Web Server access via second interface
Clash Royale CLAN TAG#URR8PPP
I’m trying to access a Web Service (port 8080) on my Raspberry Pi via both of the following interfaces (which have static IPs):
- Ethernet (eth0, 172.22.0.99, connected to a Netgear router).
- Wi-Fi (wlan0, 172.24.1.1, providing an Access Point).
Currently, I can only access the web service if I connect to eth0 and gain an IP address 172.22.0.x.
If I connect to the Wi-Fi Access Point on wlan0 then I correctly acquire an IP Address 172.24.1.x, hence SSH works, but the web service is inaccessible (both http://172.22.0.99:8080 and http://172.24.1.1:8080).
I’ve been testing the above using a Windows 10 laptop. The actual problem is that I have a number of Arduinos which can connect to the Pi’s Wi-Fi Access Point (wlan0), but cannot then access the Pi’s Web Service. Hence instead I’m currently having to connect them via the Netgear router, and hence the Pi’s eth0. This is what I’m trying to avoid.
Aside: the Pi is also running:
- OpenVPN, hence eth0 is bridged (br0, tap0).
- A Wi-Fi sniffer (wlan1alfa, renameX).
- 172.22.0.100/102/106/113 examples of a working Arduinos
Various outputs :
Windows 10 laptop when connected to the Pi’s Wi-Fi Access Point:
ipconfig (on laptop 172.24.1.42):
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::7489:b292:4e73:cbfd%2
IPv4 Address. . . . . . . . . . . :172.24.1.42
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.24.1.1
http://172.22.0.99:8080/ (on laptop 172.24.1.42)
Unable to connect
Firefox can't establish a connection to the server at 172.22.0.99.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
http://172.24.1.1:8080/ (on laptop 172.24.1.42)
The connection has timed out
The server at 172.24.1.1 is taking too long to respond.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
Pi:
$ ifconfig
br0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
inet addr:172.22.0.99 Bcast:172.22.255.255 Mask:255.255.0.0
inet6 addr: fe80::ba27:ebff:fe1a:16a3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1150213 errors:0 dropped:0 overruns:0 frame:0
TX packets:431995 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:200587924 (191.2 MiB) TX bytes:137714386 (131.3 MiB)
eth0 Link encap:Ethernet HWaddr b8:27:eb:1a:16:a3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1150375 errors:0 dropped:0 overruns:0 frame:0
TX packets:449400 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:200603903 (191.3 MiB) TX bytes:143711369 (137.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1128130 errors:0 dropped:0 overruns:0 frame:0
TX packets:1128130 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:129944607 (123.9 MiB) TX bytes:129944607 (123.9 MiB)
rename7 Link encap:UNSPEC HWaddr 00-C0-CA-8F-F8-1D-30-30-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2753461 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:328484228 (313.2 MiB) TX bytes:0 (0.0 B)
tap0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
inet6 addr: fe80::8085:54ff:fe54:e18c/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:644390 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:135759131 (129.4 MiB)
wlan0 Link encap:Ethernet HWaddr b8:27:eb:4f:43:f6
inet addr:172.24.1.1 Bcast:172.24.1.255 Mask:255.255.255.0
inet6 addr: fe80::f446:4155:5d19:860a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:479547 errors:0 dropped:0 overruns:0 frame:0
TX packets:488461 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:30867423 (29.4 MiB) TX bytes:40144827 (38.2 MiB)
$ ip route
default via 172.22.0.1 dev br0 metric 205
default via 172.24.1.1 dev wlan0 metric 303
172.22.0.0/16 dev br0 proto kernel scope link src 172.22.0.99 metric 205
172.24.1.0/24 dev wlan0 proto kernel scope link src 172.24.1.1 metric 303
$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether b8:27:eb:1a:16:a3 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:4f:43:f6 brd ff:ff:ff:ff:ff:ff
inet 172.24.1.1/24 brd 172.24.1.255 scope global wlan0
valid_lft forever preferred_lft forever
inet6 fe80::f446:4155:5d19:860a/64 scope link
valid_lft forever preferred_lft forever
4: wlan1alfa: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
inet 172.22.0.99/16 brd 172.22.255.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::ba27:ebff:fe1a:16a3/64 scope link
valid_lft forever preferred_lft forever
6: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 100
link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
inet6 fe80::8085:54ff:fe54:e18c/64 scope link
valid_lft forever preferred_lft forever
7: rename7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN group default qlen 1000
link/ieee802.11/radiotap 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff
iptables:
# Add a masquerade for outbound traffic on eth0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
..
