Web Server access via second interface

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












1















I’m trying to access a Web Service (port 8080) on my Raspberry Pi via both of the following interfaces (which have static IPs):



  • Ethernet (eth0, 172.22.0.99, connected to a Netgear router).

  • Wi-Fi (wlan0, 172.24.1.1, providing an Access Point).

Currently, I can only access the web service if I connect to eth0 and gain an IP address 172.22.0.x.



If I connect to the Wi-Fi Access Point on wlan0 then I correctly acquire an IP Address 172.24.1.x, hence SSH works, but the web service is inaccessible (both http://172.22.0.99:8080 and http://172.24.1.1:8080).



I’ve been testing the above using a Windows 10 laptop. The actual problem is that I have a number of Arduinos which can connect to the Pi’s Wi-Fi Access Point (wlan0), but cannot then access the Pi’s Web Service. Hence instead I’m currently having to connect them via the Netgear router, and hence the Pi’s eth0. This is what I’m trying to avoid.



Aside: the Pi is also running:



  • OpenVPN, hence eth0 is bridged (br0, tap0).

  • A Wi-Fi sniffer (wlan1alfa, renameX).

  • 172.22.0.100/102/106/113 examples of a working Arduinos

Various outputs :



Windows 10 laptop when connected to the Pi’s Wi-Fi Access Point:



ipconfig (on laptop 172.24.1.42):



Wireless LAN adapter Wi-Fi:



Connection-specific DNS Suffix . :



Link-local IPv6 Address . . . . . : fe80::7489:b292:4e73:cbfd%2



IPv4 Address. . . . . . . . . . . :172.24.1.42



Subnet Mask . . . . . . . . . . . : 255.255.255.0



Default Gateway . . . . . . . . . : 172.24.1.1




http://172.22.0.99:8080/ (on laptop 172.24.1.42)



Unable to connect

Firefox can't establish a connection to the server at 172.22.0.99.

The site could be temporarily unavailable or too busy. Try again in a few moments.

If you are unable to load any pages, check your computer's network connection.

If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.


http://172.24.1.1:8080/ (on laptop 172.24.1.42)



The connection has timed out

The server at 172.24.1.1 is taking too long to respond.

The site could be temporarily unavailable or too busy. Try again in a few moments.

If you are unable to load any pages, check your computer's network connection.

If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.


Pi:



$ ifconfig



br0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
inet addr:172.22.0.99 Bcast:172.22.255.255 Mask:255.255.0.0
inet6 addr: fe80::ba27:ebff:fe1a:16a3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1150213 errors:0 dropped:0 overruns:0 frame:0
TX packets:431995 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:200587924 (191.2 MiB) TX bytes:137714386 (131.3 MiB)

eth0 Link encap:Ethernet HWaddr b8:27:eb:1a:16:a3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1150375 errors:0 dropped:0 overruns:0 frame:0
TX packets:449400 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:200603903 (191.3 MiB) TX bytes:143711369 (137.0 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1128130 errors:0 dropped:0 overruns:0 frame:0
TX packets:1128130 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:129944607 (123.9 MiB) TX bytes:129944607 (123.9 MiB)

rename7 Link encap:UNSPEC HWaddr 00-C0-CA-8F-F8-1D-30-30-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2753461 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:328484228 (313.2 MiB) TX bytes:0 (0.0 B)

tap0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
inet6 addr: fe80::8085:54ff:fe54:e18c/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:644390 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:135759131 (129.4 MiB)

wlan0 Link encap:Ethernet HWaddr b8:27:eb:4f:43:f6
inet addr:172.24.1.1 Bcast:172.24.1.255 Mask:255.255.255.0
inet6 addr: fe80::f446:4155:5d19:860a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:479547 errors:0 dropped:0 overruns:0 frame:0
TX packets:488461 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:30867423 (29.4 MiB) TX bytes:40144827 (38.2 MiB)


$ ip route



default via 172.22.0.1 dev br0 metric 205
default via 172.24.1.1 dev wlan0 metric 303
172.22.0.0/16 dev br0 proto kernel scope link src 172.22.0.99 metric 205
172.24.1.0/24 dev wlan0 proto kernel scope link src 172.24.1.1 metric 303


$ ip addr show



1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether b8:27:eb:1a:16:a3 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:4f:43:f6 brd ff:ff:ff:ff:ff:ff
inet 172.24.1.1/24 brd 172.24.1.255 scope global wlan0
valid_lft forever preferred_lft forever
inet6 fe80::f446:4155:5d19:860a/64 scope link
valid_lft forever preferred_lft forever
4: wlan1alfa: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
inet 172.22.0.99/16 brd 172.22.255.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::ba27:ebff:fe1a:16a3/64 scope link
valid_lft forever preferred_lft forever
6: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 100
link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
inet6 fe80::8085:54ff:fe54:e18c/64 scope link
valid_lft forever preferred_lft forever
7: rename7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN group default qlen 1000
link/ieee802.11/radiotap 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff


iptables:



# Add a masquerade for outbound traffic on eth0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

..
echo " # Forward WLAN to Eth, and back (note: incoming initiated on WLAN do not get to LAN)"

sudo iptables -A FORWARD -i wlan0 -o eth0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_WLAN0_to_Eth0

sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_Eth0_backTo_WLAN0

sudo iptables -A FORWARD -i eth0 -o wlan0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_eth0_to_wlan0

sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_wlan0_to_eth0


$ tail /var/log/messages from iptables (with everything being logged whether Accepted or Dropped):



trying http://172.22.0.99:8080 :



• Feb 18 13:23:25 shep kernel: [1630978.112563] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26841 PROTO=TCP SPT=51634 DPT=22 WINDOW=66 RES=0x00 ACK URGP=0
• Feb 18 13:23:37 shep kernel: [1630990.317785] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=26843 PROTO=TCP SPT=51634 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
• Feb 18 13:23:37 shep kernel: [1630990.318185] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=104 TOS=0x10 PREC=0x00 TTL=64 ID=54479 DF PROTO=TCP SPT=22 DPT=51634 WINDOW=424 RES=0x00 ACK PSH URGP=0
• Feb 18 13:23:49 shep kernel: [1631002.193203] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26851 DF PROTO=TCP SPT=51642 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
• Feb 18 13:23:49 shep kernel: [1631002.193337] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51503 DF PROTO=TCP SPT=80 DPT=51642 WINDOW=0 RES=0x00 ACK RST URGP=0
• Feb 18 13:24:01 shep kernel: [1631014.835337] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
• Feb 18 13:24:01 shep kernel: [1631014.835409] IPTables-Accepted-I: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
• Feb 18 13:24:27 shep kernel: [1631039.962078] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26874 DF PROTO=TCP SPT=51648 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
• Feb 18 13:24:27 shep kernel: [1631039.962176] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53485 DF PROTO=TCP SPT=80 DPT=51648 WINDOW=0 RES=0x00 ACK RST URGP=0
• Feb 18 13:24:37 shep kernel: [1631050.042812] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=55862 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
• Feb 18 13:24:37 shep kernel: [1631050.065256] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=31426 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1200 RES=0x00 ACK URGP=0
• Feb 18 13:24:49 shep kernel: [1631062.130744] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=31430 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1672 RES=0x00 ACK PSH URGP=0
• Feb 18 13:24:49 shep kernel: [1631062.131706] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=519 TOS=0x00 PREC=0x00 TTL=64 ID=55865 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
• Feb 18 13:25:01 shep kernel: [1631074.255485] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=165 TOS=0x00 PREC=0x00 TTL=255 ID=31435 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1645 RES=0x00 ACK PSH URGP=0
• Feb 18 13:25:01 shep kernel: [1631074.301286] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 (Arduino) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=55867 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK URGP=0


trying http://172.24.1.1:8080 :



