Why

  $ ping ya.ru
 ping: unknown host ya.ru

Comp1 (host Internet)

  $ ifconfig wlan0
 wlan0 Link encap: Ethernet HWaddr b8: 03: 05: c9: 3e: c5  
           inet addr: 192.168.0.2 Bcast: 192.168.0.255 Mask: 255.255.255.0
           inet6 addr: fe80 :: ba03: 5ff: fec9: 3ec5 / 64 Scope: Link
           UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1
           RX packets: 33086 errors: 0 dropped: 0 overruns: 0 frame: 0
           TX packets: 62823 errors: 0 dropped: 0 overruns: 0 carrier: 0
           collisions: 0 txqueuelen: 1000 
           RX bytes: 2797459 (2.7 MB) TX bytes: 90723494 (90.7 MB) 
и так делал 
  $ ip route
 default via 192.168.0.  2 dev wlan0 scope link metric 100 
 192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.2 metric 9

and so did

  $ ip route
 default via 192.168.0.  1 dev wlan0 scope link metric 100 
 192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.2 metric 9 
  $ sudo iptables-save
 : empty 


  $ nslookup ya.ru
 ;;  connection timed out;  no servers could be reached 
  $ ping 8.8.8.8
 connect: Network is unreachable

Comp2 (3g distributor)

  $ ifconfig -a
 eth0 Link encap: Ethernet HWaddr b8: 88: e3: 67: d4: 45  
           UP BROADCAST MULTICAST MTU: 1500 Metric: 1
           RX packets: 0 errors: 0 dropped: 0 overruns: 0 frame: 0
           TX packets: 0 errors: 0 dropped: 0 overruns: 0 carrier: 0
           collisions: 0 txqueuelen: 1000 
           RX bytes: 0 (0.0 B) TX bytes: 0 (0.0 B)

 lo Link encap: Local Loopback  
           inet addr: 127.0.0.1 Mask: 255.0.0.0
           inet6 addr: :: 1/128 Scope: Host
           UP LOOPBACK RUNNING MTU: 65536 Metric: 1
           RX packets: 5976 errors: 0 dropped: 0 overruns: 0 frame: 0
           TX packets: 5976 errors: 0 dropped: 0 overruns: 0 carrier: 0
           collisions: 0 txqueuelen: 0 
           RX bytes: 547759 (547.7 KB) TX bytes: 547759 (547.7 KB)

 ppp0 Link encap: Point-to-Point Protocol  
           inet addr: 10.225.20.196 PtP: 10.64.64.64 Mask: 255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST MTU: 1500 Metric: 1
           RX packets: 14699 errors: 0 dropped: 0 overruns: 0 frame: 0
           TX packets: 13627 errors: 0 dropped: 0 overruns: 0 carrier: 0
           collisions: 0 txqueuelen: 3 
           RX bytes: 11287729 (11.2 MB) TX bytes: 2950024 (2.9 MB)

 wlan0 Link encap: Ethernet HWaddr 50: b7: c3: 2a: 68: 31  
           inet addr: 192.168.0.1 Bcast: 192.168.0.255 Mask: 255.255.255.0
           inet6 addr: fe80 :: 52b7: c3ff: fe2a: 6831/64 Scope: Link
           UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1
           RX packets: 1000 errors: 0 dropped: 0 overruns: 0 frame: 0
           TX packets: 1021 errors: 0 dropped: 0 overruns: 0 carrier: 0
           collisions: 0 txqueuelen: 1000 
           RX bytes: 148348 (148.3 KB) TX bytes: 108966 (108.9 KB)

 wwan0 Link encap: Ethernet HWaddr 58: 2c: 80: 13: 92: 63  
           BROADCAST MULTICAST MTU: 1500 Metric: 1
           RX packets: 0 errors: 0 dropped: 0 overruns: 0 frame: 0
           TX packets: 0 errors: 0 dropped: 0 overruns: 0 carrier: 0
           collisions: 0 txqueuelen: 1000 
           RX bytes: 0 (0.0 B) TX bytes: 0 (0.0 B)

  $ ip route
 default via 10.64.64.64 dev ppp0 metric 100 
 10.64.64.64 dev ppp0 proto kernel scope link src 10.225.20.196 
 192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.1 metric 9 
  net.ipv4.ip_forward = 1

Even after the command:

  $ sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 10.0.0.0/24 -o ppp0 -j MASQUERADE

iptables is empty

  $ sudo iptables -L -v -n --line
 Chain INPUT (ACCEPT 11498 packets, 8572K bytes)
 num pkts bytes target prot opt ​​in out source destination         

 Chain FORWARD (policy ACCEPT 2 packets, 112 bytes)
 num pkts bytes target prot opt ​​in out source destination         

