Проблема с доступом к программной точке доступа

bsm	# 8 лет, 5 месяцев назад
Темы: 47 Сообщения: 184 Участник с: 18 января 2012	Здравствуйте. Пытаюсь использовать в качестве программной точки доступа Wi-Fi адаптор TP-Link TL-WN851ND. Что сделано: создан hostapd.conf- `interface=wlp2s5 driver=nl80211 ssid=bsm_TestHostapd hw_mode=g channel=7 macaddr_acl=0 auth_algs=1 max_num_sta=5 wpa=3 wpa_passphrase=OpenOnePaly4 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP CCMP rsn_pairwise=CCMP ignore_broadcast_ssid=0 logger_syslog=-1 logger_syslog_level=3 logger_stdout=-1 logger_stdout_level=2` создан dhcpd.conf- `ddns-update-style none; option domain-name bsm_TestHostapd; option domain-name-servers 192.168.0.6 ; subnet 192.168.249.0 netmask 255.255.255.240 { option routers 192.168.249.1; range 192.168.249.2 192.168.249.14; option broadcast-address 192.168.249.15; default-lease-time 600; max-lease-time 7200; log-facility local7; }` После инициализации программной точки доступа имею: iw.. Interface wlp2s5 ifindex 4 wdev 0x1 addr 10:fe:ed:5e:92:80 ssid bsm_TestHostapd type AP wiphy 0 channel 7 (2442 MHz), width: 20 MHz (no HT), center1: 2442 MHz ifconfig.. wlp2s5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.249.1 netmask 255.255.255.0 broadcast 192.168.249.255 inet6 fe80::12fe:edff:fe5e:9280 prefixlen 64 scopeid 0x20<link> ether 10:fe:ed:5e:92:80 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7 bytes 704 (704.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 iwconfig.. wlp2s5 IEEE 802.11bgn Mode:Master Tx-Power=19 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:off route.. Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default vavan-archlinux 0.0.0.0 UG 0 0 0 enp2s4 192.168.0.0 * 255.255.255.0 U 0 0 0 enp2s4 192.168.0.0 * 255.255.255.0 U 203 0 0 enp2s7 Правила firewall для точки доступа: `iptables -t nat -A POSTROUTING -o wlp2s5 -j SNAT --to-source 192.168.249.1 iptables -A INPUT -i wlp2s5 -s 192.168.249.0/28 -j ACCEPT iptables -A FORWARD -i wlp2s5 -s 192.168.249.0/28 -o enp2s4 -j ACCEPT iptables -A FORWARD -i enp2s4 -o wlp2s5 -d 192.168.249.0/28 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -o wlp2s5 -d 192.168.249.0/28 -j ACCEPT echo 1 >/proc/sys/net/ipv4/conf/all/forwarding route add -net 192.168.249.0 netmask 255.255.255.240 dev wlp2s5` "Поднятимаю" firewall, С планшета соединяюсь с точкой доступа, при этом планшет получает адрес 192.168.249.2, и проверяю доступ наружу: [[email protected] adapter]# ping -c 3 lib.ru PING lib.ru (81.176.66.163) 56(84) bytes of data. 64 bytes from lib.ru (81.176.66.163): icmp_seq=1 ttl=54 time=55.4 ms 64 bytes from lib.ru (81.176.66.163): icmp_seq=2 ttl=54 time=74.5 ms 64 bytes from lib.ru (81.176.66.163): icmp_seq=3 ttl=54 time=90.1 ms --- lib.ru ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 55.438/73.387/90.125/14.186 ms [[email protected] adapter]# ping -c 3 lib.ru -I wlp2s5 PING lib.ru (81.176.66.163) from 192.168.249.1 wlp2s5: 56(84) bytes of data. From old-server (192.168.249.1) icmp_seq=1 Destination Host Unreachable From old-server (192.168.249.1) icmp_seq=2 Destination Host Unreachable From old-server (192.168.249.1) icmp_seq=3 Destination Host Unreachable --- lib.ru ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2008ms pipe 3 [[email protected] adapter]# ping -c 3 192.168.249.1 -I wlp2s5 PING 192.168.249.1 (192.168.249.1) from 192.168.249.1 wlp2s5: 56(84) bytes of data. 64 bytes from 192.168.249.1: icmp_seq=1 ttl=64 time=0.150 ms 64 bytes from 192.168.249.1: icmp_seq=2 ttl=64 time=0.128 ms 64 bytes from 192.168.249.1: icmp_seq=3 ttl=64 time=0.120 ms --- 192.168.249.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.120/0.132/0.150/0.018 ms [[email protected] adapter]# ping -c 3 192.168.249.2 -I wlp2s5 PING 192.168.249.2 (192.168.249.2) from 192.168.249.1 wlp2s5: 56(84) bytes of data. 64 bytes from 192.168.249.2: icmp_seq=1 ttl=64 time=75.5 ms 64 bytes from 192.168.249.2: icmp_seq=2 ttl=64 time=97.6 ms 64 bytes from 192.168.249.2: icmp_seq=3 ttl=64 time=16.6 ms --- 192.168.249.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 16.644/63.278/97.656/34.191 ms ping с планшета на точку доступа выполняется. Состояние firewall для точки доступа- route.. Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default vavan-archlinux 0.0.0.0 UG 0 0 0 enp2s4 192.168.0.0 * 255.255.255.0 U 0 0 0 enp2s4 192.168.0.0 * 255.255.255.0 U 203 0 0 enp2s7 192.168.249.0 * 255.255.255.240 U 0 0 0 wlp2s5 Table filter.. Chain INPUT (policy ACCEPT 2664 packets, 296K bytes) pkts bytes target prot opt in out source destination 10 1616 ACCEPT all -- wlp2s5 * 192.168.249.0/28 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 100 6112 ACCEPT all -- wlp2s5 enp2s4 192.168.249.0/28 0.0.0.0/0 0 0 ACCEPT all -- enp2s4 wlp2s5 0.0.0.0/0 192.168.249.0/28 state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT 56 packets, 4220 bytes) pkts bytes target prot opt in out source destination 9 1208 ACCEPT all -- * wlp2s5 0.0.0.0/0 192.168.249.0/28 Table nat.. .. Chain POSTROUTING (policy ACCEPT 89 packets, 5892 bytes) pkts bytes target prot opt in out source destination 3 216 SNAT all -- * wlp2s5 0.0.0.0/0 0.0.0.0/0 to:192.168.249.1 Но отсутствует выход в Интернет. Какие будут рекомендации?