• Feb 18 15:14:15 shep kernel: [1637627.961592] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:92:d6:08:00 SRC=172.22.0.102 (Arduino 2) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=72 PROTO=TCP SPT=52001 DPT=8080 WINDOW=1875 RES=0x00 ACK FIN URGP=0
• Feb 18 15:14:15 shep kernel: [1637627.961831] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.102 (Arduino 2) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11122 DF PROTO=TCP SPT=8080 DPT=52001 WINDOW=29200 RES=0x00 ACK FIN URGP=0
• Feb 18 15:14:25 shep kernel: [1637638.193698] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:5c:cf:7f:3c:59:86:08:00 SRC=172.24.1.106 (Arduino 3) DST=172.22.0.99 LEN=81 TOS=0x00 PREC=0x00 TTL=255 ID=16314 PROTO=TCP SPT=49154 DPT=1883 WINDOW=1884 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:25 shep kernel: [1637638.194012] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=93 TOS=0x00 PREC=0x00 TTL=64 ID=3867 DF PROTO=TCP SPT=1883 DPT=50392 WINDOW=6231 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:35 shep kernel: [1637648.508430] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=27282 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=64 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:35 shep kernel: [1637648.508521] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=31818 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
• Feb 18 15:14:48 shep kernel: [1637661.183931] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=27329 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:48 shep kernel: [1637661.187210] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 LEN=1500 TOS=0x10 PREC=0x00 TTL=64 ID=31852 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
• Feb 18 15:14:58 shep kernel: [1637671.438928] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:96:51:08:00 SRC=172.22.0.100 (Arduino 4) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=1463 PROTO=TCP SPT=52080 DPT=8080 WINDOW=1680 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:58 shep kernel: [1637671.440119] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.100 (Arduino 4) LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=60505 DF PROTO=TCP SPT=8080 DPT=52080 WINDOW=29200 RES=0x00 ACK PSH URGP=0


Edit 1 (but see Edit 2). The Web Service is 'domoticz':



$ sudo netstat -taupen | grep LISTEN

tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 15295 1847/smbd
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1000 11927 1437/Xtightvnc
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 1000 11924 1437/Xtightvnc
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 0 14462 1154/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 14453 1143/sshd
tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN 1000 15768 716/node-red
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 0 11708 903/mosquitto
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 15294 1847/smbd
tcp6 0 0 :::139 :::* LISTEN 0 15293 1847/smbd
tcp6 0 0 :::8080 :::* LISTEN 1000 4902627 25249/domoticz
tcp6 0 0 :::53 :::* LISTEN 0 14464 1154/dnsmasq
tcp6 0 0 :::22 :::* LISTEN 0 14455 1143/sshd
tcp6 0 0 :::1883 :::* LISTEN 0 11709 903/mosquitto
tcp6 0 0 :::445 :::* LISTEN 0 15292 1847/smbd
tcp6 0 0 :::6144 :::* LISTEN 1000 4902635 25249/domoticz


$ netstat -ntl



Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::53 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::1883 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 :::6144 :::* LISTEN


Edit 2: Following a configuration change, the Domoticz Web Server is now listening on 0.0.0.0:8080, but still fails as above.




$ sudo netstat -taupen | grep domoticz



tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1000 21943078 27425/domoticz <<---
tcp 0 0 172.22.0.99:8080 172.22.0.102:52060 ESTABLISHED 1000 21949101 27425/domoticz
tcp 0 0 172.22.0.99:8080 172.22.0.100:52135 ESTABLISHED 1000 21949100 27425/domoticz
tcp 0 0 172.22.0.99:58528 172.22.0.99:1883 ESTABLISHED 1000 21946463 27425/domoticz
tcp6 0 0 :::6144 :::* LISTEN 1000 21943086 27425/domoticz










share|improve this question




























    1















    I’m trying to access a Web Service (port 8080) on my Raspberry Pi via both of the following interfaces (which have static IPs):



    • Ethernet (eth0, 172.22.0.99, connected to a Netgear router).

    • Wi-Fi (wlan0, 172.24.1.1, providing an Access Point).

    Currently, I can only access the web service if I connect to eth0 and gain an IP address 172.22.0.x.



    If I connect to the Wi-Fi Access Point on wlan0 then I correctly acquire an IP Address 172.24.1.x, hence SSH works, but the web service is inaccessible (both http://172.22.0.99:8080 and http://172.24.1.1:8080).



    I’ve been testing the above using a Windows 10 laptop. The actual problem is that I have a number of Arduinos which can connect to the Pi’s Wi-Fi Access Point (wlan0), but cannot then access the Pi’s Web Service. Hence instead I’m currently having to connect them via the Netgear router, and hence the Pi’s eth0. This is what I’m trying to avoid.



    Aside: the Pi is also running:



    • OpenVPN, hence eth0 is bridged (br0, tap0).

    • A Wi-Fi sniffer (wlan1alfa, renameX).

    • 172.22.0.100/102/106/113 examples of a working Arduinos

    Various outputs :



    Windows 10 laptop when connected to the Pi’s Wi-Fi Access Point:



    ipconfig (on laptop 172.24.1.42):



    Wireless LAN adapter Wi-Fi:



    Connection-specific DNS Suffix . :



    Link-local IPv6 Address . . . . . : fe80::7489:b292:4e73:cbfd%2



    IPv4 Address. . . . . . . . . . . :172.24.1.42



    Subnet Mask . . . . . . . . . . . : 255.255.255.0



    Default Gateway . . . . . . . . . : 172.24.1.1




    http://172.22.0.99:8080/ (on laptop 172.24.1.42)



    Unable to connect

    Firefox can't establish a connection to the server at 172.22.0.99.

    The site could be temporarily unavailable or too busy. Try again in a few moments.

    If you are unable to load any pages, check your computer's network connection.

    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.


    http://172.24.1.1:8080/ (on laptop 172.24.1.42)



    The connection has timed out

    The server at 172.24.1.1 is taking too long to respond.

    The site could be temporarily unavailable or too busy. Try again in a few moments.

    If you are unable to load any pages, check your computer's network connection.

    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.


    Pi:



    $ ifconfig



    br0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
    inet addr:172.22.0.99 Bcast:172.22.255.255 Mask:255.255.0.0
    inet6 addr: fe80::ba27:ebff:fe1a:16a3/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:1150213 errors:0 dropped:0 overruns:0 frame:0
    TX packets:431995 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:200587924 (191.2 MiB) TX bytes:137714386 (131.3 MiB)

    eth0 Link encap:Ethernet HWaddr b8:27:eb:1a:16:a3
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:1150375 errors:0 dropped:0 overruns:0 frame:0
    TX packets:449400 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:200603903 (191.3 MiB) TX bytes:143711369 (137.0 MiB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:65536 Metric:1
    RX packets:1128130 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1128130 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1
    RX bytes:129944607 (123.9 MiB) TX bytes:129944607 (123.9 MiB)

    rename7 Link encap:UNSPEC HWaddr 00-C0-CA-8F-F8-1D-30-30-00-00-00-00-00-00-00-00
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:2753461 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:328484228 (313.2 MiB) TX bytes:0 (0.0 B)

    tap0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
    inet6 addr: fe80::8085:54ff:fe54:e18c/64 Scope:Link
    UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:644390 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:0 (0.0 B) TX bytes:135759131 (129.4 MiB)

    wlan0 Link encap:Ethernet HWaddr b8:27:eb:4f:43:f6
    inet addr:172.24.1.1 Bcast:172.24.1.255 Mask:255.255.255.0
    inet6 addr: fe80::f446:4155:5d19:860a/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:479547 errors:0 dropped:0 overruns:0 frame:0
    TX packets:488461 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:30867423 (29.4 MiB) TX bytes:40144827 (38.2 MiB)


