search

coova / coova-chilli

CoovaChilli is an open-source software access controller for captive portal hotspots.
Other
518 stars 260 forks source link

NAT not working #253

Open alex-eri opened 8 years ago

alex-eri commented 8 years ago

On Linux 4.5.0-0.bpo.2-amd64 POSTROUTING chain not working while Chilli running.

iptables -t nat -L -n -v
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 
0 0 MASQUERADE all — * eth0 0.0.0.0/0 0.0.0.0/0 
0 0 MASQUERADE all — * eth1 0.0.0.0/0 0.0.0.0/0
morfair commented 8 years ago

On Debian 7 64bit 3.2.0-4-amd64 same problem.

muratbeser commented 8 years ago

I'm using Coova with Debian 6, 7, armbarian same operating system, I don't have any issues with MASQUERADE. Can you provide more information.

alex-eri commented 8 years ago

Problem is qemu related. It not works with virtio ethernet driver. Don`t know that happened. Masq. works good with realtek driver, also works good without chilli loaded with virtio.

morfair commented 8 years ago

@sevan why closed? it's bug!

sevan commented 8 years ago

@morfair the originator said "Problem is qemu related. It not works with virtio ethernet driver."

morfair commented 8 years ago

@sevan I think this coova-chilli bug exclusively, because all the rest work perfect in qemu with virtio eths.

sevan commented 8 years ago

Apologies, I misinterpreted the statement. Issue reopened

alex-eri commented 7 years ago

On VMware ESXi 5.5 NAT not working with VMWare adapters.

nzamps commented 7 years ago

We've seen this, but from memory it was the Adaptor type we were using - changing to E1000 fixed it.

- brian

On 18/04/2017, at 10:56 PM, alex-eri notifications@github.com wrote:

On VMware ESXi 5.5 nat not working too.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/coova/coova-chilli/issues/253#issuecomment-294782272, or mute the thread https://github.com/notifications/unsubscribe-auth/AGTfhxxiXP5LVK9YO39Ort0s_raNXppBks5rxJbdgaJpZM4Iv0wO.

alex-eri commented 7 years ago

I have it in nat 0 0 MASQUERADE all -- any any 192.168.43.0 anywhere rule was

iptables -t nat -A POSTROUTING -s 192.168.43.0/32 -j MASQUERADE

But forward have counted some bytes 463 29082 ACCEPT all -- tun-guest any anywhere anywhere

Both adapters changed to E1000 and lspci says

02:01.0 Ethernet controller: Intel Corporation 82545EM Gigabit Ethernet Controller (Copper) (rev 01)
02:02.0 Ethernet controller: Intel Corporation 82545EM Gigabit Ethernet Controller (Copper) (rev 01)

configuration is

tundev="tun-guest"
net="192.168.43.0/24"
dynip="192.168.43.11-192.168.43.250"
statip="192.168.43.2-192.168.43.10"
dns1="192.168.43.1"
dns2="77.88.8.8"
domaindnslocal
domain="local.domain"
ipup="/etc/chilli/up.sh"
ipdown="/etc/chilli/down.sh"
conup="/etc/chilli/conup.sh"
condown="/etc/chilli/condown.sh"
radiusserver1="external.ip"
radiusserver2="external.ip"
radiusauthport="1812"
radiusacctport="1813"
radiussecret="somesecret"
radiusnasid="router1.sometext"
nasmac="sometext"
dhcpif="eth1"
lease="600"
uamserver="http://external.domain/uam/register/"
uamallowed="external.ip"
uamdomain="external.domain"
uamanydns
macauth
macpasswd="password"
acctupdate
swapoctets
nzamps commented 7 years ago

The MASQ rule 192.168.43.0/32 isn't going to match anything - change it to 192.168.43.0/24

alex-eri commented 7 years ago

thanks. my bad