hostapd и nftables

Question

hostapd и nftables

Я успешно установил hostapd и dnsmasq на свой рабочий стол Ubuntu с картой Wi-Fi PCI. Клиенты Wifi могут без проблем подключаться и получать IP-адреса, но трафик в интернет не работает. Я использую nftables со следующими правилами для FORWARD:

исходящий трафик:

iif $WIFI_IFACE oif $WAN_IFACE ct state new,related,established counter accept

входящий трафик:

iif $WAN_IFACE oif $WIFI_IFACE ct state related,established counter accept

Маскарадное правило:

iif $WIFI_IFACE oif $WAN_IFACE counter masquerade

Дело в том, что у меня есть трафик с Wi-Fi на WAN сети:

iif "wlp3s2" oif "eth0" ct state established,related,new counter packets 414 bytes 34776 accept

но ничего от WAN до Wi-Fi:

iif "eth0" oif "wlp3s2" ct state established,related counter packets 0 bytes 0 accept

и не соответствует моему правилу nat:

iif "wlp3s2" oif "eth0" counter packets 0 bytes 0 masquerade

Вперед активируется в /etc/sysctl.conf и /proc/sys/net/ipv4/ip_forward

$ lspci
00:00.0 Host bridge: Intel Corporation 4th Gen Core Processor DRAM Controller (rev 06)
00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics Controller (rev 06)
00:03.0 Audio device: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor HD Audio Controller (rev 06)
00:14.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB xHCI (rev 04)
00:16.0 Communication controller: Intel Corporation 8 Series/C220 Series Chipset Family MEI Controller #1 (rev 04)
00:19.0 Ethernet controller: Intel Corporation Ethernet Connection I217-LM (rev 04)
00:1a.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 8 Series/C220 Series Chipset High Definition Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #1 (rev d4)
00:1c.1 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #2 (rev d4)
00:1d.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation Q87 Express LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 8 Series/C220 Series Chipset Family 6-port SATA Controller 1 [AHCI mode] (rev 04)
00:1f.3 SMBus: Intel Corporation 8 Series/C220 Series Chipset Family SMBus Controller (rev 04)
02:00.0 PCI bridge: Texas Instruments XIO2001 PCI Express-to-PCI Bridge
03:02.0 Ethernet controller: Qualcomm Atheros AR5212/5213/2414 Wireless Network Adapter (rev 01)

$ ip link list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 18:66:da:02:f5:c9 brd ff:ff:ff:ff:ff:ff
3: wlp3s2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:09:5b:94:5c:68 brd ff:ff:ff:ff:ff:ff

0

wireless nat nftables

Источник

FatRabbit 31 июл '18 в 08:44

0 ответов

Другие вопросы по тегам wireless nat nftables