echo " # Forward WLAN to Eth, and back (note: incoming initiated on WLAN do not get to LAN)"
sudo iptables -A FORWARD -i wlan0 -o eth0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_WLAN0_to_Eth0
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_Eth0_backTo_WLAN0
sudo iptables -A FORWARD -i eth0 -o wlan0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_eth0_to_wlan0
sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_wlan0_to_eth0
$ tail /var/log/messages from iptables (with everything being logged whether Accepted or Dropped):
trying http://172.22.0.99:8080 :
• Feb 18 13:23:25 shep kernel: [1630978.112563] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26841 PROTO=TCP SPT=51634 DPT=22 WINDOW=66 RES=0x00 ACK URGP=0
• Feb 18 13:23:37 shep kernel: [1630990.317785] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=26843 PROTO=TCP SPT=51634 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
• Feb 18 13:23:37 shep kernel: [1630990.318185] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=104 TOS=0x10 PREC=0x00 TTL=64 ID=54479 DF PROTO=TCP SPT=22 DPT=51634 WINDOW=424 RES=0x00 ACK PSH URGP=0
• Feb 18 13:23:49 shep kernel: [1631002.193203] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26851 DF PROTO=TCP SPT=51642 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
• Feb 18 13:23:49 shep kernel: [1631002.193337] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51503 DF PROTO=TCP SPT=80 DPT=51642 WINDOW=0 RES=0x00 ACK RST URGP=0
• Feb 18 13:24:01 shep kernel: [1631014.835337] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
• Feb 18 13:24:01 shep kernel: [1631014.835409] IPTables-Accepted-I: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
• Feb 18 13:24:27 shep kernel: [1631039.962078] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26874 DF PROTO=TCP SPT=51648 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
• Feb 18 13:24:27 shep kernel: [1631039.962176] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53485 DF PROTO=TCP SPT=80 DPT=51648 WINDOW=0 RES=0x00 ACK RST URGP=0
• Feb 18 13:24:37 shep kernel: [1631050.042812] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=55862 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
• Feb 18 13:24:37 shep kernel: [1631050.065256] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=31426 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1200 RES=0x00 ACK URGP=0
• Feb 18 13:24:49 shep kernel: [1631062.130744] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=31430 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1672 RES=0x00 ACK PSH URGP=0
• Feb 18 13:24:49 shep kernel: [1631062.131706] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=519 TOS=0x00 PREC=0x00 TTL=64 ID=55865 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
• Feb 18 13:25:01 shep kernel: [1631074.255485] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=165 TOS=0x00 PREC=0x00 TTL=255 ID=31435 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1645 RES=0x00 ACK PSH URGP=0
• Feb 18 13:25:01 shep kernel: [1631074.301286] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 (Arduino) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=55867 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK URGP=0
trying http://172.24.1.1:8080 :
• Feb 18 15:14:15 shep kernel: [1637627.961592] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:92:d6:08:00 SRC=172.22.0.102 (Arduino 2) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=72 PROTO=TCP SPT=52001 DPT=8080 WINDOW=1875 RES=0x00 ACK FIN URGP=0
• Feb 18 15:14:15 shep kernel: [1637627.961831] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.102 (Arduino 2) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11122 DF PROTO=TCP SPT=8080 DPT=52001 WINDOW=29200 RES=0x00 ACK FIN URGP=0
