-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello. This is the the first time I'm dealing with wifi and the second
time with NAT.
I have a server (access point) with a ppp0 interface (internet), eth0,
wlan0, tun0 and sit0. A dhcp server is listening on wlan0 and provides
local ip addresses, dns (= my isp dns)  and router (= server wlan0 ip
address). Nat is configured on the server like this:
# Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014
*raw
:PREROUTING ACCEPT [1000941:974106726]
:OUTPUT ACCEPT [775261:165606146]
COMMIT
# Completed on Fri Jan 10 21:34:26 2014
# Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014
*nat
:PREROUTING ACCEPT [888:45008]
:INPUT ACCEPT [63:9590]
:OUTPUT ACCEPT [442:27137]
:POSTROUTING ACCEPT [36:1728]
- -A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Fri Jan 10 21:34:26 2014
# Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014
*mangle
:PREROUTING ACCEPT [1000941:974106726]
:INPUT ACCEPT [951658:947497602]
:FORWARD ACCEPT [39262:26279024]
:OUTPUT ACCEPT [775261:165606146]
:POSTROUTING ACCEPT [814621:191890787]
COMMIT
# Completed on Fri Jan 10 21:34:26 2014
# Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014
*filter
:INPUT ACCEPT [371:35432]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [33994:3725352]
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -i wlan0 -o ppp0 -j ACCEPT
- -A FORWARD -i ppp0 -o wlan0 -j ACCEPT
- -A FORWARD -i eth0 -j DROP
- -A FORWARD -i tun0 -j DROP
COMMIT
# Completed on Fri Jan 10 21:34:26 2014
I have a client that connects to my wifi, obtains an address via dhcp
and ... can't acces almost all of internet sites.
I was able to ping any web service I could think of, but I was able to
use only google/youtube. I can do text/ image serches on google and
can open youtube(but videos aren't loading). On other services wget
says connection established, but it can't retrieve anything. if I ssh
to an external server (not my nat server) I can ls, but if I try to ls
- -alh I receive only a half of the files list and the terminal hangs
after that.
If I do $python -m http.server on my server I can do file transfers
and open html pages on my client. I have tried this
https://wiki.archlinux.org/index.php/Software_Access_Point#WLAN_is_very_slow
Also I have tried to insert LOG target in FORWARD of filter.
It showed that I send way more pakets(>10) to a http server than I
receive(~2-4).
The client is fine and behaves normally with wifi, used it many times.
Thanks for your time.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJS0DQTAAoJEK64IL1uI2hafvwIAIDd3LM3iKTUKNSacou2NhTR
W9CTSS+1fVgQKww+Biseo4jj9Hiek/vo9t7Kxv2YrCw8DwCxW8j+sRUHK6//SY9O
z2abLUUxXq1q9POIy19CYXP3LVFpRSJpPtvAMADgx0roZCQWodwiVUWBZ2BI+lEF
2/T34JEqPna6NZsrtdufRWLII/zSbu9EuM5/atQe5HenI5Vkhz0rBXrLXEuRO4Gx
1bNvOmuupD5NMEVTCiwnCpGwikbZIkWswFaD89vRLBFnZwPJeE6ArwJvCMBxHhlw
OgpxpMPi1oBKNHmVnLiR5d1efkhksQhL9OcEWi0Jiw6cm2u3eLVt3CxtU4OjnQc=
=86dE
-----END PGP SIGNATURE-----

Reply via email to