# 8 лет, 5 месяцев назад

Сообщения: 184

Участник с: 18 января 2012

Здравствуйте. Пытаюсь использовать в качестве программной точки доступа Wi-Fi адаптор TP-Link TL-WN851ND. Что сделано: создан hostapd.conf-


interface=wlp2s5
driver=nl80211
ssid=bsm_TestHostapd
hw_mode=g
channel=7
macaddr_acl=0
auth_algs=1
max_num_sta=5
wpa=3
wpa_passphrase=OpenOnePaly4
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP
ignore_broadcast_ssid=0
logger_syslog=-1
logger_syslog_level=3
logger_stdout=-1
logger_stdout_level=2

создан dhcpd.conf-


ddns-update-style none;
option domain-name bsm_TestHostapd;
option domain-name-servers 192.168.0.6 ;

subnet 192.168.249.0 netmask 255.255.255.240 {
    option routers 192.168.249.1;
    range 192.168.249.2 192.168.249.14;
    option broadcast-address 192.168.249.15;

    default-lease-time 600;
    max-lease-time 7200;
    log-facility local7;
}

После инициализации программной точки доступа имею:


iw..
Interface wlp2s5
	ifindex 4
	wdev 0x1
	addr 10:fe:ed:5e:92:80
	ssid bsm_TestHostapd
	type AP
	wiphy 0
	channel 7 (2442 MHz), width: 20 MHz (no HT), center1: 2442 MHz

ifconfig..
wlp2s5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.249.1  netmask 255.255.255.0  broadcast 192.168.249.255
        inet6 fe80::12fe:edff:fe5e:9280  prefixlen 64  scopeid 0x20<link>
        ether 10:fe:ed:5e:92:80  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7  bytes 704 (704.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

iwconfig..
wlp2s5    IEEE 802.11bgn  Mode:Master  Tx-Power=19 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

route..
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         vavan-archlinux 0.0.0.0         UG    0      0        0 enp2s4
192.168.0.0     *               255.255.255.0   U     0      0        0 enp2s4
192.168.0.0     *               255.255.255.0   U     203    0        0 enp2s7

