NAT+

1. Preface
1.1. Goal
1.2. Limitations
1.3. Conventions & Preconditions
1.4. Indexing
2. Setting a Static IP Address
2.1. Setting the Actual Address
2.2. Preventing DHCP From Interfering
3. DHCP Server
4. Forwarding
4.1. Enable Forwarding
4.2. Setup iptables
5. Troubleshooting

tropf

ABSTRACT

quick introduction into forwarding your connection from one interface to another

This guide explains how you can share your internet connection with other devices using NAT and setup a DHCP server so connected devices are automatically configured.

1. Preface

1.1. Goal

Afterwards you can connect to the device via e.g. ethernet and you automatically get an IP address via DHCP and all traffic will be tunneled and forwarded through the device.

1.2. Limitations

This guide will not cover:

connecting to an existing network (see: wpa_supplicant)
creating a wifi hotspot

1.3. Conventions & Preconditions

The following names will be used throughout the guide and can be changed according to your setup.

Name	Meaning
`wlan0`	connected to an internet uplink
`eth0`	device that the connection will be forwarded to
`10.0.0.1`	IP address of `eth0`
`10.0.0.0/24`	subnet of `eth0`

1.4. Indexing

This section contains alternative titles and topics of this article that can be used to build a search index.

search tags:

raspberry pi raspberrypi dnsmasq dhcp static
share sharing bridge bridging reverse router
nat wifi wlan

alternative titles:

how to set up a router
how to turn wifi into ethernet
sharing a network connection

2. Setting a Static IP Address

eth0 needs a static IP Address, because there is no DHCP server to get an address from. (If there is, skip this step.)

2.1. Setting the Actual Address

Create a file named /etc/network/interfaces.d/eth0_static with this content:

auto eth0
allow-hotplug eth0
iface eth0 inet static
        address 10.0.0.1
        netmask 255.255.255.0
        network 10.0.0.0
        broadcast 10.0.0.255

2.2. Preventing DHCP From Interfering

By default the DHCP client will overwrite these settings. Tell them to not care about eth0. Insert this line into /etc/dhcpcd.conf:

denyinterfaces eth0

3. DHCP Server

There is no DHCP server behind eth0. We have to create one. (If there is, skip this step.)

Install dnsmasq. Create a file named /etc/dnsmasq.d/dhcp_server.conf with this content:

interface=eth0              # use interface eth0
listen-address=10.0.0.1     # explicitly specify the address to listen on
bind-interfaces             # Bind to the interface to make sure we aren’t sending things elsewhere
server=46.182.19.48         # the DNS server to be used. this one is run by digitalcourage e.v.; feel free to change it
domain-needed               # Don’t forward short names
bogus-priv                  # Never forward addresses in the non-routed address spaces.

# Assign IP addresses between 10.0.0.50 and 10.0.0.150 with a 12 hour lease time
dhcp-range=10.0.0.50,10.0.0.150,12


dhcp-option=3,10.0.0.1      # gateway which is connected to the internet -- this computer

4. Forwarding

All incoming traffic on eth0 should be forwarded and NATed to the uplink wlan0.

4.1. Enable Forwarding

Forwarding has to be enabled in the kernel.

Uncomment or insert this line into /etc/sysctl.conf:

net.ipv4.ip_forward=1

This will only be loaded on boot. Reload the file now using:

sysctl -p

4.2. Setup iptables

Execute the following commands:

sudo iptables -t filter -A FORWARD -i eth0 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

These rules are not persistent by default, so install iptables-persistent and then execute:

iptables-save > /etc/iptables/rules.v4

5. Troubleshooting

Things i do when things go wrong.

reboot
sudo systemctl restart networking
check config files
ip a
rewrite config files, srsly
ip r (especially check the default route)
apropos [problem], man [program]
get upset
dmesg (look for link is not ready without link becomes ready afterwards)
sudo ss -tulpn

04 December 2020
Home