How to NAT when using iwd ap mode?

How to NAT when using iwd ap mode?

[KeithG]

[-- Attachment #1: Type: text/plain, Size: 1311 bytes --]

I have been trying to get ap mode to NAT and am unsuccessful. Is this possible?

I can get AP mode to work with this in /etc/iwd/main.conf

and I can get an IP address associated and I can connect to the
computer running iwd in ap mode. What I cannot do is NAT the wifi
connected device to the eth0 which has a valid connection.

[General]
UseDefaultInterface=true
EnableNetworkConfiguration=true
APRanges=192.168.5.0/24

After I get my AP running and connect, I tried to run these commands
to enable NAT:

# sysctl net.ipv4.ip_forward=1
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

When I try this, I get no 'internet' traffic from eth0.

Is this due to dns? Do I need to use iptables to NAT this?

When I run connman in tether mode it works. I can connect and I get
internet traffic over wlan connected devices. When I have iwd running
in AP mode, though, I cannot figure out how to share the eth0
connection to the wifi connected device(s).

Is there a guide on how to use the ap.iwd provisioning file? I am not
clear on how to use it. I created a file: /etc/iwd/ap.iwd and it does
not seem to use it. Where do you set the hostname?

Keith

Re: How to NAT when using iwd ap mode?

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 1585 bytes --]

Hi Keith,

On 5/25/21 12:21 PM, KeithG wrote:
> I have been trying to get ap mode to NAT and am unsuccessful. Is this possible?
> 
> I can get AP mode to work with this in /etc/iwd/main.conf
> 
> and I can get an IP address associated and I can connect to the
> computer running iwd in ap mode. What I cannot do is NAT the wifi
> connected device to the eth0 which has a valid connection.
> 
> [General]
> UseDefaultInterface=true
> EnableNetworkConfiguration=true
> APRanges=192.168.5.0/24
> 
> After I get my AP running and connect, I tried to run these commands
> to enable NAT:
> 
> # sysctl net.ipv4.ip_forward=1
> # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> # iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
> # iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
> 
> When I try this, I get no 'internet' traffic from eth0.
> 
> Is this due to dns? Do I need to use iptables to NAT this?
> 
> When I run connman in tether mode it works. I can connect and I get
> internet traffic over wlan connected devices. When I have iwd running
> in AP mode, though, I cannot figure out how to share the eth0
> connection to the wifi connected device(s).
> 
> Is there a guide on how to use the ap.iwd provisioning file? I am not
> clear on how to use it. I created a file: /etc/iwd/ap.iwd and it does
> not seem to use it. Where do you set the hostname?
> 

There isn't, so I came up with a very simple tutorial.  Feel free to improve it, 
add on to it, etc.

https://iwd.wiki.kernel.org/ap_mode

Regards,
-Denis

Re: How to NAT when using iwd ap mode?

[KeithG]

[-- Attachment #1: Type: text/plain, Size: 2045 bytes --]

On Wed, May 26, 2021 at 6:34 PM Denis Kenzior <denkenz@gmail.com> wrote:
>
> Hi Keith,
>
> On 5/25/21 12:21 PM, KeithG wrote:
> > I have been trying to get ap mode to NAT and am unsuccessful. Is this possible?
> >
> > I can get AP mode to work with this in /etc/iwd/main.conf
> >
> > and I can get an IP address associated and I can connect to the
> > computer running iwd in ap mode. What I cannot do is NAT the wifi
> > connected device to the eth0 which has a valid connection.
> >
> > [General]
> > UseDefaultInterface=true
> > EnableNetworkConfiguration=true
> > APRanges=192.168.5.0/24
> >
> > After I get my AP running and connect, I tried to run these commands
> > to enable NAT:
> >
> > # sysctl net.ipv4.ip_forward=1
> > # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> > # iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
> > # iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
> >
> > When I try this, I get no 'internet' traffic from eth0.
> >
> > Is this due to dns? Do I need to use iptables to NAT this?
> >
> > When I run connman in tether mode it works. I can connect and I get
> > internet traffic over wlan connected devices. When I have iwd running
> > in AP mode, though, I cannot figure out how to share the eth0
> > connection to the wifi connected device(s).
> >
> > Is there a guide on how to use the ap.iwd provisioning file? I am not
> > clear on how to use it. I created a file: /etc/iwd/ap.iwd and it does
> > not seem to use it. Where do you set the hostname?
> >
>
> There isn't, so I came up with a very simple tutorial.  Feel free to improve it,
> add on to it, etc.
>
> https://iwd.wiki.kernel.org/ap_mode
>
> Regards,
> -Denis

Denis,

Thanks, google did not help me find that page. It works for me. The
only thing I would ask is: why do we have to set the 'APRanges=' in
/etc/iwd/main.conf? Can this be set in ssid.ap? This is the only
setting that I have found that needs to be set in main.conf for ap
mode to work.

Keith

Re: How to NAT when using iwd ap mode?

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 658 bytes --]

Hi Keith,

> 
> Denis,
> 
> Thanks, google did not help me find that page. It works for me. The

Of course not, I added it yesterday ;)

> only thing I would ask is: why do we have to set the 'APRanges=' in
> /etc/iwd/main.conf? Can this be set in ssid.ap? This is the only
> setting that I have found that needs to be set in main.conf for ap
> mode to work.

There's some flux in iwd in this area as we're still fleshing out AP profiles 
and how they're used.  We're moving to making this setting optional in the 
future.  For now, you can set it to something reasonable; the settings in the AP 
profile take precedence.

Regards,
-Denis

Re: How to NAT when using iwd ap mode?

[KeithG]

[-- Attachment #1: Type: text/plain, Size: 1371 bytes --]

On Thu, May 27, 2021 at 10:34 AM Denis Kenzior <denkenz@gmail.com> wrote:
>
> Hi Keith,
>
> >
> > Denis,
> >
> > Thanks, google did not help me find that page. It works for me. The
>
> Of course not, I added it yesterday ;)
>
> > only thing I would ask is: why do we have to set the 'APRanges=' in
> > /etc/iwd/main.conf? Can this be set in ssid.ap? This is the only
> > setting that I have found that needs to be set in main.conf for ap
> > mode to work.
>
> There's some flux in iwd in this area as we're still fleshing out AP profiles
> and how they're used.  We're moving to making this setting optional in the
> future.  For now, you can set it to something reasonable; the settings in the AP
> profile take precedence.
>
> Regards,
> -Denis
Denis,

Wow, I feel like I am on the cutting edge. The instructions worked
great. I have even wrapped some php around it to automate it in our
little music player. Thanks for the guidance.

Is there a possibility for ap mode to scan in the near term or is that
a pipe dream? Is this something being worked on? The way I have it
working, now, is: I scan for SSIDs in station mode, save them to redis
then switch to ap mode and then can select one for setup. It would be
nice, though, if we could do a live scan, like we do with hostapd, to
get the list with current signal strength.

Keith