Правила firewall для точки доступа:


iptables -t nat -A POSTROUTING -o wlp2s5 -j SNAT --to-source 192.168.249.1

iptables -A INPUT -i wlp2s5 -s 192.168.249.0/28 -j ACCEPT
iptables -A FORWARD -i wlp2s5 -s 192.168.249.0/28 -o enp2s4 -j ACCEPT
iptables -A FORWARD -i enp2s4 -o wlp2s5 -d 192.168.249.0/28 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o wlp2s5 -d 192.168.249.0/28 -j ACCEPT

echo 1 >/proc/sys/net/ipv4/conf/all/forwarding

route add -net 192.168.249.0 netmask 255.255.255.240 dev wlp2s5

"Поднятимаю" firewall, С планшета соединяюсь с точкой доступа, при этом планшет получает адрес 192.168.249.2, и проверяю доступ наружу:


[[email protected] adapter]# ping -c 3 lib.ru
PING lib.ru (81.176.66.163) 56(84) bytes of data.
64 bytes from lib.ru (81.176.66.163): icmp_seq=1 ttl=54 time=55.4 ms
64 bytes from lib.ru (81.176.66.163): icmp_seq=2 ttl=54 time=74.5 ms
64 bytes from lib.ru (81.176.66.163): icmp_seq=3 ttl=54 time=90.1 ms

--- lib.ru ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 55.438/73.387/90.125/14.186 ms

[[email protected] adapter]# ping -c 3 lib.ru -I wlp2s5
PING lib.ru (81.176.66.163) from 192.168.249.1 wlp2s5: 56(84) bytes of data.
From old-server (192.168.249.1) icmp_seq=1 Destination Host Unreachable
From old-server (192.168.249.1) icmp_seq=2 Destination Host Unreachable
From old-server (192.168.249.1) icmp_seq=3 Destination Host Unreachable

--- lib.ru ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2008ms
pipe 3

[[email protected] adapter]# ping -c 3 192.168.249.1 -I wlp2s5
PING 192.168.249.1 (192.168.249.1) from 192.168.249.1 wlp2s5: 56(84) bytes of data.
64 bytes from 192.168.249.1: icmp_seq=1 ttl=64 time=0.150 ms
64 bytes from 192.168.249.1: icmp_seq=2 ttl=64 time=0.128 ms
64 bytes from 192.168.249.1: icmp_seq=3 ttl=64 time=0.120 ms

--- 192.168.249.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.120/0.132/0.150/0.018 ms

[[email protected] adapter]# ping -c 3 192.168.249.2 -I wlp2s5
PING 192.168.249.2 (192.168.249.2) from 192.168.249.1 wlp2s5: 56(84) bytes of data.
64 bytes from 192.168.249.2: icmp_seq=1 ttl=64 time=75.5 ms
64 bytes from 192.168.249.2: icmp_seq=2 ttl=64 time=97.6 ms
64 bytes from 192.168.249.2: icmp_seq=3 ttl=64 time=16.6 ms

--- 192.168.249.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 16.644/63.278/97.656/34.191 ms

ping с планшета на точку доступа выполняется. Состояние firewall для точки доступа-


route..
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         vavan-archlinux 0.0.0.0         UG    0      0        0 enp2s4
192.168.0.0     *               255.255.255.0   U     0      0        0 enp2s4
192.168.0.0     *               255.255.255.0   U     203    0        0 enp2s7
192.168.249.0   *               255.255.255.240 U     0      0        0 wlp2s5

Table filter..
Chain INPUT (policy ACCEPT 2664 packets, 296K bytes)
 pkts bytes target     prot opt in     out     source               destination
   10  1616 ACCEPT     all  --  wlp2s5 *       192.168.249.0/28     0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  100  6112 ACCEPT     all  --  wlp2s5 enp2s4  192.168.249.0/28     0.0.0.0/0
    0     0 ACCEPT     all  --  enp2s4 wlp2s5  0.0.0.0/0            192.168.249.0/28     state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT 56 packets, 4220 bytes)
 pkts bytes target     prot opt in     out     source               destination
    9  1208 ACCEPT     all  --  *      wlp2s5  0.0.0.0/0            192.168.249.0/28

Table nat..
..
Chain POSTROUTING (policy ACCEPT 89 packets, 5892 bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   216 SNAT       all  --  *      wlp2s5  0.0.0.0/0            0.0.0.0/0            to:192.168.249.1

Но отсутствует выход в Интернет. Какие будут рекомендации?

domov0y	# 8 лет, 5 месяцев назад
Темы: 5 Сообщения: 819 Участник с: 09 июля 2011	покажите результат iptables -S (от рута естественно). а то есть у меня нескромное подозрение что для цепочки FORWARD стоит reject. проверки ради попробуйте очистить цепочку forward и поставить политику "разрешить" узрел что разрешено все. маскарадинг попробуй вместо snat (пляска с бунбом и гадание на грибах) Да пребудет с вами знание ip адреса

domov0y

# 8 лет, 5 месяцев назад

Темы: 5

Сообщения: 819

Участник с: 09 июля 2011

покажите результат iptables -S (от рута естественно).
а то есть у меня нескромное подозрение что для цепочки FORWARD стоит reject.
проверки ради попробуйте очистить цепочку forward и поставить политику "разрешить"
узрел что разрешено все.