    $ ip route



    default via 172.22.0.1 dev br0 metric 205
    default via 172.24.1.1 dev wlan0 metric 303
    172.22.0.0/16 dev br0 proto kernel scope link src 172.22.0.99 metric 205
    172.24.1.0/24 dev wlan0 proto kernel scope link src 172.24.1.1 metric 303


    $ ip addr show



    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether b8:27:eb:1a:16:a3 brd ff:ff:ff:ff:ff:ff
    3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:4f:43:f6 brd ff:ff:ff:ff:ff:ff
    inet 172.24.1.1/24 brd 172.24.1.255 scope global wlan0
    valid_lft forever preferred_lft forever
    inet6 fe80::f446:4155:5d19:860a/64 scope link
    valid_lft forever preferred_lft forever
    4: wlan1alfa: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff
    5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
    inet 172.22.0.99/16 brd 172.22.255.255 scope global br0
    valid_lft forever preferred_lft forever
    inet6 fe80::ba27:ebff:fe1a:16a3/64 scope link
    valid_lft forever preferred_lft forever
    6: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 100
    link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::8085:54ff:fe54:e18c/64 scope link
    valid_lft forever preferred_lft forever
    7: rename7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN group default qlen 1000
    link/ieee802.11/radiotap 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff


    iptables:



    # Add a masquerade for outbound traffic on eth0
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    ..
    echo " # Forward WLAN to Eth, and back (note: incoming initiated on WLAN do not get to LAN)"

    sudo iptables -A FORWARD -i wlan0 -o eth0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_WLAN0_to_Eth0

    sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_Eth0_backTo_WLAN0

    sudo iptables -A FORWARD -i eth0 -o wlan0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_eth0_to_wlan0

    sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_wlan0_to_eth0


    $ tail /var/log/messages from iptables (with everything being logged whether Accepted or Dropped):



    trying http://172.22.0.99:8080 :



    • Feb 18 13:23:25 shep kernel: [1630978.112563] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26841 PROTO=TCP SPT=51634 DPT=22 WINDOW=66 RES=0x00 ACK URGP=0
    • Feb 18 13:23:37 shep kernel: [1630990.317785] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=26843 PROTO=TCP SPT=51634 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
    • Feb 18 13:23:37 shep kernel: [1630990.318185] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=104 TOS=0x10 PREC=0x00 TTL=64 ID=54479 DF PROTO=TCP SPT=22 DPT=51634 WINDOW=424 RES=0x00 ACK PSH URGP=0
    • Feb 18 13:23:49 shep kernel: [1631002.193203] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26851 DF PROTO=TCP SPT=51642 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
    • Feb 18 13:23:49 shep kernel: [1631002.193337] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51503 DF PROTO=TCP SPT=80 DPT=51642 WINDOW=0 RES=0x00 ACK RST URGP=0
    • Feb 18 13:24:01 shep kernel: [1631014.835337] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
    • Feb 18 13:24:01 shep kernel: [1631014.835409] IPTables-Accepted-I: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
    • Feb 18 13:24:27 shep kernel: [1631039.962078] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26874 DF PROTO=TCP SPT=51648 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
    • Feb 18 13:24:27 shep kernel: [1631039.962176] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53485 DF PROTO=TCP SPT=80 DPT=51648 WINDOW=0 RES=0x00 ACK RST URGP=0
    • Feb 18 13:24:37 shep kernel: [1631050.042812] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=55862 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
    • Feb 18 13:24:37 shep kernel: [1631050.065256] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=31426 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1200 RES=0x00 ACK URGP=0
    • Feb 18 13:24:49 shep kernel: [1631062.130744] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=31430 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1672 RES=0x00 ACK PSH URGP=0
    • Feb 18 13:24:49 shep kernel: [1631062.131706] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=519 TOS=0x00 PREC=0x00 TTL=64 ID=55865 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
    • Feb 18 13:25:01 shep kernel: [1631074.255485] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=165 TOS=0x00 PREC=0x00 TTL=255 ID=31435 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1645 RES=0x00 ACK PSH URGP=0
    • Feb 18 13:25:01 shep kernel: [1631074.301286] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 (Arduino) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=55867 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK URGP=0


    trying http://172.24.1.1:8080 :



    • Feb 18 15:14:15 shep kernel: [1637627.961592] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:92:d6:08:00 SRC=172.22.0.102 (Arduino 2) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=72 PROTO=TCP SPT=52001 DPT=8080 WINDOW=1875 RES=0x00 ACK FIN URGP=0
    • Feb 18 15:14:15 shep kernel: [1637627.961831] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.102 (Arduino 2) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11122 DF PROTO=TCP SPT=8080 DPT=52001 WINDOW=29200 RES=0x00 ACK FIN URGP=0
    • Feb 18 15:14:25 shep kernel: [1637638.193698] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:5c:cf:7f:3c:59:86:08:00 SRC=172.24.1.106 (Arduino 3) DST=172.22.0.99 LEN=81 TOS=0x00 PREC=0x00 TTL=255 ID=16314 PROTO=TCP SPT=49154 DPT=1883 WINDOW=1884 RES=0x00 ACK PSH URGP=0
    • Feb 18 15:14:25 shep kernel: [1637638.194012] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=93 TOS=0x00 PREC=0x00 TTL=64 ID=3867 DF PROTO=TCP SPT=1883 DPT=50392 WINDOW=6231 RES=0x00 ACK PSH URGP=0
    • Feb 18 15:14:35 shep kernel: [1637648.508430] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=27282 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=64 RES=0x00 ACK PSH URGP=0
    • Feb 18 15:14:35 shep kernel: [1637648.508521] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=31818 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
    • Feb 18 15:14:48 shep kernel: [1637661.183931] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=27329 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
    • Feb 18 15:14:48 shep kernel: [1637661.187210] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 LEN=1500 TOS=0x10 PREC=0x00 TTL=64 ID=31852 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
    • Feb 18 15:14:58 shep kernel: [1637671.438928] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:96:51:08:00 SRC=172.22.0.100 (Arduino 4) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=1463 PROTO=TCP SPT=52080 DPT=8080 WINDOW=1680 RES=0x00 ACK PSH URGP=0
    • Feb 18 15:14:58 shep kernel: [1637671.440119] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.100 (Arduino 4) LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=60505 DF PROTO=TCP SPT=8080 DPT=52080 WINDOW=29200 RES=0x00 ACK PSH URGP=0


    Edit 1 (but see Edit 2). The Web Service is 'domoticz':



    $ sudo netstat -taupen | grep LISTEN

    tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 15295 1847/smbd
    tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1000 11927 1437/Xtightvnc
    tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 1000 11924 1437/Xtightvnc
    tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 0 14462 1154/dnsmasq
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 14453 1143/sshd
    tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN 1000 15768 716/node-red
    tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 0 11708 903/mosquitto
    tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 15294 1847/smbd
    tcp6 0 0 :::139 :::* LISTEN 0 15293 1847/smbd
    tcp6 0 0 :::8080 :::* LISTEN 1000 4902627 25249/domoticz
    tcp6 0 0 :::53 :::* LISTEN 0 14464 1154/dnsmasq
    tcp6 0 0 :::22 :::* LISTEN 0 14455 1143/sshd
    tcp6 0 0 :::1883 :::* LISTEN 0 11709 903/mosquitto
    tcp6 0 0 :::445 :::* LISTEN 0 15292 1847/smbd
    tcp6 0 0 :::6144 :::* LISTEN 1000 4902635 25249/domoticz


    $ netstat -ntl



    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
    tcp6 0 0 :::139 :::* LISTEN
    tcp6 0 0 :::8080 :::* LISTEN
    tcp6 0 0 :::53 :::* LISTEN
    tcp6 0 0 :::22 :::* LISTEN
    tcp6 0 0 :::1883 :::* LISTEN
    tcp6 0 0 :::445 :::* LISTEN
    tcp6 0 0 :::6144 :::* LISTEN


    Edit 2: Following a configuration change, the Domoticz Web Server is now listening on 0.0.0.0:8080, but still fails as above.




