Let's say I have two portable nodes: CALLSIGN-2 and CALLSIGN-3
with a Raspberry Pi 3B+ (which have both eth0 and wlan0 on board).
CALLSIGN-2-Node 10.20.30.41
* callsign-2-pi 10.20.30.42 - Pi eth0 DHCP from node
callsign-2 pi - wlan0 DHCP from 192.168.1.1 hotspot
CALLSIGN-3-Node 10.30.20.41
* callsign-3-pi 10.30.20.42 - Pi eth0 DHCP from node
callsign-3-pi configured as a typical Pi access point
eth0 DHCP NAT to wlan0 static 192.168.7.1 w/DHCP server
Will the following work?
<!--break-->
callsign-2 pi - route from wlan0 hotspot to eth0 mesh node
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o wlan -j ACCEPT
sudo apt-get install iptables-persistent (respond yes for current iptables)
CALLSIGN-2-Node - Configure WAN with a static IP of the callsign-2-pi eth0 mesh address
and check Mesh Gateway to advertise a default route to CALLSIGN-3-Node?
You are here
Pi to Pi Internet Sharing
Fri, 08/17/2018 - 11:20
#1
Pi to Pi Internet Sharing
Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer
The Pi are running Raspbian Stretch. Each one's eth0 is connected to its own Ubiquiti Bullet M2 running AREDN 3.16.1.1
One Pi's wlan0 is associated with a hotspot. The other Pi's wlan0 will be configured as an access point... sorta like a home router.
I'm wondering if I set up routing between wlan0 and eth0 on the hotspot Pi if its Bullet's WAN can be configured as a mesh gateway statically using the eth0 IP the Pi got from the Bullet.
Is that even more confusing?
"wouldn't it need OLSR on the Pi's???"
I don't know
The hotspot Pi should have a route of 10.0.0.0/8 to its Bullet's LAN address on eth0
and a default route of 0.0.0.0/0 to the 192.168.1.1 hotspot gateway address on wlan0.
The AP Pi should have a route of 10.0.0.0/8 to its Bullet's LAN address on eth0
and a route of 192.168.7.0/24 to the 192.168.7.1 gateway address on its wlan0.
As an AP, they're routed with NAT. The AP Pi should initially have no default route.
So if I
1) route between the hotspot Pi interfaces with NAT,
2) enter the mesh IP of the hotspot Pi as the WAN IP on the hotspot Bullet,
3) and check the Mesh Gateway box on the hotspot Bullet
will the AP Bullet get the mesh IP of the hotspot Pi as the default route
and pass it on to the AP Pi which will then have a default route?
Callsign-2 Pi: Yes, you're on the right track with the iptable rules, but it's generally in the opposite direction. The Pi knows how to route, that is to say it already has routing tables to send the 10.x.x.x traffic to the bullet LAN and send traffic to 192.168.1.x out the wlan0. The intended or primary traffic flow is a wifi client with a 192.168.1.x address looking to communicate out to the mesh. So the rules would be incoming on wlan0 and then a masquerade going out eth0. This means when the packet goes to the Bullet it has a 'source' address of the Pi's eth0, a 10.x.x.x address. That way a reply can get back to it. The connection tracking back, knows to translate back to the right 192.168.1.x address. Work on getting that primary use case working, and show the iptable rules to see the hit counters so you have an idea of what is happening to debug. The secondary cases are specific port forwarded services of a client on the mesh trying to access a particular service on a 192.168.1.x host.
Another approach altogether is the RasPi is configured in a bridge mode. This means the wifi clients are assigned an IP address from the Bullet. The rules just forward packets in one interface and out the other as-is, in both directions.
Callsign-3 Pi: For this situation, it would be cleaner to figure out how to do a bridge mode. The eth0 needs to be connected to the respective bullet's WAN (need a vlan switch to have a WAN port). This is commonly done with a ~$20 Ubiquiti AirGateway in bridge mode. The Bullet then gets an IP address on its WAN port from the hotspot. Alternatively, it could be a double NAT, the Pi and your home router. The Bullet WAN gets an IP address from the Pi eth0, the Pi wlan0 gets an IP address from the hotspot. The iptable rules would be similar to the Callsign-2 Pi masquerade setup, but in the opposite direction.
Joe AE6XE
We do have yet another (120VAC) portable that's simply an ARHP with an AirGateway bridge providing Part 15 WiFi access to the mesh.
The two above are 12VDC setups with phone, camera, and a USB GPS on the Pi.
Mark
Thanks