маскарадинг попробуй вместо snat (пляска с бунбом и гадание на грибах)

Да пребудет с вами знание ip адреса

bsm	# 8 лет, 5 месяцев назад
Темы: 47 Сообщения: 184 Участник с: 18 января 2012	[[email protected] adapter]# iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -s 192.168.249.0/28 -i wlp2s5 -j ACCEPT -A FORWARD -s 192.168.249.0/28 -i wlp2s5 -o enp2s4 -j ACCEPT -A FORWARD -d 192.168.249.0/28 -i enp2s4 -o wlp2s5 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -d 192.168.249.0/28 -o wlp2s5 -j ACCEPT

bsm	# 8 лет, 5 месяцев назад
Темы: 47 Сообщения: 184 Участник с: 18 января 2012	.. iptables -t nat -A POSTROUTING -o wlp2s5 -j MASQUERADE .. Table filter.. Chain INPUT (policy ACCEPT 405 packets, 41152 bytes) pkts bytes target prot opt in out source destination 8 942 ACCEPT all -- wlp2s5 * 192.168.249.0/28 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 18 1102 ACCEPT all -- wlp2s5 enp2s4 192.168.249.0/28 0.0.0.0/0 0 0 ACCEPT all -- enp2s4 wlp2s5 0.0.0.0/0 192.168.249.0/28 state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 8 916 ACCEPT all -- * wlp2s5 0.0.0.0/0 192.168.249.0/28 Table nat.. Chain PREROUTING (policy ACCEPT 429 packets, 31479 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 114 packets, 13432 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 10 packets, 608 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * wlp2s5 0.0.0.0/0 0.0.0.0/0 [[email protected]d-server adapter]# ping -c 3 lib.ru PING lib.ru (81.176.66.163) 56(84) bytes of data. 64 bytes from lib.ru (81.176.66.163): icmp_seq=1 ttl=54 time=53.1 ms 64 bytes from lib.ru (81.176.66.163): icmp_seq=2 ttl=54 time=73.3 ms 64 bytes from lib.ru (81.176.66.163): icmp_seq=3 ttl=54 time=62.8 ms --- lib.ru ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 53.191/63.129/73.336/8.228 ms [[email protected] adapter]# ping -c 3 lib.ru -I wlp2s5 PING lib.ru (81.176.66.163) from 192.168.249.1 wlp2s5: 56(84) bytes of data. From old-server (192.168.249.1) icmp_seq=1 Destination Host Unreachable From old-server (192.168.249.1) icmp_seq=2 Destination Host Unreachable From old-server (192.168.249.1) icmp_seq=3 Destination Host Unreachable --- lib.ru ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2007ms pipe 3 [[email protected] adapter]#

bsm

# 8 лет, 5 месяцев назад

Темы: 47

Сообщения: 184

Участник с: 18 января 2012


..
iptables -t nat -A POSTROUTING -o wlp2s5 -j MASQUERADE
..
Table filter..
Chain INPUT (policy ACCEPT 405 packets, 41152 bytes)
 pkts bytes target     prot opt in     out     source               destination
    8   942 ACCEPT     all  --  wlp2s5 *       192.168.249.0/28     0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
   18  1102 ACCEPT     all  --  wlp2s5 enp2s4  192.168.249.0/28     0.0.0.0/0
    0     0 ACCEPT     all  --  enp2s4 wlp2s5  0.0.0.0/0            192.168.249.0/28     state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    8   916 ACCEPT     all  --  *      wlp2s5  0.0.0.0/0            192.168.249.0/28

Table nat..
Chain PREROUTING (policy ACCEPT 429 packets, 31479 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 114 packets, 13432 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 10 packets, 608 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      wlp2s5  0.0.0.0/0            0.0.0.0/0
[[email protected]d-server adapter]# ping -c 3 lib.ru
PING lib.ru (81.176.66.163) 56(84) bytes of data.
64 bytes from lib.ru (81.176.66.163): icmp_seq=1 ttl=54 time=53.1 ms
64 bytes from lib.ru (81.176.66.163): icmp_seq=2 ttl=54 time=73.3 ms
64 bytes from lib.ru (81.176.66.163): icmp_seq=3 ttl=54 time=62.8 ms

