Friday 10 April 2015

IP tables forward traffic between ethernet and wi-fi

Recently, I was asked to create a Linux based WI-fi access point using the new Raspberry Pi 2 Model B. This project had a .. happy ending, thanks to the numerous bloggers of the π community. Here, there and there just to mention a few.

What I wish to keep as a reference to this blog post is the iptables setup that allowed the device to forward IP v4 traffic between the Ethernet and the Wi-fi ports.

To get started create a file like /etc/iptables.ip-v4.nat containing the following:

# Generated by iptables-save v1.4.14 on Mon Mar 23 18:48:53 2015
*filter
:INPUT ACCEPT [121:10892]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:800]
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
COMMIT
# Completed on Mon Mar 23 18:48:53 2015
# Generated by iptables-save v1.4.14 on Mon Mar 23 18:48:53 2015
*nat
:PREROUTING ACCEPT [96:7931]
:INPUT ACCEPT [20:2899]
:OUTPUT ACCEPT [2:224]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Mar 23 18:48:53 2015

Next, edit /etc/network/interfaces and place the following after the wi-fi setup at the very end:

# Configure firewall to allow traffic between wlan0 and eth0
up iptables-restore < /etc/iptables.ip-v4.nat