    $ sudo netstat -taupen | grep domoticz



    tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1000 21943078 27425/domoticz <<---
    tcp 0 0 172.22.0.99:8080 172.22.0.102:52060 ESTABLISHED 1000 21949101 27425/domoticz
    tcp 0 0 172.22.0.99:8080 172.22.0.100:52135 ESTABLISHED 1000 21949100 27425/domoticz
    tcp 0 0 172.22.0.99:58528 172.22.0.99:1883 ESTABLISHED 1000 21946463 27425/domoticz
    tcp6 0 0 :::6144 :::* LISTEN 1000 21943086 27425/domoticz










    share|improve this question


























      1












      1








      1








      I’m trying to access a Web Service (port 8080) on my Raspberry Pi via both of the following interfaces (which have static IPs):



      • Ethernet (eth0, 172.22.0.99, connected to a Netgear router).

      • Wi-Fi (wlan0, 172.24.1.1, providing an Access Point).

      Currently, I can only access the web service if I connect to eth0 and gain an IP address 172.22.0.x.



      If I connect to the Wi-Fi Access Point on wlan0 then I correctly acquire an IP Address 172.24.1.x, hence SSH works, but the web service is inaccessible (both http://172.22.0.99:8080 and http://172.24.1.1:8080).



      I’ve been testing the above using a Windows 10 laptop. The actual problem is that I have a number of Arduinos which can connect to the Pi’s Wi-Fi Access Point (wlan0), but cannot then access the Pi’s Web Service. Hence instead I’m currently having to connect them via the Netgear router, and hence the Pi’s eth0. This is what I’m trying to avoid.



      Aside: the Pi is also running:



      • OpenVPN, hence eth0 is bridged (br0, tap0).

      • A Wi-Fi sniffer (wlan1alfa, renameX).

      • 172.22.0.100/102/106/113 examples of a working Arduinos

      Various outputs :



      Windows 10 laptop when connected to the Pi’s Wi-Fi Access Point:



      ipconfig (on laptop 172.24.1.42):



      Wireless LAN adapter Wi-Fi:



      Connection-specific DNS Suffix . :



      Link-local IPv6 Address . . . . . : fe80::7489:b292:4e73:cbfd%2



      IPv4 Address. . . . . . . . . . . :172.24.1.42



      Subnet Mask . . . . . . . . . . . : 255.255.255.0



      Default Gateway . . . . . . . . . : 172.24.1.1




      http://172.22.0.99:8080/ (on laptop 172.24.1.42)



      Unable to connect

      Firefox can't establish a connection to the server at 172.22.0.99.

      The site could be temporarily unavailable or too busy. Try again in a few moments.

      If you are unable to load any pages, check your computer's network connection.

      If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.


      http://172.24.1.1:8080/ (on laptop 172.24.1.42)



      The connection has timed out

      The server at 172.24.1.1 is taking too long to respond.

      The site could be temporarily unavailable or too busy. Try again in a few moments.

      If you are unable to load any pages, check your computer's network connection.

      If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.


      Pi:



      $ ifconfig



      br0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
      inet addr:172.22.0.99 Bcast:172.22.255.255 Mask:255.255.0.0
      inet6 addr: fe80::ba27:ebff:fe1a:16a3/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:1150213 errors:0 dropped:0 overruns:0 frame:0
      TX packets:431995 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:200587924 (191.2 MiB) TX bytes:137714386 (131.3 MiB)

      eth0 Link encap:Ethernet HWaddr b8:27:eb:1a:16:a3
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:1150375 errors:0 dropped:0 overruns:0 frame:0
      TX packets:449400 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:200603903 (191.3 MiB) TX bytes:143711369 (137.0 MiB)

      lo Link encap:Local Loopback
      inet addr:127.0.0.1 Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING MTU:65536 Metric:1
      RX packets:1128130 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1128130 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1
      RX bytes:129944607 (123.9 MiB) TX bytes:129944607 (123.9 MiB)

      rename7 Link encap:UNSPEC HWaddr 00-C0-CA-8F-F8-1D-30-30-00-00-00-00-00-00-00-00
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:2753461 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:328484228 (313.2 MiB) TX bytes:0 (0.0 B)

      tap0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
      inet6 addr: fe80::8085:54ff:fe54:e18c/64 Scope:Link
      UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:644390 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100
      RX bytes:0 (0.0 B) TX bytes:135759131 (129.4 MiB)

      wlan0 Link encap:Ethernet HWaddr b8:27:eb:4f:43:f6
      inet addr:172.24.1.1 Bcast:172.24.1.255 Mask:255.255.255.0
      inet6 addr: fe80::f446:4155:5d19:860a/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:479547 errors:0 dropped:0 overruns:0 frame:0
      TX packets:488461 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:30867423 (29.4 MiB) TX bytes:40144827 (38.2 MiB)


      $ ip route



      default via 172.22.0.1 dev br0 metric 205
      default via 172.24.1.1 dev wlan0 metric 303
      172.22.0.0/16 dev br0 proto kernel scope link src 172.22.0.99 metric 205
      172.24.1.0/24 dev wlan0 proto kernel scope link src 172.24.1.1 metric 303


      $ ip addr show



      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
      inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
      2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
      link/ether b8:27:eb:1a:16:a3 brd ff:ff:ff:ff:ff:ff
      3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether b8:27:eb:4f:43:f6 brd ff:ff:ff:ff:ff:ff
      inet 172.24.1.1/24 brd 172.24.1.255 scope global wlan0
      valid_lft forever preferred_lft forever
      inet6 fe80::f446:4155:5d19:860a/64 scope link
      valid_lft forever preferred_lft forever
      4: wlan1alfa: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
      link/ether 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff
      5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
      link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
      inet 172.22.0.99/16 brd 172.22.255.255 scope global br0
      valid_lft forever preferred_lft forever
      inet6 fe80::ba27:ebff:fe1a:16a3/64 scope link
      valid_lft forever preferred_lft forever
      6: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 100
      link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
      inet6 fe80::8085:54ff:fe54:e18c/64 scope link
      valid_lft forever preferred_lft forever
      7: rename7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN group default qlen 1000
      link/ieee802.11/radiotap 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff


      iptables:



      # Add a masquerade for outbound traffic on eth0
      iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

      ..
      echo " # Forward WLAN to Eth, and back (note: incoming initiated on WLAN do not get to LAN)"

      sudo iptables -A FORWARD -i wlan0 -o eth0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_WLAN0_to_Eth0

      sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_Eth0_backTo_WLAN0

      sudo iptables -A FORWARD -i eth0 -o wlan0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_eth0_to_wlan0

      sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_wlan0_to_eth0


      $ tail /var/log/messages from iptables (with everything being logged whether Accepted or Dropped):



      trying http://172.22.0.99:8080 :



