I'm trying to build home router from device with two ethernet ports (enp2s0 and enp3s0) and WiFI (wlo2), based on Ubuntu Server 22.
Everything is set, clients can connect via wifi to the router (it's IP Address 192.168.1.1), can get their IP addresses (192.168.1.11 and 192.168.1.12). But they have no internet access. And also each client can ping each other, but pinging the router always fails.
Can't understand what to do, because no error happens and DHCP and NAT works fine.
Configs:
/etc/netplan/00-installer-config.yaml
network:
version: 2
renderer: networkd
ethernets:
enp2s0:
ignore-carrier: true
dhcp4: false
optional: true
addresses:
- 192.168.1.2/24
enp3s0:
dhcp4: true
wifis:
wlo2:
dhcp4: false
addresses:
- 192.168.1.1/24
access-points:
"TestNetwork":
password: "myTestNetwork123"
/etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.200;
option domain-name-servers 8.8.8.8, 8.8.4.4;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option ntp-servers 192.168.1.1;
}
/etc/default/isc-dhcp-server
INTERFACESv4="enp2s0 wlo2"
INTERFACESv6=""
/etc/hostapd/hostapd.conf
interface=wlo2
driver=nl80211
ssid=TestNetwork
hw_mode=g
channel=1
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=myTestNetwork123
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
/etc/default/hostapd
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Traffic forwarding enabled with
sudo echo 1 | tee /proc/sys/net/ipv4/ip_forward
/etc/iptables/rules.v4
*filter
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A FORWARD -I enp2s0 -o enp3s0 -j ACCEPT
-A FORWARD -I wlo2 -o enp3s0 -j ACCEPT
-A FORWARD -I enp3s0 -o enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -I enp3s0 -o wlo2 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
*nat
-A POSTROUTING -o $WAN_INTERFACE -j MASQUERADE
COMMIT
Sysctl set with
echo "net.ipv4.ip_forward=1" | tee /etc/sysctl.conf
All services works. No errors found.
.10can ping.11and.11can ping.10. But.1can't ping both. And both can't ping.1. I'm novice in networks, but maybe it means something:enp3s0has another subnet, that was assigned automatically –192.168.2.ip routeto your question. I suspect the route to192.168.1/24goes throughenp2s0, whereas your clients are onwlo2. You will need to either putenp2s0in a different subnet, or joinenp2s0andwlo2on a bridge. You now have two interfaces in one alleged subnet, but it's not actually a subnet: it is split in the middle by your router.wlo2to subnet192.168.3. Now both interfaces –enp2s0andwlo2– have connection. The problem is that I want to see them in one subnet)) Because I need, that devices with ethernet and wifi connection can communicate with each other. I have TP Link Deco router, that allows such thing. So how can I do that? I tried to create bridge connection betweenenp2s0andwlo2, but got errorCan’t add wlo2 to bridge br0: Operation not supported