|
Ok I have managed with it myself. The problem was indeed the missing netfilter_xt_match_state, but also systemd_resolved service was broken because of wrong time in the system.
BR
Piotr Lobacz
Od: networkmanager-list <networkmanager-list-bounces gnome org> w imieniu użytkownika Piotr Lobacz <piotr lobacz softgent com>
Wysłane: sobota, 6 lutego 2021 15:39 Do: networkmanager-list gnome org <networkmanager-list gnome org> Temat: ODP: NM 1.22.10 and hotspot
Ok i've found the problem. Missing CONFIG_NETFILTER_XT_MATCH_STATE=y in the kernel. Now the rule is being applied but i still don't have internet access.
Any suggestions?
Od: networkmanager-list <networkmanager-list-bounces gnome org> w imieniu użytkownika Piotr Lobacz <piotr lobacz softgent com>
Wysłane: sobota, 6 lutego 2021 13:58 Do: networkmanager-list gnome org <networkmanager-list gnome org> Temat: ODP: NM 1.22.10 and hotspot
BTW. i have found an error in NetworkManager during hotspot creation. This is the part of the log with the warn:
06 11:48:53 px30-64 NetworkManager[237]: <info> [1612612133.7233] Executing: /usr/sbin/iptables --table filter --insert INPUT --in-interface wlan0 --protocol tcp --destination-port 53 --jump ACCEPT
Feb 06 11:48:53 px30-64 NetworkManager[237]: <info> [1612612133.7342] Executing: /usr/sbin/iptables --table filter --insert INPUT --in-interface wlan0 --protocol udp --destination-port 53 --jump ACCEPT
Feb 06 11:48:53 px30-64 NetworkManager[237]: <info> [1612612133.7454] Executing: /usr/sbin/iptables --table filter --insert INPUT --in-interface wlan0 --protocol tcp --destination-port 67 --jump ACCEPT
Feb 06 11:48:53 px30-64 NetworkManager[237]: <info> [1612612133.7561] Executing: /usr/sbin/iptables --table filter --insert INPUT --in-interface wlan0 --protocol udp --destination-port 67 --jump ACCEPT
Feb 06 11:48:53 px30-64 NetworkManager[237]: <info> [1612612133.7670] Executing: /usr/sbin/iptables --table filter --insert FORWARD --in-interface wlan0 --jump REJECT
Feb 06 11:48:53 px30-64 NetworkManager[237]: <info> [1612612133.7769] Executing: /usr/sbin/iptables --table filter --insert FORWARD --out-interface wlan0 --jump REJECT
Feb 06 11:48:53 px30-64 NetworkManager[237]: <info> [1612612133.7868] Executing: /usr/sbin/iptables --table filter --insert FORWARD --in-interface wlan0 --out-interface wlan0 --jump ACCEPT
Feb 06 11:48:53 px30-64 NetworkManager[237]: <info> [1612612133.7964] Executing: /usr/sbin/iptables --table filter --insert FORWARD --source 10.42.0.0/255.255.255.0 --in-interface wlan0 --jump ACCEPT
Feb 06 11:48:53 px30-64 NetworkManager[237]: <info> [1612612133.8062] Executing: /usr/sbin/iptables --table filter --insert FORWARD --destination 10.42.0.0/255.255.255.0 --out-interface wlan0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
Feb 06 11:48:53 px30-64 NetworkManager[237]: <warn> [1612612133.8277] ** Command returned exit status 1.
Feb 06 11:48:53 px30-64 NetworkManager[237]: <info> [1612612133.8279] Executing: /usr/sbin/iptables --table nat --insert POSTROUTING --source 10.42.0.0/255.255.255.0 ! --destination 10.42.0.0/255.255.255.0 --jump MASQUERADE
So i suspect that this line
Feb 06 11:48:53 px30-64 NetworkManager[237]: <info> [1612612133.8062] Executing: /usr/sbin/iptables --table filter --insert FORWARD --destination 10.42.0.0/255.255.255.0 --out-interface
wlan0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
is causing the warning and i think that is why no internet access is being available for devices connected to the hotspot. The question is why?
Od: networkmanager-list <networkmanager-list-bounces gnome org> w imieniu użytkownika Piotr Lobacz <piotr lobacz softgent com>
Wysłane: sobota, 6 lutego 2021 03:46 Do: networkmanager-list gnome org <networkmanager-list gnome org> Temat: NM 1.22.10 and hotspot
Hi all,
i have successfully configured hotspot using this command:
nmcli device wifi hotspot password 12345678 ssid softgent
on px30 board which is using realtek wifi (out of tree driver). When i connect to my hotspot from my mobile it all works except that i have no internet access. I can log into this board using ssh from mobile but cannot ping it nor connect to any web.
using command iptables -S shows the output below:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -s 10.42.0.0/24 -i wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o wlan0 -j ACCEPT
-A FORWARD -o wlan0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i wlan0 -j REJECT --reject-with icmp-port-unreachable
The hotspot connection has ipv4 method=shared. I also use systemd-resolved and dnsmasq is being run by Network Manager.
Any ideas what can cause this situation?
Thanks in advance for any help.
Piotr Lobacz
Softgent Sp. z o.o., Budowlanych 31d, 80-298 Gdansk, POLAND KRS: 0000674406, NIP: 9581679801, REGON: 367090912 www.softgent.com Sąd Rejonowy Gdańsk-Północ w Gdańsku, VII Wydział Gospodarczy Krajowego Rejestru Sądowego KRS 0000674406, Kapitał zakładowy: 25 000,00 zł wpłacony w całości. |