• Feb 18 15:14:25 shep kernel: [1637638.193698] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:5c:cf:7f:3c:59:86:08:00 SRC=172.24.1.106 (Arduino 3) DST=172.22.0.99 LEN=81 TOS=0x00 PREC=0x00 TTL=255 ID=16314 PROTO=TCP SPT=49154 DPT=1883 WINDOW=1884 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:25 shep kernel: [1637638.194012] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=93 TOS=0x00 PREC=0x00 TTL=64 ID=3867 DF PROTO=TCP SPT=1883 DPT=50392 WINDOW=6231 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:35 shep kernel: [1637648.508430] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=27282 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=64 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:35 shep kernel: [1637648.508521] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=31818 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
• Feb 18 15:14:48 shep kernel: [1637661.183931] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=27329 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:48 shep kernel: [1637661.187210] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 LEN=1500 TOS=0x10 PREC=0x00 TTL=64 ID=31852 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
• Feb 18 15:14:58 shep kernel: [1637671.438928] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:96:51:08:00 SRC=172.22.0.100 (Arduino 4) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=1463 PROTO=TCP SPT=52080 DPT=8080 WINDOW=1680 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:58 shep kernel: [1637671.440119] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.100 (Arduino 4) LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=60505 DF PROTO=TCP SPT=8080 DPT=52080 WINDOW=29200 RES=0x00 ACK PSH URGP=0
Edit 1 (but see Edit 2). The Web Service is 'domoticz':
$ sudo netstat -taupen | grep LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 15295 1847/smbd
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1000 11927 1437/Xtightvnc
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 1000 11924 1437/Xtightvnc
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 0 14462 1154/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 14453 1143/sshd
tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN 1000 15768 716/node-red
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 0 11708 903/mosquitto
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 15294 1847/smbd
tcp6 0 0 :::139 :::* LISTEN 0 15293 1847/smbd
tcp6 0 0 :::8080 :::* LISTEN 1000 4902627 25249/domoticz
tcp6 0 0 :::53 :::* LISTEN 0 14464 1154/dnsmasq
tcp6 0 0 :::22 :::* LISTEN 0 14455 1143/sshd
tcp6 0 0 :::1883 :::* LISTEN 0 11709 903/mosquitto
tcp6 0 0 :::445 :::* LISTEN 0 15292 1847/smbd
tcp6 0 0 :::6144 :::* LISTEN 1000 4902635 25249/domoticz
$ netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::53 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::1883 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 :::6144 :::* LISTEN
Edit 2: Following a configuration change, the Domoticz Web Server is now listening on 0.0.0.0:8080, but still fails as above.
$ sudo netstat -taupen | grep domoticz
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1000 21943078 27425/domoticz <<---
tcp 0 0 172.22.0.99:8080 172.22.0.102:52060 ESTABLISHED 1000 21949101 27425/domoticz
tcp 0 0 172.22.0.99:8080 172.22.0.100:52135 ESTABLISHED 1000 21949100 27425/domoticz
tcp 0 0 172.22.0.99:58528 172.22.0.99:1883 ESTABLISHED 1000 21946463 27425/domoticz
tcp6 0 0 :::6144 :::* LISTEN 1000 21943086 27425/domoticz
iptables network-interface routing webserver nat
add a comment |
I’m trying to access a Web Service (port 8080) on my Raspberry Pi via both of the following interfaces (which have static IPs):
- Ethernet (eth0, 172.22.0.99, connected to a Netgear router).
- Wi-Fi (wlan0, 172.24.1.1, providing an Access Point).
Currently, I can only access the web service if I connect to eth0 and gain an IP address 172.22.0.x.
If I connect to the Wi-Fi Access Point on wlan0 then I correctly acquire an IP Address 172.24.1.x, hence SSH works, but the web service is inaccessible (both http://172.22.0.99:8080 and http://172.24.1.1:8080).
I’ve been testing the above using a Windows 10 laptop. The actual problem is that I have a number of Arduinos which can connect to the Pi’s Wi-Fi Access Point (wlan0), but cannot then access the Pi’s Web Service. Hence instead I’m currently having to connect them via the Netgear router, and hence the Pi’s eth0. This is what I’m trying to avoid.
Aside: the Pi is also running:
- OpenVPN, hence eth0 is bridged (br0, tap0).
- A Wi-Fi sniffer (wlan1alfa, renameX).
