On Mon, Oct 02, 2017 at 08:04:55PM +0200, Lucio Marinelli wrote: > Ciao a tutti, ho un PC con Debian 9.1 collegato a internet via cavo > (interfaccia enp2s0) che vorrei utilizzare come router wifi. Ho collegato > un usb dongle Netgear che viene perfettamente riconosciuto (l'interfaccia > di rete viene chiamata wlxe0469aa53965 invece che wlan0). Ho quindi seguito > le istruzioni riportate qui per creare la rete wifi a cui collegare altri > dispositivi utilizzando hostapd: > > https://seravo.fi/2014/create-wireless-access-point-hostapd > > Di fatto ho creato una rete WiFi con indirizzi 192.168.8.0/24 che dovrebbe > riuscire a fare routing dei pacchetti sull'indirizzo IP della macchina > host. La rete funziona così come il DHCP e riesco quindi a collegarmi con > il cellulare o altri dispositivi, tuttavia i pacchetti non sembrano > entrare/uscire e quindi di fatto non funziona internet.
Non conosco ufw. Non vedo accenni al masquerading nella tua configurazione, o sbaglio? Se non intendi usare il NAT penso che il gateway a cui si allaccia enp2s0 dovrebbe esserne informato, aggiungendo la relativa route per 192.168.8.0/24. Un consiglio; data la complessità della tua configurazione paragonata al tutorial da cui hai preso spunto (e a molti altri tutorial simili) e date le difficoltà che stai avendo per far funzionare il tutto, cerca di tenere tutto il più semplice possibile. > Sapete dirmi dove è l'inghippo e come posso risolvere il problema? > > > Riporto di seguito l'attuale configurazione di iptables: > > Chain INPUT (policy DROP) > target prot opt source destination > ufw-before-logging-input all -- anywhere anywhere > ufw-before-input all -- anywhere anywhere > ufw-after-input all -- anywhere anywhere > ufw-after-logging-input all -- anywhere anywhere > ufw-reject-input all -- anywhere anywhere > ufw-track-input all -- anywhere anywhere > > Chain FORWARD (policy DROP) > target prot opt source destination > ufw-before-logging-forward all -- anywhere > anywhere > ufw-before-forward all -- anywhere anywhere > ufw-after-forward all -- anywhere anywhere > ufw-after-logging-forward all -- anywhere > anywhere > ufw-reject-forward all -- anywhere anywhere > ufw-track-forward all -- anywhere anywhere > ACCEPT all -- anywhere anywhere ctstate > RELATED,ESTABLISHED > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > ufw-before-logging-output all -- anywhere > anywhere > ufw-before-output all -- anywhere anywhere > ufw-after-output all -- anywhere anywhere > ufw-after-logging-output all -- anywhere anywhere > ufw-reject-output all -- anywhere anywhere > ufw-track-output all -- anywhere anywhere > > Chain ufw-after-forward (1 references) > target prot opt source destination > > Chain ufw-after-input (1 references) > target prot opt source destination > ufw-skip-to-policy-input udp -- anywhere > anywhere udp dpt:netbios-ns > ufw-skip-to-policy-input udp -- anywhere > anywhere udp dpt:netbios-dgm > ufw-skip-to-policy-input tcp -- anywhere > anywhere tcp dpt:netbios-ssn > ufw-skip-to-policy-input tcp -- anywhere > anywhere tcp dpt:microsoft-ds > ufw-skip-to-policy-input udp -- anywhere > anywhere udp dpt:bootps > ufw-skip-to-policy-input udp -- anywhere > anywhere udp dpt:bootpc > ufw-skip-to-policy-input all -- anywhere > anywhere ADDRTYPE match dst-type BROADCAST > > Chain ufw-after-logging-forward (1 references) > target prot opt source destination > LOG all -- anywhere anywhere limit: avg > 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " > > Chain ufw-after-logging-input (1 references) > target prot opt source destination > LOG all -- anywhere anywhere limit: avg > 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " > > Chain ufw-after-logging-output (1 references) > target prot opt source destination > > Chain ufw-after-output (1 references) > target prot opt source destination > > Chain ufw-before-forward (1 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere ctstate > RELATED,ESTABLISHED > ACCEPT icmp -- anywhere anywhere icmp > destination-unreachable > ACCEPT icmp -- anywhere anywhere icmp > source-quench > ACCEPT icmp -- anywhere anywhere icmp > time-exceeded > ACCEPT icmp -- anywhere anywhere icmp > parameter-problem > ACCEPT icmp -- anywhere anywhere icmp > echo-request > ufw-user-forward all -- anywhere anywhere > > Chain ufw-before-input (1 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > ACCEPT all -- anywhere anywhere ctstate > RELATED,ESTABLISHED > ufw-logging-deny all -- anywhere anywhere > ctstate INVALID > DROP all -- anywhere anywhere ctstate > INVALID > ACCEPT icmp -- anywhere anywhere icmp > destination-unreachable > ACCEPT icmp -- anywhere anywhere icmp > source-quench > ACCEPT icmp -- anywhere anywhere icmp > time-exceeded > ACCEPT icmp -- anywhere anywhere icmp > parameter-problem > ACCEPT icmp -- anywhere anywhere icmp > echo-request > ACCEPT udp -- anywhere anywhere udp > spt:bootps dpt:bootpc > ufw-not-local all -- anywhere anywhere > ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns > ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900 > ufw-user-input all -- anywhere anywhere > > Chain ufw-before-logging-forward (1 references) > target prot opt source destination > > Chain ufw-before-logging-input (1 references) > target prot opt source destination > > Chain ufw-before-logging-output (1 references) > target prot opt source destination > > Chain ufw-before-output (1 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > ACCEPT all -- anywhere anywhere ctstate > RELATED,ESTABLISHED > ufw-user-output all -- anywhere anywhere > > Chain ufw-logging-allow (0 references) > target prot opt source destination > LOG all -- anywhere anywhere limit: avg > 3/min burst 10 LOG level warning prefix "[UFW ALLOW] " > > Chain ufw-logging-deny (2 references) > target prot opt source destination > RETURN all -- anywhere anywhere ctstate > INVALID limit: avg 3/min burst 10 > LOG all -- anywhere anywhere limit: avg > 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " > > Chain ufw-not-local (1 references) > target prot opt source destination > RETURN all -- anywhere anywhere ADDRTYPE > match dst-type LOCAL > RETURN all -- anywhere anywhere ADDRTYPE > match dst-type MULTICAST > RETURN all -- anywhere anywhere ADDRTYPE > match dst-type BROADCAST > ufw-logging-deny all -- anywhere anywhere limit: > avg 3/min burst 10 > DROP all -- anywhere anywhere > > Chain ufw-reject-forward (1 references) > target prot opt source destination > > Chain ufw-reject-input (1 references) > target prot opt source destination > > Chain ufw-reject-output (1 references) > target prot opt source destination > > Chain ufw-skip-to-policy-forward (0 references) > target prot opt source destination > DROP all -- anywhere anywhere > > Chain ufw-skip-to-policy-input (7 references) > target prot opt source destination > DROP all -- anywhere anywhere > > Chain ufw-skip-to-policy-output (0 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > > Chain ufw-track-forward (1 references) > target prot opt source destination > > Chain ufw-track-input (1 references) > target prot opt source destination > > Chain ufw-track-output (1 references) > target prot opt source destination > ACCEPT tcp -- anywhere anywhere ctstate NEW > ACCEPT udp -- anywhere anywhere ctstate NEW > > Chain ufw-user-forward (1 references) > target prot opt source destination > > Chain ufw-user-input (1 references) > target prot opt source destination > ACCEPT tcp -- anywhere anywhere tcp dpt:ssh > ACCEPT tcp -- anywhere anywhere tcp dpt:http > ACCEPT udp -- anywhere anywhere udp dpt:bootps > ACCEPT tcp -- anywhere anywhere tcp dpt:domain > ACCEPT udp -- anywhere anywhere udp dpt:domain > > Chain ufw-user-limit (0 references) > target prot opt source destination > LOG all -- anywhere anywhere limit: avg > 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " > REJECT all -- anywhere anywhere reject-with > icmp-port-unreachable > > Chain ufw-user-limit-accept (0 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > > Chain ufw-user-logging-forward (0 references) > target prot opt source destination > > Chain ufw-user-logging-input (0 references) > target prot opt source destination > > Chain ufw-user-logging-output (0 references) > target prot opt source destination > > Chain ufw-user-output (1 references) > target prot opt source destination > ACCEPT udp -- anywhere anywhere udp dpt:bootps > ACCEPT tcp -- anywhere anywhere tcp dpt:domain > ACCEPT udp -- anywhere anywhere udp dpt:domain > > > Grazie! > > -- > Lucio Marinelli Saluti -- Felipe Salvador