You are here

Home » Forums » General discussion

Pi to Pi Internet Sharing

9 posts / 0 new
Log in or register to post comments
Last post
Fri, 08/17/2018 - 11:20
#1
AB8XA
Pi to Pi Internet Sharing


Let's say I have two portable nodes: CALLSIGN-2 and CALLSIGN-3
with a Raspberry Pi 3B+ (which have both eth0 and wlan0 on board).
 
CALLSIGN-2-Node 10.20.30.41 
* callsign-2-pi 10.20.30.42 - Pi eth0 DHCP from node 
 
callsign-2 pi - wlan0 DHCP from 192.168.1.1 hotspot
 
CALLSIGN-3-Node 10.30.20.41 
* callsign-3-pi 10.30.20.42 - Pi eth0 DHCP from node 
 
callsign-3-pi configured as a typical Pi access point
eth0 DHCP NAT to wlan0 static 192.168.7.1 w/DHCP server
 
Will the following work? 
<!--break-->
callsign-2 pi -  route from wlan0 hotspot to eth0 mesh node
sudo iptables -t nat -A  POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o wlan -j ACCEPT
sudo apt-get install iptables-persistent (respond yes for current iptables)
 
CALLSIGN-2-Node - Configure WAN with a static IP of the callsign-2-pi eth0 mesh address
and check Mesh Gateway to advertise a default route to CALLSIGN-3-Node?
 

Top
Fri, 08/17/2018 - 13:23
AE6XE
AE6XE's picture
AB8XA,  Can you clarify the
AB8XA,  Can you clarify the firmware images and or other configuration on these RasPi devices?    You mention "check Mesh Gateway".  AREDN firmware doesn't have a RasPi flavor, so not sure where this comes from and the context of the overall setup you have or are thinking about.  
Top
Fri, 08/17/2018 - 17:58
AB8XA
The Pi are running Raspbian

The Pi are running Raspbian Stretch. Each one's eth0 is connected to its own Ubiquiti Bullet M2 running AREDN 3.16.1.1

One Pi's wlan0 is associated with a hotspot. The other Pi's wlan0 will be configured as an access point... sorta like a home router.

I'm wondering if I set up routing between wlan0 and eth0 on the hotspot Pi if its Bullet's WAN can be configured as a mesh gateway statically using the eth0 IP the Pi got from the Bullet.

Is that even more confusing? 

Top
Fri, 08/17/2018 - 18:01
(Reply to #3)
K5DLQ
K5DLQ's picture
wouldn't it need OLSR on the
wouldn't it need OLSR on the Pi's???
 
Top
Fri, 08/17/2018 - 20:54
(Reply to #4)
AB8XA
"wouldn't it need OLSR on the

"wouldn't it need OLSR on the Pi's???"

I don't know


The hotspot Pi should have a route of 10.0.0.0/8 to its Bullet's LAN address on eth0
and a default route of 0.0.0.0/0 to the 192.168.1.1 hotspot gateway address on wlan0. 

The AP Pi should have a route of 10.0.0.0/8 to its Bullet's LAN address on eth0
and a route of 192.168.7.0/24 to the 192.168.7.1 gateway address on its wlan0. 
As an AP, they're routed with NAT. The AP Pi should initially have no default route.

So if I 
1) route between the hotspot Pi interfaces with NAT,
2) enter the mesh IP of the hotspot Pi as the WAN IP on the hotspot Bullet,
3) and check the Mesh Gateway box on the hotspot Bullet

will the AP Bullet get the mesh IP of the hotspot Pi as the default route
and pass it on to the AP Pi which will then have a default route?

 

Top
Fri, 08/17/2018 - 23:45
AE6XE
AE6XE's picture
Ok, I see what you're working
Ok, I see what you're working to do.  

Callsign-2 Pi:   Yes, you're on the right track with the iptable rules, but it's generally in the opposite direction.  The Pi knows how to route, that is to say it already has routing tables to send the 10.x.x.x traffic to the bullet LAN and send traffic to 192.168.1.x out the wlan0.  The intended or primary traffic flow is a wifi client with a 192.168.1.x address looking to communicate out to the mesh.   So the rules would be incoming on wlan0 and then a masquerade going out eth0.  This means when the packet goes to the Bullet it has a 'source' address of the Pi's eth0, a 10.x.x.x address.  That way a reply can get back to it.  The connection tracking back, knows to translate back to the right 192.168.1.x address.  Work on getting that primary use case working, and show the iptable rules to see the hit counters so you have an idea of what is happening to debug.  The secondary cases are specific port forwarded services of a client on the mesh trying to access a particular service on a 192.168.1.x host.   

Another approach altogether is the RasPi is configured in a bridge mode.  This means the wifi clients are assigned an IP address from the Bullet. The rules just forward packets in one interface and out the other as-is, in both directions.

Callsign-3 Pi:   For this situation, it would be cleaner to figure out how to do a bridge mode.    The eth0 needs to be connected to the respective bullet's WAN (need a vlan switch to have a WAN port).     This is commonly done with a ~$20 Ubiquiti AirGateway in bridge mode.   The Bullet then gets an IP address on its WAN port from the hotspot.  Alternatively, it could be a double NAT, the Pi and your home router.  The Bullet WAN gets an IP address from the Pi eth0, the Pi wlan0 gets an IP address from the hotspot.  The iptable rules would be similar to the Callsign-2 Pi masquerade setup, but in the opposite direction.

Joe AE6XE
Top
Sat, 08/18/2018 - 00:52
AB8XA
Thanks so much for taking the
Thanks so much for taking the time to explain this, Joe.

We do have yet another (120VAC) portable that's simply an ARHP with an AirGateway bridge providing Part 15 WiFi access to the mesh.

The two above are 12VDC setups with phone, camera, and a USB GPS on the Pi.
 
Top
Wed, 08/22/2018 - 09:47
n5mdt
Would it be easier to set up
Would it be easier to set up the Raspberry Pi as a wireless bridge and let the node do all the work?


Mark
 
Top
Thu, 08/23/2018 - 01:02
(Reply to #8)
AB8XA
Which Pi?  The one getting
Which Pi?  The one getting internet from the iPhone or the one at the other end serving it on Part 15?

Thanks
Top

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer