Author Topic: [HELP] How to enable forwarding for wireless network?  (Read 4571 times)

JLLEWELYN

  • Zen Monk
  • **
  • Posts: 65
  • Karma: +5/-0
    • View Profile
[HELP] How to enable forwarding for wireless network?
« on: April 26, 2019, 09:59:26 pm »
hello, greetings to the zentyal team.
I have zentyal 6.0 with an ethernet adapter and a TP-LINK wireless adapter model TL-WDN4800.
My zentyal server only works as an active domain controller directory.

From the ethernet adapter called as interface eth2 with the IP address 192.168.1.2 mask 255.255.255.0
get internet through this adapter through the 192.168.1.1 gateway which is a commercial UTM firewall.

The wireless adapter called as interface wlan0 with the IP address 192.168.137.1 mask 255.255.255.0.

/etc/network/interfaces
Code: [Select]
administrator@servidor:~$ cat /etc/network/interfaces
allow-hotplug lo eth2 wlan0

iface lo inet loopback

iface eth2 inet static
      address 192.168.1.2
      netmask 255.255.255.0
      broadcast 192.168.1.255
      offload-gro off
      offload-gso off
      offload-tso off

iface wlan0 inet static
      address 192.168.137.1
      netmask 255.255.255.0
      broadcast 192.168.137.255
      offload-gro off
      offload-gso off
      offload-tso off

The DHCP server delivers IP addresses to the 192.168.137.1 interface with a range of 192.168.137.100 to 192.168.137.254 with DNS 8.8.8.8 and 8.8.4.4.
/etc/dhcp/dhcpd.conf
Code: [Select]
shared-network wlan0 {

    subnet 192.168.137.0 netmask 255.255.255.0 {

        option routers 192.168.137.1;
        option domain-name-servers 8.8.8.8, 8.8.4.4;
        option ntp-servers 192.168.137.1;
        default-lease-time 1800;
        max-lease-time 7200;


        pool {



            next-server 192.168.137.1;

            range 192.168.137.100 192.168.137.254;
        }
    }

    group {
        option routers 192.168.137.1;
        option domain-name-servers 8.8.8.8, 8.8.4.4;
        option ntp-servers 192.168.137.1;
        default-lease-time 1800;
        max-lease-time 7200;


    }

}

/etc/default/hostapd
Code: [Select]
administrator@servidor:~$ cat /etc/default/hostapd
# Defaults for hostapd initscript
#
# See /usr/share/doc/hostapd/README.Debian for information about alternative
# methods of managing hostapd.
#
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
#
DAEMON_CONF="/etc/hostapd/hostapd.conf"

# Additional daemon options to be appended to hostapd command:-
#       -d   show more debug messages (-dd for even more)
#       -K   include key data in debug messages
#       -t   include timestamps in some debug messages
#
# Note that -B (daemon mode) and -P (pidfile) options are automatically
# configured by the init.d script and must not be added to DAEMON_OPTS.
#
#DAEMON_OPTS=""

we configure
/etc/hostapd/hostapd.conf
Code: [Select]
# Plantilla de configuracion hostapd para router Wi-Fi 2.4 GHz generico modo abierto para Venezuela
# /etc/hostapd/hostapd.conf
# Adaptador PCI-E TP-LINK TL-WDN4800 N900

#
# Opciones Generales hostapd
#
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
interface=wlan0
#bridge=br0
driver=nl80211
#driver_params=
ssid=Internet Libre

#
# Ajustes regulatorios para Venezuela
#
ieee80211d=1
country_code=VE
# Entorno para Interiores: 0x49 Exteriores: 0x4f Todos los entornos: 0x20
#country3=0x49
#local_pwr_constraint=3
#spectrum_mgmt_required=1

#
# Opciones de Seguridad
#
ignore_broadcast_ssid=0
disassoc_low_ack=1
wpa=0
macaddr_acl=0
deny_mac_file=/etc/hostapd/hostapd.deny

#
# Ajustes de bandas IEEE 802.11 (b/g)
#
hw_mode=g

#
# Ajustes de banda IEEE 802.11n (n)
#
ieee80211n=1
require_ht=1
ht_capab=[LDPC][HT40-][HT40+][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][MAX-AMSDU-3839][DSSS_CCK-40][MAX-A-MPDU-LEN-EXP3]

#
# Ajustes IEEE 802.11u-2011
#
#interworking=1
#access_network_type=3
#internet = 1
#venue_group=2
#venue_type=0

#
# QoS
#
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0

#
# Ajustes Avanzados
#
channel=0
#acs_num_scans=5
#acs_chan_bias=1:0.8 6:0.8 11:0.8
#chanlist=1 6 11-13
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=-1
fragm_threshold=-1
#supported_rates=10 20 55 110 60 90 120 180 240 360 480 540
#basic_rates=10 20
#basic_rates=10 20 55 110
#basic_rates=60 120 240
#beacon_rate=10
#preamble=1

#
# Registro
#
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2

Start test
Code: [Select]
sudo hostapd -dd /etc/hostapd/hostapd.conf
Ctrl+C (exit)

we create the service...
Code: [Select]
sudo systemctl unmask hostapd
sudo systemctl enable hostapd
sudo systemctl start hostapd
sudo systemctl status hostapd
● hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
   Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-04-27 15:19:56 -04; 21min ago
  Process: 18270 ExecStart=/usr/sbin/hostapd -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=0/SUCCESS)
 Main PID: 18271 (hostapd)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/hostapd.service
           └─18271 /usr/sbin/hostapd -P /run/hostapd.pid -B /etc/hostapd/hostapd.conf

abr 27 15:19:56 servidor systemd[1]: Starting Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator...
abr 27 15:19:56 servidor hostapd[18270]: Configuration file: /etc/hostapd/hostapd.conf
abr 27 15:19:56 servidor hostapd[18270]: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
abr 27 15:19:56 servidor hostapd[18270]: ACS: Automatic channel selection started, this may take a bit
abr 27 15:19:56 servidor hostapd[18270]: wlan0: interface state COUNTRY_UPDATE->ACS
abr 27 15:19:56 servidor hostapd[18270]: wlan0: ACS-STARTED
abr 27 15:19:56 servidor systemd[1]: Started Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator.
I have hostapd installed and I already made my test configuration, which mobile devices connect but does not have internet.

According to the guide I am reading, I must edit the configuration file: /etc/sysctl.conf
change: net.ipv4.ip_forward = 1
save.
add the configuration to the firewall.
sudo iptables -t nat -A POSTROUTING -s 192.168.137.0/24 -o eth2 -j MASQUERADE

The problem is that this configuration is temporary, because zentyal when restarting does not save the change.
How can I enable Internet connection to wireless devices permanently?
« Last Edit: April 27, 2019, 09:47:55 pm by JLLEWELYN »

JLLEWELYN

  • Zen Monk
  • **
  • Posts: 65
  • Karma: +5/-0
    • View Profile
Re: [HELP] How to enable forwarding for wireless network?
« Reply #1 on: May 06, 2019, 12:17:27 am »
Hello, can someone help me interpret, how to add these rules to the zentyal firewall from the web GUI?

Code: [Select]
iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
iptables -A FORWARD -i eth2 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth2 -j ACCEPT