- 172.22.0.100/102/106/113 examples of a working Arduinos
Various outputs :
Windows 10 laptop when connected to the Pi’s Wi-Fi Access Point:
ipconfig (on laptop 172.24.1.42):
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::7489:b292:4e73:cbfd%2
IPv4 Address. . . . . . . . . . . :172.24.1.42
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.24.1.1
http://172.22.0.99:8080/ (on laptop 172.24.1.42)
Unable to connect
Firefox can't establish a connection to the server at 172.22.0.99.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
http://172.24.1.1:8080/ (on laptop 172.24.1.42)
The connection has timed out
The server at 172.24.1.1 is taking too long to respond.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
Pi:
$ ifconfig
br0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
inet addr:172.22.0.99 Bcast:172.22.255.255 Mask:255.255.0.0
inet6 addr: fe80::ba27:ebff:fe1a:16a3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1150213 errors:0 dropped:0 overruns:0 frame:0
TX packets:431995 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:200587924 (191.2 MiB) TX bytes:137714386 (131.3 MiB)
eth0 Link encap:Ethernet HWaddr b8:27:eb:1a:16:a3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1150375 errors:0 dropped:0 overruns:0 frame:0
TX packets:449400 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:200603903 (191.3 MiB) TX bytes:143711369 (137.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1128130 errors:0 dropped:0 overruns:0 frame:0
TX packets:1128130 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:129944607 (123.9 MiB) TX bytes:129944607 (123.9 MiB)
rename7 Link encap:UNSPEC HWaddr 00-C0-CA-8F-F8-1D-30-30-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2753461 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:328484228 (313.2 MiB) TX bytes:0 (0.0 B)
tap0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
inet6 addr: fe80::8085:54ff:fe54:e18c/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:644390 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:135759131 (129.4 MiB)
wlan0 Link encap:Ethernet HWaddr b8:27:eb:4f:43:f6
inet addr:172.24.1.1 Bcast:172.24.1.255 Mask:255.255.255.0
inet6 addr: fe80::f446:4155:5d19:860a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:479547 errors:0 dropped:0 overruns:0 frame:0
TX packets:488461 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:30867423 (29.4 MiB) TX bytes:40144827 (38.2 MiB)
$ ip route
default via 172.22.0.1 dev br0 metric 205
default via 172.24.1.1 dev wlan0 metric 303
172.22.0.0/16 dev br0 proto kernel scope link src 172.22.0.99 metric 205
172.24.1.0/24 dev wlan0 proto kernel scope link src 172.24.1.1 metric 303
$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether b8:27:eb:1a:16:a3 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:4f:43:f6 brd ff:ff:ff:ff:ff:ff
inet 172.24.1.1/24 brd 172.24.1.255 scope global wlan0
valid_lft forever preferred_lft forever
inet6 fe80::f446:4155:5d19:860a/64 scope link
valid_lft forever preferred_lft forever
4: wlan1alfa: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
inet 172.22.0.99/16 brd 172.22.255.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::ba27:ebff:fe1a:16a3/64 scope link
valid_lft forever preferred_lft forever
6: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 100
link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
inet6 fe80::8085:54ff:fe54:e18c/64 scope link
valid_lft forever preferred_lft forever
7: rename7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN group default qlen 1000
link/ieee802.11/radiotap 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff
iptables:
# Add a masquerade for outbound traffic on eth0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
..
