Turn Ubuntu Machine with One two Network cards into a Router

Question

Score:1

Server

Turn Ubuntu Machine with One two Network cards into a Router

Hash

18/12/22 06:58

I have a Ubuntu 20.04.2 laptop that i intend to turn into a router. I have two network cards one is wireless (wl01) which is connected to Internet. I have an ethernet card (enp3s0) IP ADDRESS 192.168.0.1 to which i want to connect an Access Point that can provide connectivity to other clients.

The output of /proc/sys/net/ipv4/ip_forward is 1 I then proceeded with the following commands.

 iptables -t nat -A POSTROUTING -o wl01 -j MASQUERADE
 iptables -A INPUT -i enp3s0 -j ACCEPT
 iptables -A INPUT -i wl01 -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A OUTPUT -j ACCEPT

However the clients aren't able to connect to the internet. They are able to ping the gateway i.e 192.168.0.1 but aren't able to connect to the internet.

What am i doing wrong here? Reading the documentation that should do it. Any suggestions.

The output of iptables dump

    *mangle
    :PREROUTING ACCEPT [6714:892007]
    :INPUT ACCEPT [5733:771154]
    :FORWARD ACCEPT [15:1140]
    :OUTPUT ACCEPT [6708:636233]
    :POSTROUTING ACCEPT [6729:639113]
    :FORWARD_direct - [0:0]
    :INPUT_direct - [0:0]
    :OUTPUT_direct - [0:0]
    :POSTROUTING_direct - [0:0]
    :PREROUTING_ZONES - [0:0]
    :PREROUTING_direct - [0:0]
    :PRE_public - [0:0]
    :PRE_public_allow - [0:0]
    :PRE_public_deny - [0:0]
    :PRE_public_log - [0:0]
    :PRE_public_post - [0:0]
    :PRE_public_pre - [0:0]
    -A PREROUTING -j PREROUTING_direct
    -A PREROUTING -j PREROUTING_ZONES
    -A INPUT -j INPUT_direct
    -A FORWARD -j FORWARD_direct
    -A OUTPUT -j OUTPUT_direct
    -A POSTROUTING -j POSTROUTING_direct
    -A PREROUTING_ZONES -i wlo1 -g PRE_public
    -A PREROUTING_ZONES -i enp3s0 -g PRE_public
    -A PREROUTING_ZONES -g PRE_public
    -A PRE_public -j PRE_public_pre
    -A PRE_public -j PRE_public_log
    -A PRE_public -j PRE_public_deny
    -A PRE_public -j PRE_public_allow
    -A PRE_public -j PRE_public_post
    COMMIT