      • Feb 18 13:23:25 shep kernel: [1630978.112563] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26841 PROTO=TCP SPT=51634 DPT=22 WINDOW=66 RES=0x00 ACK URGP=0
      • Feb 18 13:23:37 shep kernel: [1630990.317785] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=26843 PROTO=TCP SPT=51634 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
      • Feb 18 13:23:37 shep kernel: [1630990.318185] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=104 TOS=0x10 PREC=0x00 TTL=64 ID=54479 DF PROTO=TCP SPT=22 DPT=51634 WINDOW=424 RES=0x00 ACK PSH URGP=0
      • Feb 18 13:23:49 shep kernel: [1631002.193203] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26851 DF PROTO=TCP SPT=51642 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
      • Feb 18 13:23:49 shep kernel: [1631002.193337] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51503 DF PROTO=TCP SPT=80 DPT=51642 WINDOW=0 RES=0x00 ACK RST URGP=0
      • Feb 18 13:24:01 shep kernel: [1631014.835337] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
      • Feb 18 13:24:01 shep kernel: [1631014.835409] IPTables-Accepted-I: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
      • Feb 18 13:24:27 shep kernel: [1631039.962078] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26874 DF PROTO=TCP SPT=51648 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
      • Feb 18 13:24:27 shep kernel: [1631039.962176] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53485 DF PROTO=TCP SPT=80 DPT=51648 WINDOW=0 RES=0x00 ACK RST URGP=0
      • Feb 18 13:24:37 shep kernel: [1631050.042812] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=55862 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
      • Feb 18 13:24:37 shep kernel: [1631050.065256] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=31426 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1200 RES=0x00 ACK URGP=0
      • Feb 18 13:24:49 shep kernel: [1631062.130744] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=31430 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1672 RES=0x00 ACK PSH URGP=0
      • Feb 18 13:24:49 shep kernel: [1631062.131706] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=519 TOS=0x00 PREC=0x00 TTL=64 ID=55865 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
      • Feb 18 13:25:01 shep kernel: [1631074.255485] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=165 TOS=0x00 PREC=0x00 TTL=255 ID=31435 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1645 RES=0x00 ACK PSH URGP=0
      • Feb 18 13:25:01 shep kernel: [1631074.301286] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 (Arduino) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=55867 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK URGP=0


      trying http://172.24.1.1:8080 :



      • Feb 18 15:14:15 shep kernel: [1637627.961592] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:92:d6:08:00 SRC=172.22.0.102 (Arduino 2) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=72 PROTO=TCP SPT=52001 DPT=8080 WINDOW=1875 RES=0x00 ACK FIN URGP=0
      • Feb 18 15:14:15 shep kernel: [1637627.961831] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.102 (Arduino 2) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11122 DF PROTO=TCP SPT=8080 DPT=52001 WINDOW=29200 RES=0x00 ACK FIN URGP=0
      • Feb 18 15:14:25 shep kernel: [1637638.193698] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:5c:cf:7f:3c:59:86:08:00 SRC=172.24.1.106 (Arduino 3) DST=172.22.0.99 LEN=81 TOS=0x00 PREC=0x00 TTL=255 ID=16314 PROTO=TCP SPT=49154 DPT=1883 WINDOW=1884 RES=0x00 ACK PSH URGP=0
      • Feb 18 15:14:25 shep kernel: [1637638.194012] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=93 TOS=0x00 PREC=0x00 TTL=64 ID=3867 DF PROTO=TCP SPT=1883 DPT=50392 WINDOW=6231 RES=0x00 ACK PSH URGP=0
      • Feb 18 15:14:35 shep kernel: [1637648.508430] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=27282 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=64 RES=0x00 ACK PSH URGP=0
      • Feb 18 15:14:35 shep kernel: [1637648.508521] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=31818 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
      • Feb 18 15:14:48 shep kernel: [1637661.183931] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=27329 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
      • Feb 18 15:14:48 shep kernel: [1637661.187210] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 LEN=1500 TOS=0x10 PREC=0x00 TTL=64 ID=31852 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
      • Feb 18 15:14:58 shep kernel: [1637671.438928] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:96:51:08:00 SRC=172.22.0.100 (Arduino 4) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=1463 PROTO=TCP SPT=52080 DPT=8080 WINDOW=1680 RES=0x00 ACK PSH URGP=0
      • Feb 18 15:14:58 shep kernel: [1637671.440119] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.100 (Arduino 4) LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=60505 DF PROTO=TCP SPT=8080 DPT=52080 WINDOW=29200 RES=0x00 ACK PSH URGP=0


      Edit 1 (but see Edit 2). The Web Service is 'domoticz':



      $ sudo netstat -taupen | grep LISTEN

      tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 15295 1847/smbd
      tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1000 11927 1437/Xtightvnc
      tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 1000 11924 1437/Xtightvnc
      tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 0 14462 1154/dnsmasq
      tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 14453 1143/sshd
      tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN 1000 15768 716/node-red
      tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 0 11708 903/mosquitto
      tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 15294 1847/smbd
      tcp6 0 0 :::139 :::* LISTEN 0 15293 1847/smbd
      tcp6 0 0 :::8080 :::* LISTEN 1000 4902627 25249/domoticz
      tcp6 0 0 :::53 :::* LISTEN 0 14464 1154/dnsmasq
      tcp6 0 0 :::22 :::* LISTEN 0 14455 1143/sshd
      tcp6 0 0 :::1883 :::* LISTEN 0 11709 903/mosquitto
      tcp6 0 0 :::445 :::* LISTEN 0 15292 1847/smbd
      tcp6 0 0 :::6144 :::* LISTEN 1000 4902635 25249/domoticz


      $ netstat -ntl



      Active Internet connections (only servers)
      Proto Recv-Q Send-Q Local Address Foreign Address State
      tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
      tcp6 0 0 :::139 :::* LISTEN
      tcp6 0 0 :::8080 :::* LISTEN
      tcp6 0 0 :::53 :::* LISTEN
      tcp6 0 0 :::22 :::* LISTEN
      tcp6 0 0 :::1883 :::* LISTEN
      tcp6 0 0 :::445 :::* LISTEN
      tcp6 0 0 :::6144 :::* LISTEN


      Edit 2: Following a configuration change, the Domoticz Web Server is now listening on 0.0.0.0:8080, but still fails as above.




      $ sudo netstat -taupen | grep domoticz



      tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1000 21943078 27425/domoticz <<---
      tcp 0 0 172.22.0.99:8080 172.22.0.102:52060 ESTABLISHED 1000 21949101 27425/domoticz
      tcp 0 0 172.22.0.99:8080 172.22.0.100:52135 ESTABLISHED 1000 21949100 27425/domoticz
      tcp 0 0 172.22.0.99:58528 172.22.0.99:1883 ESTABLISHED 1000 21946463 27425/domoticz
      tcp6 0 0 :::6144 :::* LISTEN 1000 21943086 27425/domoticz










      share|improve this question
















      I’m trying to access a Web Service (port 8080) on my Raspberry Pi via both of the following interfaces (which have static IPs):



      • Ethernet (eth0, 172.22.0.99, connected to a Netgear router).

      • Wi-Fi (wlan0, 172.24.1.1, providing an Access Point).

      Currently, I can only access the web service if I connect to eth0 and gain an IP address 172.22.0.x.



      If I connect to the Wi-Fi Access Point on wlan0 then I correctly acquire an IP Address 172.24.1.x, hence SSH works, but the web service is inaccessible (both http://172.22.0.99:8080 and http://172.24.1.1:8080).



      I’ve been testing the above using a Windows 10 laptop. The actual problem is that I have a number of Arduinos which can connect to the Pi’s Wi-Fi Access Point (wlan0), but cannot then access the Pi’s Web Service. Hence instead I’m currently having to connect them via the Netgear router, and hence the Pi’s eth0. This is what I’m trying to avoid.



      Aside: the Pi is also running:



      • OpenVPN, hence eth0 is bridged (br0, tap0).

      • A Wi-Fi sniffer (wlan1alfa, renameX).

      • 172.22.0.100/102/106/113 examples of a working Arduinos

      Various outputs :



      Windows 10 laptop when connected to the Pi’s Wi-Fi Access Point:



      ipconfig (on laptop 172.24.1.42):



      Wireless LAN adapter Wi-Fi:



      Connection-specific DNS Suffix . :



      Link-local IPv6 Address . . . . . : fe80::7489:b292:4e73:cbfd%2



      IPv4 Address. . . . . . . . . . . :172.24.1.42



      Subnet Mask . . . . . . . . . . . : 255.255.255.0



      Default Gateway . . . . . . . . . : 172.24.1.1




      http://172.22.0.99:8080/ (on laptop 172.24.1.42)



      Unable to connect

      Firefox can't establish a connection to the server at 172.22.0.99.

      The site could be temporarily unavailable or too busy. Try again in a few moments.

      If you are unable to load any pages, check your computer's network connection.

      If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.


      http://172.24.1.1:8080/ (on laptop 172.24.1.42)



      The connection has timed out

      The server at 172.24.1.1 is taking too long to respond.

      The site could be temporarily unavailable or too busy. Try again in a few moments.

      If you are unable to load any pages, check your computer's network connection.

      If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.


      Pi:



      $ ifconfig



      br0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
      inet addr:172.22.0.99 Bcast:172.22.255.255 Mask:255.255.0.0
      inet6 addr: fe80::ba27:ebff:fe1a:16a3/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:1150213 errors:0 dropped:0 overruns:0 frame:0
      TX packets:431995 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:200587924 (191.2 MiB) TX bytes:137714386 (131.3 MiB)

      eth0 Link encap:Ethernet HWaddr b8:27:eb:1a:16:a3
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:1150375 errors:0 dropped:0 overruns:0 frame:0
      TX packets:449400 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:200603903 (191.3 MiB) TX bytes:143711369 (137.0 MiB)

      lo Link encap:Local Loopback
      inet addr:127.0.0.1 Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING MTU:65536 Metric:1
      RX packets:1128130 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1128130 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1
      RX bytes:129944607 (123.9 MiB) TX bytes:129944607 (123.9 MiB)

      rename7 Link encap:UNSPEC HWaddr 00-C0-CA-8F-F8-1D-30-30-00-00-00-00-00-00-00-00
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:2753461 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:328484228 (313.2 MiB) TX bytes:0 (0.0 B)

      tap0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
      inet6 addr: fe80::8085:54ff:fe54:e18c/64 Scope:Link
      UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:644390 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100
      RX bytes:0 (0.0 B) TX bytes:135759131 (129.4 MiB)

      wlan0 Link encap:Ethernet HWaddr b8:27:eb:4f:43:f6
      inet addr:172.24.1.1 Bcast:172.24.1.255 Mask:255.255.255.0
      inet6 addr: fe80::f446:4155:5d19:860a/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:479547 errors:0 dropped:0 overruns:0 frame:0
      TX packets:488461 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:30867423 (29.4 MiB) TX bytes:40144827 (38.2 MiB)


      $ ip route



      default via 172.22.0.1 dev br0 metric 205
      default via 172.24.1.1 dev wlan0 metric 303
      172.22.0.0/16 dev br0 proto kernel scope link src 172.22.0.99 metric 205
      172.24.1.0/24 dev wlan0 proto kernel scope link src 172.24.1.1 metric 303


      $ ip addr show



      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
      inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
      2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
      link/ether b8:27:eb:1a:16:a3 brd ff:ff:ff:ff:ff:ff
      3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
      link/ether b8:27:eb:4f:43:f6 brd ff:ff:ff:ff:ff:ff
      inet 172.24.1.1/24 brd 172.24.1.255 scope global wlan0
      valid_lft forever preferred_lft forever
      inet6 fe80::f446:4155:5d19:860a/64 scope link
      valid_lft forever preferred_lft forever
      4: wlan1alfa: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
      link/ether 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff
      5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
      link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
      inet 172.22.0.99/16 brd 172.22.255.255 scope global br0
      valid_lft forever preferred_lft forever
      inet6 fe80::ba27:ebff:fe1a:16a3/64 scope link
      valid_lft forever preferred_lft forever
      6: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 100
      link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
      inet6 fe80::8085:54ff:fe54:e18c/64 scope link
      valid_lft forever preferred_lft forever
      7: rename7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN group default qlen 1000
      link/ieee802.11/radiotap 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff


      iptables:



      # Add a masquerade for outbound traffic on eth0
      iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

      ..
      echo " # Forward WLAN to Eth, and back (note: incoming initiated on WLAN do not get to LAN)"

      sudo iptables -A FORWARD -i wlan0 -o eth0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_WLAN0_to_Eth0

      sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_Eth0_backTo_WLAN0

      sudo iptables -A FORWARD -i eth0 -o wlan0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_eth0_to_wlan0

      sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_wlan0_to_eth0


      $ tail /var/log/messages from iptables (with everything being logged whether Accepted or Dropped):



      trying http://172.22.0.99:8080 :



      • Feb 18 13:23:25 shep kernel: [1630978.112563] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26841 PROTO=TCP SPT=51634 DPT=22 WINDOW=66 RES=0x00 ACK URGP=0
      • Feb 18 13:23:37 shep kernel: [1630990.317785] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=26843 PROTO=TCP SPT=51634 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
      • Feb 18 13:23:37 shep kernel: [1630990.318185] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=104 TOS=0x10 PREC=0x00 TTL=64 ID=54479 DF PROTO=TCP SPT=22 DPT=51634 WINDOW=424 RES=0x00 ACK PSH URGP=0
      • Feb 18 13:23:49 shep kernel: [1631002.193203] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26851 DF PROTO=TCP SPT=51642 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
      • Feb 18 13:23:49 shep kernel: [1631002.193337] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51503 DF PROTO=TCP SPT=80 DPT=51642 WINDOW=0 RES=0x00 ACK RST URGP=0
      • Feb 18 13:24:01 shep kernel: [1631014.835337] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
      • Feb 18 13:24:01 shep kernel: [1631014.835409] IPTables-Accepted-I: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
      • Feb 18 13:24:27 shep kernel: [1631039.962078] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26874 DF PROTO=TCP SPT=51648 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
      • Feb 18 13:24:27 shep kernel: [1631039.962176] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53485 DF PROTO=TCP SPT=80 DPT=51648 WINDOW=0 RES=0x00 ACK RST URGP=0
      • Feb 18 13:24:37 shep kernel: [1631050.042812] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=55862 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
      • Feb 18 13:24:37 shep kernel: [1631050.065256] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=31426 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1200 RES=0x00 ACK URGP=0
      • Feb 18 13:24:49 shep kernel: [1631062.130744] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=31430 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1672 RES=0x00 ACK PSH URGP=0
      • Feb 18 13:24:49 shep kernel: [1631062.131706] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=519 TOS=0x00 PREC=0x00 TTL=64 ID=55865 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
      • Feb 18 13:25:01 shep kernel: [1631074.255485] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=165 TOS=0x00 PREC=0x00 TTL=255 ID=31435 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1645 RES=0x00 ACK PSH URGP=0
      • Feb 18 13:25:01 shep kernel: [1631074.301286] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 (Arduino) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=55867 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK URGP=0


      trying http://172.24.1.1:8080 :



      • Feb 18 15:14:15 shep kernel: [1637627.961592] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:92:d6:08:00 SRC=172.22.0.102 (Arduino 2) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=72 PROTO=TCP SPT=52001 DPT=8080 WINDOW=1875 RES=0x00 ACK FIN URGP=0
      • Feb 18 15:14:15 shep kernel: [1637627.961831] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.102 (Arduino 2) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11122 DF PROTO=TCP SPT=8080 DPT=52001 WINDOW=29200 RES=0x00 ACK FIN URGP=0
      • Feb 18 15:14:25 shep kernel: [1637638.193698] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:5c:cf:7f:3c:59:86:08:00 SRC=172.24.1.106 (Arduino 3) DST=172.22.0.99 LEN=81 TOS=0x00 PREC=0x00 TTL=255 ID=16314 PROTO=TCP SPT=49154 DPT=1883 WINDOW=1884 RES=0x00 ACK PSH URGP=0
      • Feb 18 15:14:25 shep kernel: [1637638.194012] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=93 TOS=0x00 PREC=0x00 TTL=64 ID=3867 DF PROTO=TCP SPT=1883 DPT=50392 WINDOW=6231 RES=0x00 ACK PSH URGP=0
      • Feb 18 15:14:35 shep kernel: [1637648.508430] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=27282 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=64 RES=0x00 ACK PSH URGP=0
      • Feb 18 15:14:35 shep kernel: [1637648.508521] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=31818 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
      • Feb 18 15:14:48 shep kernel: [1637661.183931] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=27329 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
      • Feb 18 15:14:48 shep kernel: [1637661.187210] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 LEN=1500 TOS=0x10 PREC=0x00 TTL=64 ID=31852 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
      • Feb 18 15:14:58 shep kernel: [1637671.438928] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:96:51:08:00 SRC=172.22.0.100 (Arduino 4) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=1463 PROTO=TCP SPT=52080 DPT=8080 WINDOW=1680 RES=0x00 ACK PSH URGP=0
      • Feb 18 15:14:58 shep kernel: [1637671.440119] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.100 (Arduino 4) LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=60505 DF PROTO=TCP SPT=8080 DPT=52080 WINDOW=29200 RES=0x00 ACK PSH URGP=0