echo " # Forward WLAN to Eth, and back (note: incoming initiated on WLAN do not get to LAN)"
sudo iptables -A FORWARD -i wlan0 -o eth0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_WLAN0_to_Eth0
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_Eth0_backTo_WLAN0
sudo iptables -A FORWARD -i eth0 -o wlan0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_eth0_to_wlan0
sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_wlan0_to_eth0
$ tail /var/log/messages from iptables (with everything being logged whether Accepted or Dropped):
trying http://172.22.0.99:8080 :
• Feb 18 13:23:25 shep kernel: [1630978.112563] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26841 PROTO=TCP SPT=51634 DPT=22 WINDOW=66 RES=0x00 ACK URGP=0
• Feb 18 13:23:37 shep kernel: [1630990.317785] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=26843 PROTO=TCP SPT=51634 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
• Feb 18 13:23:37 shep kernel: [1630990.318185] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=104 TOS=0x10 PREC=0x00 TTL=64 ID=54479 DF PROTO=TCP SPT=22 DPT=51634 WINDOW=424 RES=0x00 ACK PSH URGP=0
• Feb 18 13:23:49 shep kernel: [1631002.193203] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26851 DF PROTO=TCP SPT=51642 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
• Feb 18 13:23:49 shep kernel: [1631002.193337] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51503 DF PROTO=TCP SPT=80 DPT=51642 WINDOW=0 RES=0x00 ACK RST URGP=0
• Feb 18 13:24:01 shep kernel: [1631014.835337] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
• Feb 18 13:24:01 shep kernel: [1631014.835409] IPTables-Accepted-I: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
• Feb 18 13:24:27 shep kernel: [1631039.962078] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26874 DF PROTO=TCP SPT=51648 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
• Feb 18 13:24:27 shep kernel: [1631039.962176] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53485 DF PROTO=TCP SPT=80 DPT=51648 WINDOW=0 RES=0x00 ACK RST URGP=0
• Feb 18 13:24:37 shep kernel: [1631050.042812] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=55862 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
• Feb 18 13:24:37 shep kernel: [1631050.065256] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=31426 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1200 RES=0x00 ACK URGP=0
• Feb 18 13:24:49 shep kernel: [1631062.130744] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=31430 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1672 RES=0x00 ACK PSH URGP=0
• Feb 18 13:24:49 shep kernel: [1631062.131706] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=519 TOS=0x00 PREC=0x00 TTL=64 ID=55865 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
• Feb 18 13:25:01 shep kernel: [1631074.255485] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=165 TOS=0x00 PREC=0x00 TTL=255 ID=31435 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1645 RES=0x00 ACK PSH URGP=0
• Feb 18 13:25:01 shep kernel: [1631074.301286] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 (Arduino) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=55867 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK URGP=0
trying http://172.24.1.1:8080 :
• Feb 18 15:14:15 shep kernel: [1637627.961592] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:92:d6:08:00 SRC=172.22.0.102 (Arduino 2) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=72 PROTO=TCP SPT=52001 DPT=8080 WINDOW=1875 RES=0x00 ACK FIN URGP=0
• Feb 18 15:14:15 shep kernel: [1637627.961831] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.102 (Arduino 2) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11122 DF PROTO=TCP SPT=8080 DPT=52001 WINDOW=29200 RES=0x00 ACK FIN URGP=0
• Feb 18 15:14:25 shep kernel: [1637638.193698] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:5c:cf:7f:3c:59:86:08:00 SRC=172.24.1.106 (Arduino 3) DST=172.22.0.99 LEN=81 TOS=0x00 PREC=0x00 TTL=255 ID=16314 PROTO=TCP SPT=49154 DPT=1883 WINDOW=1884 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:25 shep kernel: [1637638.194012] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=93 TOS=0x00 PREC=0x00 TTL=64 ID=3867 DF PROTO=TCP SPT=1883 DPT=50392 WINDOW=6231 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:35 shep kernel: [1637648.508430] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=27282 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=64 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:35 shep kernel: [1637648.508521] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=31818 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
• Feb 18 15:14:48 shep kernel: [1637661.183931] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=27329 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:48 shep kernel: [1637661.187210] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 LEN=1500 TOS=0x10 PREC=0x00 TTL=64 ID=31852 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
• Feb 18 15:14:58 shep kernel: [1637671.438928] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:96:51:08:00 SRC=172.22.0.100 (Arduino 4) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=1463 PROTO=TCP SPT=52080 DPT=8080 WINDOW=1680 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:58 shep kernel: [1637671.440119] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.100 (Arduino 4) LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=60505 DF PROTO=TCP SPT=8080 DPT=52080 WINDOW=29200 RES=0x00 ACK PSH URGP=0
Edit 1 (but see Edit 2). The Web Service is 'domoticz':
$ sudo netstat -taupen | grep LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 15295 1847/smbd
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1000 11927 1437/Xtightvnc
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 1000 11924 1437/Xtightvnc
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 0 14462 1154/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 14453 1143/sshd
tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN 1000 15768 716/node-red
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 0 11708 903/mosquitto
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 15294 1847/smbd
tcp6 0 0 :::139 :::* LISTEN 0 15293 1847/smbd
tcp6 0 0 :::8080 :::* LISTEN 1000 4902627 25249/domoticz
tcp6 0 0 :::53 :::* LISTEN 0 14464 1154/dnsmasq
tcp6 0 0 :::22 :::* LISTEN 0 14455 1143/sshd
tcp6 0 0 :::1883 :::* LISTEN 0 11709 903/mosquitto
tcp6 0 0 :::445 :::* LISTEN 0 15292 1847/smbd
tcp6 0 0 :::6144 :::* LISTEN 1000 4902635 25249/domoticz
$ netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::53 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::1883 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 :::6144 :::* LISTEN
Edit 2: Following a configuration change, the Domoticz Web Server is now listening on 0.0.0.0:8080, but still fails as above.