--- lib.ru ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 53.191/63.129/73.336/8.228 ms
[[email protected] adapter]# ping -c 3 lib.ru -I wlp2s5
PING lib.ru (81.176.66.163) from 192.168.249.1 wlp2s5: 56(84) bytes of data.
From old-server (192.168.249.1) icmp_seq=1 Destination Host Unreachable
From old-server (192.168.249.1) icmp_seq=2 Destination Host Unreachable
From old-server (192.168.249.1) icmp_seq=3 Destination Host Unreachable

--- lib.ru ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2007ms
pipe 3
[[email protected] adapter]#

domov0y	# 8 лет, 5 месяцев назад
Темы: 5 Сообщения: 819 Участник с: 09 июля 2011	А вы уверены в строке echo 1 >/proc/sys/net/ipv4/conf/all/forwarding? вроде классический рецепт советует echo 1 > /proc/sys/net/ipv4/ip_forward Да пребудет с вами знание ip адреса

bsm	# 8 лет, 5 месяцев назад
Темы: 47 Сообщения: 184 Участник с: 18 января 2012	В файле /proc/sys/net/ipv4/ip_forward по умолчанию записана 1.

bsm	# 8 лет, 5 месяцев назад
Темы: 47 Сообщения: 184 Участник с: 18 января 2012	При конфигурации firewall `[[email protected] adapter]# iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -i wlp2s5 -o enp2s4 -j ACCEPT -A FORWARD -i enp2s4 -o wlp2s5 -j ACCEPT [[email protected] adapter]# iptables -S -t nat -P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -A POSTROUTING -o wlp2s5 -j SNAT --to-source 192.168.249.1` имею- route.. Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default vavan-archlinux 0.0.0.0 UG 0 0 0 enp2s4 192.168.0.0 * 255.255.255.0 U 0 0 0 enp2s4 192.168.0.0 * 255.255.255.0 U 203 0 0 enp2s7 192.168.249.0 * 255.255.255.240 U 0 0 0 wlp2s5 Table filter.. Chain INPUT (policy ACCEPT 1973 packets, 389K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 5 260 ACCEPT all -- wlp2s5 enp2s4 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- enp2s4 wlp2s5 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 290 packets, 28071 bytes) pkts bytes target prot opt in out source destination Table nat.. .. Chain POSTROUTING (policy ACCEPT 76 packets, 5196 bytes) pkts bytes target prot opt in out source destination 3 252 SNAT all -- * wlp2s5 0.0.0.0/0 0.0.0.0/0 to:192.168.249.1 Проверка доступа во внешнюю сеть- 192.168.249.2- компьютер, соединившийся по wi-fi с программной точкой доступа. [[email protected] adapter]# ping -c 3 192.168.249.2 PING 192.168.249.2 (192.168.249.2) 56(84) bytes of data. 64 bytes from 192.168.249.2: icmp_seq=1 ttl=64 time=3.25 ms 64 bytes from 192.168.249.2: icmp_seq=2 ttl=64 time=34.4 ms 64 bytes from 192.168.249.2: icmp_seq=3 ttl=64 time=91.1 ms --- 192.168.249.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 3.256/42.926/91.101/36.363 ms [[email protected] adapter]# ping -c 3 192.168.249.2 -I wlp2s5 PING 192.168.249.2 (192.168.249.2) from 192.168.249.1 wlp2s5: 56(84) bytes of data. 64 bytes from 192.168.249.2: icmp_seq=1 ttl=64 time=13.8 ms 64 bytes from 192.168.249.2: icmp_seq=2 ttl=64 time=3.04 ms 64 bytes from 192.168.249.2: icmp_seq=3 ttl=64 time=8.55 ms --- 192.168.249.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 3.040/8.486/13.861/4.419 ms [[email protected] adapter]# ping -c 3 lib.ru PING lib.ru (81.176.66.163) 56(84) bytes of data. 64 bytes from lib.ru (81.176.66.163): icmp_seq=1 ttl=54 time=53.0 ms 64 bytes from lib.ru (81.176.66.163): icmp_seq=2 ttl=54 time=53.1 ms 64 bytes from lib.ru (81.176.66.163): icmp_seq=3 ttl=54 time=54.7 ms --- lib.ru ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 53.078/53.636/54.730/0.818 ms [[email protected] adapter]# ping -c 3 lib.ru -I wlp2s5 PING lib.ru (81.176.66.163) from 192.168.249.1 wlp2s5: 56(84) bytes of data. From old-server (192.168.249.1) icmp_seq=1 Destination Host Unreachable From old-server (192.168.249.1) icmp_seq=2 Destination Host Unreachable From old-server (192.168.249.1) icmp_seq=3 Destination Host Unreachable --- lib.ru ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2008ms pipe 3 Получается, что с программной точки доступа в Интернет выхода нет.