      Edit 1 (but see Edit 2). The Web Service is 'domoticz':



      $ sudo netstat -taupen | grep LISTEN

      tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 15295 1847/smbd
      tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1000 11927 1437/Xtightvnc
      tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 1000 11924 1437/Xtightvnc
      tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 0 14462 1154/dnsmasq
      tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 14453 1143/sshd
      tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN 1000 15768 716/node-red
      tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 0 11708 903/mosquitto
      tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 15294 1847/smbd
      tcp6 0 0 :::139 :::* LISTEN 0 15293 1847/smbd
      tcp6 0 0 :::8080 :::* LISTEN 1000 4902627 25249/domoticz
      tcp6 0 0 :::53 :::* LISTEN 0 14464 1154/dnsmasq
      tcp6 0 0 :::22 :::* LISTEN 0 14455 1143/sshd
      tcp6 0 0 :::1883 :::* LISTEN 0 11709 903/mosquitto
      tcp6 0 0 :::445 :::* LISTEN 0 15292 1847/smbd
      tcp6 0 0 :::6144 :::* LISTEN 1000 4902635 25249/domoticz


      $ netstat -ntl



      Active Internet connections (only servers)
      Proto Recv-Q Send-Q Local Address Foreign Address State
      tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN
      tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
      tcp6 0 0 :::139 :::* LISTEN
      tcp6 0 0 :::8080 :::* LISTEN
      tcp6 0 0 :::53 :::* LISTEN
      tcp6 0 0 :::22 :::* LISTEN
      tcp6 0 0 :::1883 :::* LISTEN
      tcp6 0 0 :::445 :::* LISTEN
      tcp6 0 0 :::6144 :::* LISTEN


      Edit 2: Following a configuration change, the Domoticz Web Server is now listening on 0.0.0.0:8080, but still fails as above.




      $ sudo netstat -taupen | grep domoticz



      tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1000 21943078 27425/domoticz <<---
      tcp 0 0 172.22.0.99:8080 172.22.0.102:52060 ESTABLISHED 1000 21949101 27425/domoticz
      tcp 0 0 172.22.0.99:8080 172.22.0.100:52135 ESTABLISHED 1000 21949100 27425/domoticz
      tcp 0 0 172.22.0.99:58528 172.22.0.99:1883 ESTABLISHED 1000 21946463 27425/domoticz
      tcp6 0 0 :::6144 :::* LISTEN 1000 21943086 27425/domoticz







      iptables network-interface routing webserver nat






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Feb 18 at 19:55









      Rui F Ribeiro

      41.5k1482140




      41.5k1482140










      asked Feb 18 at 15:58









      GeoffGeoff

      316




      316




















          1 Answer
          1






          active

          oldest

          votes


















          0














          Problem solved! I was only doing the following single flush command:



          sudo iptables -F


          Hence specifically I wasn't flushing all of the iptables rules, eg. the NAT.



          So I had this mess of PREROUTING & POSTROUTING duplicates:



          $ sudo iptables -t nat -L
          Chain PREROUTING (policy ACCEPT)
          target prot opt source destination
          DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
          DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
          DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
          DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
          DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
          DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
          DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
          DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
          DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
          DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
          DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
          DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080

          Chain INPUT (policy ACCEPT)
          target prot opt source destination

          Chain OUTPUT (policy ACCEPT)
          target prot opt source destination

          Chain POSTROUTING (policy ACCEPT)
          target prot opt source destination
          MASQUERADE all -- anywhere anywhere
          MASQUERADE all -- anywhere anywhere
          MASQUERADE all -- anywhere anywhere
          MASQUERADE all -- anywhere anywhere
          MASQUERADE all -- anywhere anywhere
          MASQUERADE all -- anywhere anywhere
          MASQUERADE all -- anywhere anywhere
          MASQUERADE all -- anywhere anywhere
          MASQUERADE all -- anywhere anywhere
          MASQUERADE all -- anywhere anywhere
          MASQUERADE all -- anywhere anywhere
          MASQUERADE all -- anywhere anywhere
          MASQUERADE all -- anywhere anywhere
          MASQUERADE all -- anywhere anywhere


          Once I started using the following before creating my rules it worked (no other change):



          sudo iptables -F
          sudo iptables -X
          sudo iptables -t nat -F
          sudo iptables -t nat -X
          sudo iptables -t mangle -F
          sudo iptables -t mangle -X

          sudo ipset flush
          sudo ipset destroy
          sudo ipset list


          Apparently I should also do:



          sudo iptables -t raw -F 
          sudo iptables -t raw -X


          Now I have:



          $ sudo iptables -t nat -L
          Chain PREROUTING (policy ACCEPT)
          target prot opt source destination
          DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080

          Chain INPUT (policy ACCEPT)
          target prot opt source destination

          Chain OUTPUT (policy ACCEPT)
          target prot opt source destination

          Chain POSTROUTING (policy ACCEPT)
          target prot opt source destination
          MASQUERADE all -- anywhere anywhere


          So now if I connect to the Pi's Wireless Access Point on 172.24.1.1 (wlan0) and get IP address 172.24.1.x I can access the Domoticz Web Server on the Pi via http://172.24.1.1:8080, which is what I want.



          It was previously the case that I had to go via a separate router (172.22.0.1), get IP address 172.22.0.x, and access the Pi via eth0: http://172.22.0.99:8080.






          share|improve this answer
























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501390%2fweb-server-access-via-second-interface%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Problem solved! I was only doing the following single flush command:



            sudo iptables -F


            Hence specifically I wasn't flushing all of the iptables rules, eg. the NAT.



            So I had this mess of PREROUTING & POSTROUTING duplicates:



            $ sudo iptables -t nat -L
            Chain PREROUTING (policy ACCEPT)
            target prot opt source destination
            DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
            DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
            DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
            DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
            DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
            DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
            DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
            DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
            DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
            DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
            DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
            DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080

            Chain INPUT (policy ACCEPT)
            target prot opt source destination

            Chain OUTPUT (policy ACCEPT)
            target prot opt source destination

            Chain POSTROUTING (policy ACCEPT)
            target prot opt source destination
            MASQUERADE all -- anywhere anywhere
            MASQUERADE all -- anywhere anywhere
            MASQUERADE all -- anywhere anywhere
            MASQUERADE all -- anywhere anywhere
            MASQUERADE all -- anywhere anywhere
            MASQUERADE all -- anywhere anywhere
            MASQUERADE all -- anywhere anywhere
            MASQUERADE all -- anywhere anywhere
            MASQUERADE all -- anywhere anywhere
            MASQUERADE all -- anywhere anywhere
            MASQUERADE all -- anywhere anywhere
            MASQUERADE all -- anywhere anywhere
            MASQUERADE all -- anywhere anywhere
            MASQUERADE all -- anywhere anywhere


            Once I started using the following before creating my rules it worked (no other change):



            sudo iptables -F
            sudo iptables -X
            sudo iptables -t nat -F
            sudo iptables -t nat -X
            sudo iptables -t mangle -F
            sudo iptables -t mangle -X

            sudo ipset flush
            sudo ipset destroy
            sudo ipset list


            Apparently I should also do:



            sudo iptables -t raw -F 
            sudo iptables -t raw -X


            Now I have:



            $ sudo iptables -t nat -L
            Chain PREROUTING (policy ACCEPT)
            target prot opt source destination
            DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080

            Chain INPUT (policy ACCEPT)
            target prot opt source destination

            Chain OUTPUT (policy ACCEPT)
            target prot opt source destination

            Chain POSTROUTING (policy ACCEPT)
            target prot opt source destination
            MASQUERADE all -- anywhere anywhere


            So now if I connect to the Pi's Wireless Access Point on 172.24.1.1 (wlan0) and get IP address 172.24.1.x I can access the Domoticz Web Server on the Pi via http://172.24.1.1:8080, which is what I want.