$ sudo netstat -taupen | grep domoticz
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1000 21943078 27425/domoticz <<---
tcp 0 0 172.22.0.99:8080 172.22.0.102:52060 ESTABLISHED 1000 21949101 27425/domoticz
tcp 0 0 172.22.0.99:8080 172.22.0.100:52135 ESTABLISHED 1000 21949100 27425/domoticz
tcp 0 0 172.22.0.99:58528 172.22.0.99:1883 ESTABLISHED 1000 21946463 27425/domoticz
tcp6 0 0 :::6144 :::* LISTEN 1000 21943086 27425/domoticz
iptables network-interface routing webserver nat
add a comment |
I’m trying to access a Web Service (port 8080) on my Raspberry Pi via both of the following interfaces (which have static IPs):
- Ethernet (eth0, 172.22.0.99, connected to a Netgear router).
- Wi-Fi (wlan0, 172.24.1.1, providing an Access Point).
Currently, I can only access the web service if I connect to eth0 and gain an IP address 172.22.0.x.
If I connect to the Wi-Fi Access Point on wlan0 then I correctly acquire an IP Address 172.24.1.x, hence SSH works, but the web service is inaccessible (both http://172.22.0.99:8080 and http://172.24.1.1:8080).
I’ve been testing the above using a Windows 10 laptop. The actual problem is that I have a number of Arduinos which can connect to the Pi’s Wi-Fi Access Point (wlan0), but cannot then access the Pi’s Web Service. Hence instead I’m currently having to connect them via the Netgear router, and hence the Pi’s eth0. This is what I’m trying to avoid.
Aside: the Pi is also running:
- OpenVPN, hence eth0 is bridged (br0, tap0).
- A Wi-Fi sniffer (wlan1alfa, renameX).