 Chain OUTPUT (policy ACCEPT 11183 packets, 2394K bytes)
 num pkts bytes target prot opt ​​in out source destination 
  $ sudo iptables-save
 # Generated by iptables-save v1.4.21 on Fri Aug 12 21:04:53 2016
 * nat
 : PREROUTING ACCEPT [437: 43281]
 : INPUT ACCEPT [389: 28232]
 : OUTPUT ACCEPT [1207: 218579]
 : POSTROUTING ACCEPT [66: 9831]
 -A POSTROUTING -o ppp0 -j MASQUERADE
 COMMIT
 # Completed on Fri Aug 12 21:04:53 2016
 # Generated by iptables-save v1.4.21 on Fri Aug 12 21:04:53 2016
 * filter
 : INPUT ACCEPT [29340: 31886316]
 : FORWARD ACCEPT [0: 0]
 : OUTPUT ACCEPT [21601: 3071749]
 -A FORWARD -s 192.168.0.0/24 -i wlan0 -o ppp0 -j ACCEPT
 -A FORWARD -d 192.168.0.0/24 -i ppp0 -o wlan0 -j ACCEPT
 COMMIT
 # Completed on Fri Aug 12 21:04:53 2016 
  $ nslookup ya.ru
 Server: 127.0.1.1
 Address: 127.0.1.1 # 53

 Non-authoritative answer:
 Name: ya.ru
 Address: 93.158.134.3
 Name: ya.ru
 Address: 213.180.193.3
 Name: ya.ru
 Address: 213.180.204.3

Made :

  • iptables -F
  • iptables -X
  • iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
  • iptables -A FORWARD -i wlan0 -o ppp0 -s 192.168.0.0/24 -j ACCEPT
  • iptables -A FORWARD -i ppp0 -o wlan0 -d 192.168.0.0/24 -j ACCEPT

Received

  $ sudo iptables -t nat -nvL
 Chain PREROUTING (policy ACCEPT 72 packets, 4357 bytes)
  pkts bytes target prot opt ​​in out source destination         

 Chain INPUT (policy ACCEPT 65 packets, 3965 bytes)
  pkts bytes target prot opt ​​in out source destination         

 Chain OUTPUT (policy ACCEPT 88 packets, 13008 bytes)
  pkts bytes target prot opt ​​in out source destination         

 Chain POSTROUTING (ACCEPT 5 packets, 890 bytes)
  pkts bytes target prot opt ​​in out source destination         
    90 12510 MASQUERADE all - * ppp0 0.0.0.0/0 0.0.0.0/0

But the masquerade does not work.

As a result, on comp2 there is an Internet and ping comp1. And on comp1 there is no internet, although ping comp2. Why is there no internet? (

  • one
    So, you add the rule to NAT mangle, but look at it completely wrong. First, reset the current iptables -F rules iptables -F and iptables -X then add iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE then make sure that it was added iptables -t nat -nvL still probably would not put forward iptables -A FORWARD -i wlan0 -o ppp0 -s 192.168.0.0/24 -j ACCEPT and iptables -A FORWARD -i ppp0 -o wlan0 -d 192.168.0.0/24 -j ACCEPT - nobody
  • 2
    please attach the sudo iptables-save command output on both computers. You can edit the question by clicking edit below the question text. - aleksandr barakin
  • 2
    And what do you use on the first computer as a DNS server? Show the output of nslookup ya.ru and ping 8.8.8.8 . - user194374 7:09 pm
  • I did everything as requested. - vvv
  • one
    Well, now the task is more complicated: on "comp1" run ping 8.8.8.8 , and on "comp2" alternately, with an interval of 15 seconds, run tcpdump -ni wlan0 host 8.8.8.8 and tcpdump -ni ppp0 host 8.8.8.8 - you are somewhere should see traffic from "comp1" in consequence of which to determine at what stage packets are lost. - nobody

2 answers 2

since the /etc/resolv.conf file is not mentioned in the question, it is most likely the case.

This file stores information needed by the system to convert domain names to ip-addresses (and vice versa).

at least it should contain a line of the form:

 nameserver ip-адрес

where the ip-адрес is the address of the dns-server (name server) , which, in fact, will perform (when it is accessed by your system) the above-mentioned conversion (for example, ya.ru93.158.134.3 ).

the “closer” the name server is, the faster the response will be received from it. You can take the address from a similar file from a second computer. or use some public:

  • Computer with the Internet $ cat /etc/resolv.conf # Dynamic resolv.conf (5) file for glibc resolver (3) generated by resolvconf (8) # YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0. 1.1 ____________________ a computer without an Internet, he has only comments, there was no nameserver I tried to put 8.8.8.8, 192.168.0.1, 127.0.0.1 nothing. - vvv
  • This is the local ip address. so as not to fool yourself, feel free to put the address of any public dns-server (examples in the answer). - aleksandr barakin
  • Well, this is the work of standards on a computer with an Internet, such an IP, I know what 127.0.0.0/24, 168.0.0.0/24, 10.0.0.0/24 is, I tried other IPs to enter it does not help. - vvv
  • ru.stackoverflow.com/questions/554522/#comment715446_554522 - aleksandr barakin
  • and output of the $ cat /proc/sys/net/ipv4/ip_forward on the second computer. - aleksandr barakin pm

On both computers registered in the /etc/resolv.conf file

  nameserver 8.8.8.8

Thank you @ alexander-barakin

Made on computer2 (with 3g Internet):

  • iptables -F
  • iptables -X
  • iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
  • iptables -A FORWARD -i wlan0 -o ppp0 -s 192.168.0.0/24 -j ACCEPT
  • iptables -A FORWARD -i ppp0 -o wlan0 -d 192.168.0.0/24 -j ACCEPT

Thank you @nobody

And earned. Thanks to all!)

  • of the five given commands, only a third is needed (and carries some meaning). - aleksandr barakin