iptables forwarding between two interface

So I have a linux box with two wireless interfaces, one is a station and the other an AP.

wlan0 (station) - Connected to the internet connection

wlan1 (AP) - Other clients connect to it.

I would like for clients connected to wlan1 to be able to access the internet on wlan0. And I'd like to do this with iptables as my kernel doesn't have bridging support...

Here's what I've tried so far with iptables but it's not working:

iptables -A FORWARD -i wlan0 -o wlan1 -j ACCEPT
iptables -A FORWARD -i wlan1 -o wlan0 -j ACCEPT

I'd appreciate any help.

Answers 1

  • First, to enable hosts connecting on your private interface to go out to the internet, you don't need bridging the interfaces, you need to route packets coming in on one interface, to the other one, where they go out to the wild.

    To do that, you only need to:

    1. Enable forwarding on your linux box:
    2. Allow specific (or all of it) packets to traverse your router
    3. As someone stated, as netfilter is a stateless firewall, allow traffic for already established connections
    4. Change the source address on packets going out to the internet

      echo 1 > /proc/sys/net/ipv4/ip_forward
      iptables -A FORWARD -i wlan1 -o wlan0 -j ACCEPT
      iptables -A FORWARD -i wlan0 -o wlan1 -m state --state ESTABLISHED,RELATED \
               -j ACCEPT
      iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

    That should do it.

Related Questions