- 172.22.0.100/102/106/113 examples of a working Arduinos
Various outputs :
Windows 10 laptop when connected to the Pi’s Wi-Fi Access Point:
ipconfig (on laptop 172.24.1.42):
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::7489:b292:4e73:cbfd%2
IPv4 Address. . . . . . . . . . . :172.24.1.42
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.24.1.1
http://172.22.0.99:8080/ (on laptop 172.24.1.42)
Unable to connect
Firefox can't establish a connection to the server at 172.22.0.99.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
http://172.24.1.1:8080/ (on laptop 172.24.1.42)
The connection has timed out
The server at 172.24.1.1 is taking too long to respond.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
Pi:
$ ifconfig
br0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
inet addr:172.22.0.99 Bcast:172.22.255.255 Mask:255.255.0.0
inet6 addr: fe80::ba27:ebff:fe1a:16a3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1150213 errors:0 dropped:0 overruns:0 frame:0
TX packets:431995 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:200587924 (191.2 MiB) TX bytes:137714386 (131.3 MiB)
eth0 Link encap:Ethernet HWaddr b8:27:eb:1a:16:a3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1150375 errors:0 dropped:0 overruns:0 frame:0
TX packets:449400 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:200603903 (191.3 MiB) TX bytes:143711369 (137.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1128130 errors:0 dropped:0 overruns:0 frame:0
TX packets:1128130 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:129944607 (123.9 MiB) TX bytes:129944607 (123.9 MiB)
rename7 Link encap:UNSPEC HWaddr 00-C0-CA-8F-F8-1D-30-30-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2753461 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:328484228 (313.2 MiB) TX bytes:0 (0.0 B)
tap0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
inet6 addr: fe80::8085:54ff:fe54:e18c/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:644390 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:135759131 (129.4 MiB)
wlan0 Link encap:Ethernet HWaddr b8:27:eb:4f:43:f6
inet addr:172.24.1.1 Bcast:172.24.1.255 Mask:255.255.255.0
inet6 addr: fe80::f446:4155:5d19:860a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:479547 errors:0 dropped:0 overruns:0 frame:0
TX packets:488461 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:30867423 (29.4 MiB) TX bytes:40144827 (38.2 MiB)
$ ip route
default via 172.22.0.1 dev br0 metric 205
default via 172.24.1.1 dev wlan0 metric 303
172.22.0.0/16 dev br0 proto kernel scope link src 172.22.0.99 metric 205
172.24.1.0/24 dev wlan0 proto kernel scope link src 172.24.1.1 metric 303
$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether b8:27:eb:1a:16:a3 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:4f:43:f6 brd ff:ff:ff:ff:ff:ff
inet 172.24.1.1/24 brd 172.24.1.255 scope global wlan0
valid_lft forever preferred_lft forever
inet6 fe80::f446:4155:5d19:860a/64 scope link
valid_lft forever preferred_lft forever
4: wlan1alfa: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
inet 172.22.0.99/16 brd 172.22.255.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::ba27:ebff:fe1a:16a3/64 scope link
valid_lft forever preferred_lft forever
6: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 100
link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
inet6 fe80::8085:54ff:fe54:e18c/64 scope link
valid_lft forever preferred_lft forever
7: rename7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN group default qlen 1000
link/ieee802.11/radiotap 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff
iptables:
# Add a masquerade for outbound traffic on eth0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
..
echo " # Forward WLAN to Eth, and back (note: incoming initiated on WLAN do not get to LAN)"
sudo iptables -A FORWARD -i wlan0 -o eth0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_WLAN0_to_Eth0
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_Eth0_backTo_WLAN0
sudo iptables -A FORWARD -i eth0 -o wlan0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_eth0_to_wlan0
sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_wlan0_to_eth0
$ tail /var/log/messages from iptables (with everything being logged whether Accepted or Dropped):
trying http://172.22.0.99:8080 :
• Feb 18 13:23:25 shep kernel: [1630978.112563] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26841 PROTO=TCP SPT=51634 DPT=22 WINDOW=66 RES=0x00 ACK URGP=0
• Feb 18 13:23:37 shep kernel: [1630990.317785] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=26843 PROTO=TCP SPT=51634 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
• Feb 18 13:23:37 shep kernel: [1630990.318185] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=104 TOS=0x10 PREC=0x00 TTL=64 ID=54479 DF PROTO=TCP SPT=22 DPT=51634 WINDOW=424 RES=0x00 ACK PSH URGP=0
• Feb 18 13:23:49 shep kernel: [1631002.193203] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26851 DF PROTO=TCP SPT=51642 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
• Feb 18 13:23:49 shep kernel: [1631002.193337] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51503 DF PROTO=TCP SPT=80 DPT=51642 WINDOW=0 RES=0x00 ACK RST URGP=0
• Feb 18 13:24:01 shep kernel: [1631014.835337] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