bsm

# 8 лет, 5 месяцев назад

Темы: 47

Сообщения: 184

Участник с: 18 января 2012

При конфигурации firewall


[[email protected] adapter]# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i wlp2s5 -o enp2s4 -j ACCEPT
-A FORWARD -i enp2s4 -o wlp2s5 -j ACCEPT

[[email protected] adapter]# iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -o wlp2s5 -j SNAT --to-source 192.168.249.1

имею-


route..
Kernel IP routing table
Destination     Gateway         Genmask               Flags Metric Ref    Use Iface
default         vavan-archlinux  0.0.0.0                   UG   0          0        0 enp2s4
192.168.0.0        *                   255.255.255.0     U     0          0        0 enp2s4
192.168.0.0        *                   255.255.255.0     U     203     0        0 enp2s7
192.168.249.0   *                   255.255.255.240 U     0         0        0 wlp2s5

Table filter..
Chain INPUT (policy ACCEPT 1973 packets, 389K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    5   260 ACCEPT     all  --  wlp2s5 enp2s4  0.0.0.0/0            0.0.0.0/0
    0       0 ACCEPT     all  --  enp2s4 wlp2s5  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 290 packets, 28071 bytes)
 pkts bytes target     prot opt in     out     source               destination

Table nat..
..
Chain POSTROUTING (policy ACCEPT 76 packets, 5196 bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   252 SNAT       all  --  *      wlp2s5  0.0.0.0/0            0.0.0.0/0            to:192.168.249.1

Проверка доступа во внешнюю сеть-


192.168.249.2- компьютер, соединившийся по wi-fi с программной точкой доступа.

[[email protected] adapter]# ping -c 3 192.168.249.2
PING 192.168.249.2 (192.168.249.2) 56(84) bytes of data.
64 bytes from 192.168.249.2: icmp_seq=1 ttl=64 time=3.25 ms
64 bytes from 192.168.249.2: icmp_seq=2 ttl=64 time=34.4 ms
64 bytes from 192.168.249.2: icmp_seq=3 ttl=64 time=91.1 ms

--- 192.168.249.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.256/42.926/91.101/36.363 ms

[[email protected] adapter]# ping -c 3 192.168.249.2 -I wlp2s5
PING 192.168.249.2 (192.168.249.2) from 192.168.249.1 wlp2s5: 56(84) bytes of data.
64 bytes from 192.168.249.2: icmp_seq=1 ttl=64 time=13.8 ms
64 bytes from 192.168.249.2: icmp_seq=2 ttl=64 time=3.04 ms
64 bytes from 192.168.249.2: icmp_seq=3 ttl=64 time=8.55 ms

--- 192.168.249.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 3.040/8.486/13.861/4.419 ms

[[email protected] adapter]# ping -c 3 lib.ru
PING lib.ru (81.176.66.163) 56(84) bytes of data.
64 bytes from lib.ru (81.176.66.163): icmp_seq=1 ttl=54 time=53.0 ms
64 bytes from lib.ru (81.176.66.163): icmp_seq=2 ttl=54 time=53.1 ms
64 bytes from lib.ru (81.176.66.163): icmp_seq=3 ttl=54 time=54.7 ms

--- lib.ru ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 53.078/53.636/54.730/0.818 ms

[[email protected] adapter]# ping -c 3 lib.ru -I wlp2s5
PING lib.ru (81.176.66.163) from 192.168.249.1 wlp2s5: 56(84) bytes of data.
From old-server (192.168.249.1) icmp_seq=1 Destination Host Unreachable
From old-server (192.168.249.1) icmp_seq=2 Destination Host Unreachable
From old-server (192.168.249.1) icmp_seq=3 Destination Host Unreachable

--- lib.ru ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2008ms
pipe 3

Получается, что с программной точки доступа в Интернет выхода нет.