Fudong

Fudong

I love kernel.
I love debugging.

Internet Connection Sharing with Armbian

3 minute read

I need to work while travelling in the following couple of months, so I need all my devices connected to the internet, N1 has a Ethernet port and wireless module, so I can make wlan0 connect to WAN and share the internet via eth0 interface.

Setup Wireless Connection

nmcli is an handy utility which makes connect to router easier:

Search for The Wireless Router

$ nmcli dev wifi
IN-USE  BSSID              SSID                MODE   CHAN  RATE        SIGNAL  BARS  SECURITY
*       7E:03:AB:B0:15:89  bay                 Infra  8     117 Mbit/s  100     ▂▄▆█  WPA2
        FC:7C:02:03:D5:C5  hassio              Infra  11    540 Mbit/s  100     ▂▄▆█  WPA1 WPA2
        FC:7C:02:03:D5:C6  hassio              Infra  36    540 Mbit/s  100     ▂▄▆█  WPA1 WPA2

Connect to Desired Wireless Network

$ nmcli dev wifi connect $SSID password $password
Device 'wlan0' successfully activated with '9ac1e415-8cbe-45dd-ac88-cc5773828342'.

Show Device Status

$ nmcli dev status
DEVICE           TYPE      STATE         CONNECTION
wlan0            wifi      connected     bay
eth0             ethernet  connected     Ifupdown (eth0)
br-b42778c992e7  bridge    connected     br-b42778c992e7
docker0          bridge    connected     docker0
p2p-dev-wlan0    wifi-p2p  disconnected  --
lo               loopback  unmanaged     --

Forget Network

nmcli connection delete $SSID

Setup eth0 for LAN

eth0 is used for share internet with LAN, the WAN port of K3 router will be connected the this port, N1 act as both DHCP and DNS server, the IP address needs to be static:

sudo sed -i 's/iface eth0 inet dhcp/# iface eth0 inet dhcp/g' /etc/network/interfaces
sudo sed -i 's/#iface eth0 inet static/iface eth0 inet static/g' /etc/network/interfaces
sudo sed -i 's/#address 192.168.1.100/address 192.168.15.1/g' /etc/network/interfaces
sudo sed -i 's/#netmask 255.255.255.0/netmask 255.255.255.0/g' /etc/network/interfaces
sudo sed -i 's/#gateway 192.168.1.1/gateway 192.168.15.1/g' /etc/network/interfaces
sudo sed -i 's/#\thwaddress ether/hwaddress ether b8:27:eb:15:09:12/g' /etc/network/interfaces

DHCP

$ sudo apt install dnsmasq -y
echo 'interface=eth0' | sudo tee -a /etc/dnsmasq.conf
echo 'dhcp-range=192.168.15.10,192.168.15.150,12h' | sudo tee -a /etc/dnsmasq.conf
sudo /etc/init.d/dnsmasq restart

Now connect RPI to N1 via ethernet port, it will get an IP address.

NAT forwarding

sudo sysctl net.ipv4.ip_forward=1
sudo sysctl -p

sudo iptables -A FORWARD -o wlan0 -i eth0 -s 192.168.15.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -F POSTROUTING
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

sudo iptables-save | sudo tee /etc/iptables.sav
sudo sed -i '/exit 0/i \\niptables-restore < /etc/iptables.sav\n' /etc/rc.local

Now RPI should be able to access internet try to ping 203.208.50.66, if there is something wrong with it, go to the trouble shooting section.

DNS

sudo apt install openresolv -y
sudo sed -i '/name_servers/a \\nname_servers=8.8.8.8' /etc/resolvconf.conf
sudo resolvconf -u

Troubleshooting

Error: Connection activation failed: (7) Secrets were required, but not provided.

# nmcli dev wifi connect $SSID password $password
Error: Connection activation failed: (7) Secrets were required, but not provided.

Possibly you may have typed wrong password.

iptables/1.8.5 Failed to initialize nft: Protocol not supported

root@arm-64:~# iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables/1.8.5 Failed to initialize nft: Protocol not supported

ping command returned with unknown host google.com

Cannot ping google.com or any other domain name, it returns unknown host:

ping: unknown host google.com

Enable dnsmasq debugging with --log-queries option:

sudo /etc/init.d/dnsmasq stop
dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --no-daemon --log-queries

I can see the query, but there is no reply:

dnsmasq: query[A] www.google.com from 192.168.15.52
dnsmasq: forwarded www.google.com to 8.8.8.8

This issue is related to route table, I don’t know how to fix it right now, the quick answer is remove it manually:

sudo ip route del default via 192.168.15.1

Before removing:

$ ip route
default via 192.168.15.1 dev eth0 proto static metric 100
default via 192.168.100.1 dev wlan0 proto dhcp metric 600
169.254.0.0/16 dev eth0 scope link metric 1000
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-b42778c992e7 proto kernel scope link src 172.18.0.1 linkdown
192.168.15.0/24 dev eth0 proto kernel scope link src 192.168.15.1 metric 100
192.168.100.0/24 dev wlan0 proto kernel scope link src 192.168.100.7 metric 600

The first entry cause all the traffic go through eth0.

After:

$ ip route
default via 192.168.100.1 dev wlan0 proto dhcp metric 600
169.254.0.0/16 dev eth0 scope link metric 1000
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-b42778c992e7 proto kernel scope link src 172.18.0.1 linkdown
192.168.15.0/24 dev eth0 proto kernel scope link src 192.168.15.1 metric 100
192.168.100.0/24 dev wlan0 proto kernel scope link src 192.168.100.7 metric 600

Now, it’s working.

dnsmasq: query[A] google.com from 192.168.15.52
dnsmasq: forwarded google.com to 8.8.8.8
dnsmasq: reply google.com is 93.46.8.90

Android Hotspot not Recognized

I am trying to discover android hotspot with below three commands, none of them succeeded:

nmcli d w
iw dev wlan0 scan |grep SSID
iwlist wlan0 scan|grep SSID

A: Changing security to None, or changing SSID works, formerly I am using wtf as SSID, maybe that’s the problem.

References

You may also enjoy

Run clang 15 executable on legacy device

1 minute read

For a suspected memory leak issue on a legacy device running OpenWrt build with gcc-8, I need a toolchain with leak sanitizer support, so I try to generate o...