            It was previously the case that I had to go via a separate router (172.22.0.1), get IP address 172.22.0.x, and access the Pi via eth0: http://172.22.0.99:8080.






            share|improve this answer





























              0














              Problem solved! I was only doing the following single flush command:



              sudo iptables -F


              Hence specifically I wasn't flushing all of the iptables rules, eg. the NAT.



              So I had this mess of PREROUTING & POSTROUTING duplicates:



              $ sudo iptables -t nat -L
              Chain PREROUTING (policy ACCEPT)
              target prot opt source destination
              DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
              DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
              DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
              DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
              DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
              DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
              DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
              DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
              DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
              DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
              DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
              DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080

              Chain INPUT (policy ACCEPT)
              target prot opt source destination

              Chain OUTPUT (policy ACCEPT)
              target prot opt source destination

              Chain POSTROUTING (policy ACCEPT)
              target prot opt source destination
              MASQUERADE all -- anywhere anywhere
              MASQUERADE all -- anywhere anywhere
              MASQUERADE all -- anywhere anywhere
              MASQUERADE all -- anywhere anywhere
              MASQUERADE all -- anywhere anywhere
              MASQUERADE all -- anywhere anywhere
              MASQUERADE all -- anywhere anywhere
              MASQUERADE all -- anywhere anywhere
              MASQUERADE all -- anywhere anywhere
              MASQUERADE all -- anywhere anywhere
              MASQUERADE all -- anywhere anywhere
              MASQUERADE all -- anywhere anywhere
              MASQUERADE all -- anywhere anywhere
              MASQUERADE all -- anywhere anywhere


              Once I started using the following before creating my rules it worked (no other change):



              sudo iptables -F
              sudo iptables -X
              sudo iptables -t nat -F
              sudo iptables -t nat -X
              sudo iptables -t mangle -F
              sudo iptables -t mangle -X

              sudo ipset flush
              sudo ipset destroy
              sudo ipset list


              Apparently I should also do:



              sudo iptables -t raw -F 
              sudo iptables -t raw -X


              Now I have:



              $ sudo iptables -t nat -L
              Chain PREROUTING (policy ACCEPT)
              target prot opt source destination
              DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080

              Chain INPUT (policy ACCEPT)
              target prot opt source destination

              Chain OUTPUT (policy ACCEPT)
              target prot opt source destination

              Chain POSTROUTING (policy ACCEPT)
              target prot opt source destination
              MASQUERADE all -- anywhere anywhere


              So now if I connect to the Pi's Wireless Access Point on 172.24.1.1 (wlan0) and get IP address 172.24.1.x I can access the Domoticz Web Server on the Pi via http://172.24.1.1:8080, which is what I want.



              It was previously the case that I had to go via a separate router (172.22.0.1), get IP address 172.22.0.x, and access the Pi via eth0: http://172.22.0.99:8080.






              share|improve this answer



























                0












                0








                0







                Problem solved! I was only doing the following single flush command:



                sudo iptables -F


                Hence specifically I wasn't flushing all of the iptables rules, eg. the NAT.



                So I had this mess of PREROUTING & POSTROUTING duplicates:



                $ sudo iptables -t nat -L
                Chain PREROUTING (policy ACCEPT)
                target prot opt source destination
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080

                Chain INPUT (policy ACCEPT)
                target prot opt source destination

                Chain OUTPUT (policy ACCEPT)
                target prot opt source destination

                Chain POSTROUTING (policy ACCEPT)
                target prot opt source destination
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere


                Once I started using the following before creating my rules it worked (no other change):



                sudo iptables -F
                sudo iptables -X
                sudo iptables -t nat -F
                sudo iptables -t nat -X
                sudo iptables -t mangle -F
                sudo iptables -t mangle -X

                sudo ipset flush
                sudo ipset destroy
                sudo ipset list


                Apparently I should also do:



                sudo iptables -t raw -F 
                sudo iptables -t raw -X


                Now I have:



                $ sudo iptables -t nat -L
                Chain PREROUTING (policy ACCEPT)
                target prot opt source destination
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080

                Chain INPUT (policy ACCEPT)
                target prot opt source destination

                Chain OUTPUT (policy ACCEPT)
                target prot opt source destination

                Chain POSTROUTING (policy ACCEPT)
                target prot opt source destination
                MASQUERADE all -- anywhere anywhere


                So now if I connect to the Pi's Wireless Access Point on 172.24.1.1 (wlan0) and get IP address 172.24.1.x I can access the Domoticz Web Server on the Pi via http://172.24.1.1:8080, which is what I want.



                It was previously the case that I had to go via a separate router (172.22.0.1), get IP address 172.22.0.x, and access the Pi via eth0: http://172.22.0.99:8080.






                share|improve this answer















                Problem solved! I was only doing the following single flush command:



                sudo iptables -F


                Hence specifically I wasn't flushing all of the iptables rules, eg. the NAT.



                So I had this mess of PREROUTING & POSTROUTING duplicates:



                $ sudo iptables -t nat -L
                Chain PREROUTING (policy ACCEPT)
                target prot opt source destination
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080

                Chain INPUT (policy ACCEPT)
                target prot opt source destination

                Chain OUTPUT (policy ACCEPT)
                target prot opt source destination

                Chain POSTROUTING (policy ACCEPT)
                target prot opt source destination
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere
                MASQUERADE all -- anywhere anywhere


                Once I started using the following before creating my rules it worked (no other change):



                sudo iptables -F
                sudo iptables -X
                sudo iptables -t nat -F
                sudo iptables -t nat -X
                sudo iptables -t mangle -F
                sudo iptables -t mangle -X

                sudo ipset flush
                sudo ipset destroy
                sudo ipset list


                Apparently I should also do:



                sudo iptables -t raw -F 
                sudo iptables -t raw -X


                Now I have:



                $ sudo iptables -t nat -L
                Chain PREROUTING (policy ACCEPT)
                target prot opt source destination
                DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080

                Chain INPUT (policy ACCEPT)
                target prot opt source destination

                Chain OUTPUT (policy ACCEPT)
                target prot opt source destination

                Chain POSTROUTING (policy ACCEPT)
                target prot opt source destination
                MASQUERADE all -- anywhere anywhere


                So now if I connect to the Pi's Wireless Access Point on 172.24.1.1 (wlan0) and get IP address 172.24.1.x I can access the Domoticz Web Server on the Pi via http://172.24.1.1:8080, which is what I want.



                It was previously the case that I had to go via a separate router (172.22.0.1), get IP address 172.22.0.x, and access the Pi via eth0: http://172.22.0.99:8080.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Feb 19 at 17:13

























                answered Feb 19 at 17:03









                GeoffGeoff

                316




                316



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501390%2fweb-server-access-via-second-interface%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown






                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?