[Techtalk] sharing mobile broadband on wired LAN

[Carla Schroder]

On Tue, 3 Nov 2015 07:53:30 -0800
Carla Schroder <carla at bratgrrl.com> wrote:

> On Tue, 3 Nov 2015 14:50:27 +1100
> John Clarke <johnc+linuxchix at kirriwa.net> wrote:
> 
> > > $ipt -A FORWARD -i $WAN_IFACE -o $LAN_IFACE -m state --state
> > > ESTABLISHED,RELATED -j ACCEPT $ipt -A FORWARD -i $LAN_IFACE -o
> > > $WAN_IFACE -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT  
> > 
> > Is this just a formatting error in your email?  If this is really
> > what's in your script, then it's probably why PC2 can't get to
> > anything except PC1.
> 
> It's three lines, each one starting with $ipt. 
> 
> Carla
> 

Sigh. I'm not sure what I did, but it's working now. PC2 is assigned a
default gateway of PC1, static IP. PC1 is DHCP on its WAN (wifi)
interface, and no default gateway on the wired interface (also static
IP). I tried some different iptables rules; it's been so long I've
forgotten what's different, but these lines also work in place of the
three lines above:

$ipt -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j
ACCEPT 
$ipt -A FORWARD -i eth0 -o wlan0 -j ACCEPT

I think giving PC1 a default gateway on the wired interface is what
messed it up.

It's rather scary how easy it is to forget all this stuff. I used to
type iptables rules on the fly and figure out subnetting in my head.
Now I have to count on my fingers and look everything up.

Carla

-- 
++++++++++++++++++++++++++++++++++++++++
Ace Linux guru                         +
carlaschroder.com                      +
There's a dance in the old dame yet    +
++++++++++++++++++++++++++++++++++++++++