how would I be able to view the ip assigned to an rpi3 that is directly tethered to my laptop?
If you run dnsmasq as described in https://wiki.archlinux.org/index.php/Dn … rver_setup (and you set e.g. dhcp-range=172.16.0.1,172.16.0.2), you will need to assign an IP address to enp0s25 in that range (otherwise, dnsmasq will not react on DHCP requests).
/var/lib/misc/dnsmasq.leases should then usually contain all address leases that have currently been handed out to clients. You can also check the journal (dnsmasq usually prints useful info whenever a new client gets an address lease). If you know the Pi's network card's MAC address, you can also configure a static lease with something like dhcp-host=01:23:45:67:89:AB,172.16.0.2 to always assign 172.16.0.2 to your Pi.
Once your Pi gets an IP address, you need to configure your firewall to masquerade outgoing packets coming from your Pi, so that you don't send out packets with bogus source addresses to the outside world.
Would bridging enp0s25 and wlp3s0 make my laptop unable to use internet by chance?
Offline
Stencon281 wrote:I wasn't sure if the enp0s25 device (or is this an interface?) needed to be bridged with the wlp3s0 device for the rpi3 to receive internet.
No, I'd suggest keeping the two networks separate rather than bridging.
If I run dnsmasq how would I be able to view the ip assigned to an rpi3 that is directly tethered to my laptop?
If you run dnsmasq as described in https://wiki.archlinux.org/index.php/Dn … rver_setup (and you set e.g. dhcp-range=172.16.0.1,172.16.0.2), you will need to assign an IP address to enp0s25 in that range (otherwise, dnsmasq will not react on DHCP requests).
/var/lib/misc/dnsmasq.leases should then usually contain all address leases that have currently been handed out to clients. You can also check the journal (dnsmasq usually prints useful info whenever a new client gets an address lease). If you know the Pi's network card's MAC address, you can also configure a static lease with something like dhcp-host=01:23:45:67:89:AB,172.16.0.2 to always assign 172.16.0.2 to your Pi.
Once your Pi gets an IP address, you need to configure your firewall to masquerade outgoing packets coming from your Pi, so that you don't send out packets with bogus source addresses to the outside world.
Thanks got it to work
Offline
Whatever you do, do not have dhcpcd and dnsmasq running at the same time! I mistakenly did this and face palmed pretty hard when I realized I couldn't connect to my pi because of a conflict between dhcpcd and dnsmasq.
Offline
I don't see an issue running dhcpcd on the Internet-facing network interface card (here wlp3s0).
And even running dhcpcd on the NIC facing the Pi (enp0s25) shouldn't cause any trouble - you will simply not get an IP address on that interface.
Last edited by ayekat (2016-10-07 18:11:36)
Offline
I don't see an issue running dhcpcd on the Internet-facing network interface card (here wlp3s0).
And even running dhcpcd on the NIC facing the Pi (enp0s25) shouldn't cause any trouble - you will simply not get an IP address on that interface.
I think this is probably very wrong, but it does work. Please let me know of a better way to do this.
Here's what I run to share internet to my pi3.
Here are the outputs of what was running after I ran the alias above and was able to ssh into the pi3.
Also, I think I found why I was unable to connect to my pi3 earlier when I had dhcpcd running on boot then running my pi3 script. Earlier, there were only ipv6 addresses being assigned but no ipv4s... at the very bottom of the /etc/dhcpcd.conf there's
slaac private
noipv4ll
Last edited by Stencon281 (2016-10-08 02:07:32)
Offline
alias netshare=' sudo ifconfig enp0s25 up 192.168.1.123 sudo sysctl net.ipv4.conf.enp0s25.forwarding=1; sudo sysctl net.ipv4.conf.wlp3s0.forwarding=1; sudo iptables -t nat -A POSTROUTING -o wlp3s0 -j MASQUERADE; sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; sudo iptables -A FORWARD -i enp0s25 -o wlp3s0 -j ACCEPT sudo dnsmasq -C ~/zsh_files/network/dnsmasq.conf'
Depending on what's in ~/zsh_files/network/dnsmasq.conf, this looks fine to me (the rules for the FORWARD chain in iptables are only necessary if you drop/block packets by default).
Concerning the "style", I'd rather create a function than an alias (and also write a function that tears down the setup after use, to keep it "clean").
Also, ifconfig has been deprecated on Linux; your command would be
ip addr add 192.168.1.123/24 dev enp0s25
(note that I assume a network mask of /24 - YMMV)
Offline
Stencon281 wrote:alias netshare=' sudo ifconfig enp0s25 up 192.168.1.123 sudo sysctl net.ipv4.conf.enp0s25.forwarding=1; sudo sysctl net.ipv4.conf.wlp3s0.forwarding=1; sudo iptables -t nat -A POSTROUTING -o wlp3s0 -j MASQUERADE; sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; sudo iptables -A FORWARD -i enp0s25 -o wlp3s0 -j ACCEPT sudo dnsmasq -C ~/zsh_files/network/dnsmasq.conf'
Depending on what's in ~/zsh_files/network/dnsmasq.conf, this looks fine to me (the rules for the FORWARD chain in iptables are only necessary if you drop/block packets by default).
Concerning the "style", I'd rather create a function than an alias (and also write a function that tears down the setup after use, to keep it "clean").
Also, ifconfig has been deprecated on Linux; your command would beip addr add 192.168.1.123/24 dev enp0s25
(note that I assume a network mask of /24 - YMMV)
Do you recommend the function be in a seperate file or is it ok to have a bunch of functions defined in the same zsh file?
Last edited by Stencon281 (2016-10-08 02:07:08)
Offline
I don't know if you have noticed, but whenever you post a link, for some reason a rogue / slips in at the beginning, rendering your URLs unusable.
Also, you don't need to full-quote every post
[...] in the same zsh file?
I don't know what you mean with that - is that "zsh file" your zshrc? Or is it a separate, executable script?
In any case I would put the two functions together, otherwise it might become a little cumbersome to maintain.
I would personally do something like this:
#!/bin/sh
if [ "$(id -u)" != '0' ]; then
# error message that tells the user to run this script as root
exit 2
fi
case "$1" in
enable)
# code that sets up network sharing
;;
disable)
# code that tears down network sharing
;;
*)
# some error message that tells the user what arguments are accepted
exit 1
esac
Then place it somewhere where you keep your personal scripts (e.g. as ~/.local/bin/netshare, or ~/.scripts/netshare - just whatever is in your $PATH), and you can use it like
$ sudo netshare enable
and
$ sudo netshare disable
Offline
If you want a starting point for ayekat's approach, take a look at my related notes and scripts.
My Arch Linux Stuff • Forum Etiquette • Community Ethos - Arch is not for everyone
Offline
I don't know if you have noticed, but whenever you post a link, for some reason a rogue / slips in at the beginning, rendering your URLs unusable.
Also, you don't need to full-quote every post
Thanks for pointing that out, I found the problem and edited the posts where I had links.
Also, here's what my folder containing all my aliases / scripts look like. This should clarify what I meant earlier. I will be following the bash outline you mentioned above as well. Thanks!
http://i.imgur.com/vEFbO8p.png
modedit by Xyne: Please read our forum etiquette concerning images.
Last edited by Xyne (2016-10-08 13:42:46)
Offline
Sorry about that.
Offline