    :PREROUTING ACCEPT [6714:892007]
    :OUTPUT ACCEPT [6708:636233]
    :OUTPUT_direct - [0:0]
    :PREROUTING_ZONES - [0:0]
    :PREROUTING_direct - [0:0]
    :PRE_public - [0:0]
    :PRE_public_allow - [0:0]
    :PRE_public_deny - [0:0]
    :PRE_public_log - [0:0]
    :PRE_public_post - [0:0]
    :PRE_public_pre - [0:0]
    -A PREROUTING -j PREROUTING_direct
    -A PREROUTING -j PREROUTING_ZONES
    -A OUTPUT -j OUTPUT_direct
    -A PREROUTING_ZONES -i wlo1 -g PRE_public
    -A PREROUTING_ZONES -i enp3s0 -g PRE_public
    -A PREROUTING_ZONES -g PRE_public
    -A PRE_public -j PRE_public_pre
    -A PRE_public -j PRE_public_log
    -A PRE_public -j PRE_public_deny
    -A PRE_public -j PRE_public_allow
    -A PRE_public -j PRE_public_post
     COMMIT
    :INPUT ACCEPT [4432:629712]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [6703:635713]
    :FORWARD_direct - [0:0]
    :INPUT_direct - [0:0]
    :OUTPUT_direct - [0:0]
    -A INPUT -j INPUT_direct
    -A FORWARD -j FORWARD_direct
    -A OUTPUT -j OUTPUT_direct
    COMMIT
   :INPUT ACCEPT [0:0]
   :FORWARD ACCEPT [0:0]
   :OUTPUT ACCEPT [0:0]
   :FORWARD_IN_ZONES - [0:0]
   :FORWARD_OUT_ZONES - [0:0]
   :FORWARD_direct - [0:0]
   :FWDI_public - [0:0]
   :FWDI_public_allow - [0:0]
   :FWDI_public_deny - [0:0]
   :FWDI_public_log - [0:0]
   :FWDI_public_post - [0:0]
   :FWDI_public_pre - [0:0]
   :FWDO_public - [0:0]
   :FWDO_public_allow - [0:0]
   :FWDO_public_deny - [0:0]
   :FWDO_public_log - [0:0]
   :FWDO_public_post - [0:0]
   :FWDO_public_pre - [0:0]
   :INPUT_ZONES - [0:0]
   :INPUT_direct - [0:0]
   :IN_public - [0:0]
   :IN_public_allow - [0:0]
   :IN_public_deny - [0:0]
   :IN_public_log - [0:0]
   :IN_public_post - [0:0]
   :IN_public_pre - [0:0]
   :OUTPUT_direct - [0:0]
   -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT
   -A INPUT -i lo -j ACCEPT
   -A INPUT -j INPUT_direct
   -A INPUT -j INPUT_ZONES
   -A INPUT -m conntrack --ctstate INVALID -j DROP
   -A INPUT -j REJECT --reject-with icmp-host-prohibited
   -A INPUT -i enp3s0 -j ACCEPT
   -A INPUT -i wl01 -m state --state RELATED,ESTABLISHED -j ACCEPT
   -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT
   -A FORWARD -i lo -j ACCEPT
   -A FORWARD -j FORWARD_direct
   -A FORWARD -j FORWARD_IN_ZONES
   -A FORWARD -j FORWARD_OUT_ZONES
   -A FORWARD -m conntrack --ctstate INVALID -j DROP
   -A FORWARD -j REJECT --reject-with icmp-host-prohibited
   -A OUTPUT -o lo -j ACCEPT
   -A OUTPUT -j OUTPUT_direct
   -A OUTPUT -j ACCEPT
   -A FORWARD_IN_ZONES -i wlo1 -g FWDI_public
   -A FORWARD_IN_ZONES -i enp3s0 -g FWDI_public
   -A FORWARD_IN_ZONES -g FWDI_public
  -A FORWARD_OUT_ZONES -o wlo1 -g FWDO_public
  -A FORWARD_OUT_ZONES -o enp3s0 -g FWDO_public
  -A FORWARD_OUT_ZONES -g FWDO_public
  -A FWDI_public -j FWDI_public_pre
  -A FWDI_public -j FWDI_public_log
  -A FWDI_public -j FWDI_public_deny
  -A FWDI_public -j FWDI_public_allow
  -A FWDI_public -j FWDI_public_post
  -A FWDI_public -p icmp -j ACCEPT
  -A FWDO_public -j FWDO_public_pre
  -A FWDO_public -j FWDO_public_log
  -A FWDO_public -j FWDO_public_deny
  -A FWDO_public -j FWDO_public_allow
  -A FWDO_public -j FWDO_public_post
  -A INPUT_ZONES -i wlo1 -g IN_public
  -A INPUT_ZONES -i enp3s0 -g IN_public
  -A INPUT_ZONES -g IN_public
  -A IN_public -j IN_public_pre
  -A IN_public -j IN_public_log
  -A IN_public -j IN_public_deny
  -A IN_public -j IN_public_allow
  -A IN_public -j IN_public_post
  -A IN_public -p icmp -j ACCEPT
  -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate 
  NEW,UNTRACKED -j ACCEPT
  COMMIT
 :PREROUTING ACCEPT [1729:198863]
 :INPUT ACCEPT [1:60]
 :OUTPUT ACCEPT [1927:151765]
 :POSTROUTING ACCEPT [1927:151765]
 :OUTPUT_direct - [0:0]
 :POSTROUTING_ZONES - [0:0]
 :POSTROUTING_direct - [0:0]
 :POST_public - [0:0]
 :POST_public_allow - [0:0]
 :POST_public_deny - [0:0]
 :POST_public_log - [0:0]
 :POST_public_post - [0:0]
 :POST_public_pre - [0:0]
 :PREROUTING_ZONES - [0:0]
 :PREROUTING_direct - [0:0]
 :PRE_public - [0:0]
 :PRE_public_allow - [0:0]
 :PRE_public_deny - [0:0]
 :PRE_public_log - [0:0]
 :PRE_public_post - [0:0]
 :PRE_public_pre - [0:0]
 -A PREROUTING -j PREROUTING_direct
 -A PREROUTING -j PREROUTING_ZONES
 -A OUTPUT -j OUTPUT_direct
 -A POSTROUTING -j POSTROUTING_direct
 -A POSTROUTING -j POSTROUTING_ZONES
 -A POSTROUTING -o wl01 -j MASQUERADE
 -A POSTROUTING_ZONES -o wlo1 -g POST_public
 -A POSTROUTING_ZONES -o enp3s0 -g POST_public
 -A POSTROUTING_ZONES -g POST_public
 -A POST_public -j POST_public_pre
 -A POST_public -j POST_public_log
 -A POST_public -j POST_public_deny
 -A POST_public -j POST_public_allow
 -A POST_public -j POST_public_post
 -A PREROUTING_ZONES -i wlo1 -g PRE_public
 -A PREROUTING_ZONES -i enp3s0 -g PRE_public
 -A PREROUTING_ZONES -g PRE_public
 -A PRE_public -j PRE_public_pre
 -A PRE_public -j PRE_public_log
 -A PRE_public -j PRE_public_deny
 -A PRE_public -j PRE_public_allow
 -A PRE_public -j PRE_public_post
 COMMIT

52

0 + 4

อูบุนตู

iptables