• Feb 18 13:24:01 shep kernel: [1631014.835409] IPTables-Accepted-I: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
• Feb 18 13:24:27 shep kernel: [1631039.962078] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26874 DF PROTO=TCP SPT=51648 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
• Feb 18 13:24:27 shep kernel: [1631039.962176] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53485 DF PROTO=TCP SPT=80 DPT=51648 WINDOW=0 RES=0x00 ACK RST URGP=0
• Feb 18 13:24:37 shep kernel: [1631050.042812] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=55862 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
• Feb 18 13:24:37 shep kernel: [1631050.065256] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=31426 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1200 RES=0x00 ACK URGP=0
• Feb 18 13:24:49 shep kernel: [1631062.130744] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=31430 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1672 RES=0x00 ACK PSH URGP=0
• Feb 18 13:24:49 shep kernel: [1631062.131706] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=519 TOS=0x00 PREC=0x00 TTL=64 ID=55865 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
• Feb 18 13:25:01 shep kernel: [1631074.255485] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=165 TOS=0x00 PREC=0x00 TTL=255 ID=31435 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1645 RES=0x00 ACK PSH URGP=0
• Feb 18 13:25:01 shep kernel: [1631074.301286] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 (Arduino) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=55867 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK URGP=0
trying http://172.24.1.1:8080 :
• Feb 18 15:14:15 shep kernel: [1637627.961592] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:92:d6:08:00 SRC=172.22.0.102 (Arduino 2) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=72 PROTO=TCP SPT=52001 DPT=8080 WINDOW=1875 RES=0x00 ACK FIN URGP=0
• Feb 18 15:14:15 shep kernel: [1637627.961831] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.102 (Arduino 2) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11122 DF PROTO=TCP SPT=8080 DPT=52001 WINDOW=29200 RES=0x00 ACK FIN URGP=0
• Feb 18 15:14:25 shep kernel: [1637638.193698] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:5c:cf:7f:3c:59:86:08:00 SRC=172.24.1.106 (Arduino 3) DST=172.22.0.99 LEN=81 TOS=0x00 PREC=0x00 TTL=255 ID=16314 PROTO=TCP SPT=49154 DPT=1883 WINDOW=1884 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:25 shep kernel: [1637638.194012] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=93 TOS=0x00 PREC=0x00 TTL=64 ID=3867 DF PROTO=TCP SPT=1883 DPT=50392 WINDOW=6231 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:35 shep kernel: [1637648.508430] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=27282 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=64 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:35 shep kernel: [1637648.508521] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=31818 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
• Feb 18 15:14:48 shep kernel: [1637661.183931] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=27329 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:48 shep kernel: [1637661.187210] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 LEN=1500 TOS=0x10 PREC=0x00 TTL=64 ID=31852 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
• Feb 18 15:14:58 shep kernel: [1637671.438928] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:96:51:08:00 SRC=172.22.0.100 (Arduino 4) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=1463 PROTO=TCP SPT=52080 DPT=8080 WINDOW=1680 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:58 shep kernel: [1637671.440119] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.100 (Arduino 4) LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=60505 DF PROTO=TCP SPT=8080 DPT=52080 WINDOW=29200 RES=0x00 ACK PSH URGP=0
Edit 1 (but see Edit 2). The Web Service is 'domoticz':
$ sudo netstat -taupen | grep LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 15295 1847/smbd
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1000 11927 1437/Xtightvnc
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 1000 11924 1437/Xtightvnc
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 0 14462 1154/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 14453 1143/sshd
tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN 1000 15768 716/node-red
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 0 11708 903/mosquitto
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 15294 1847/smbd
tcp6 0 0 :::139 :::* LISTEN 0 15293 1847/smbd
tcp6 0 0 :::8080 :::* LISTEN 1000 4902627 25249/domoticz
tcp6 0 0 :::53 :::* LISTEN 0 14464 1154/dnsmasq
tcp6 0 0 :::22 :::* LISTEN 0 14455 1143/sshd
tcp6 0 0 :::1883 :::* LISTEN 0 11709 903/mosquitto
tcp6 0 0 :::445 :::* LISTEN 0 15292 1847/smbd
tcp6 0 0 :::6144 :::* LISTEN 1000 4902635 25249/domoticz
$ netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::53 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::1883 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 :::6144 :::* LISTEN
Edit 2: Following a configuration change, the Domoticz Web Server is now listening on 0.0.0.0:8080, but still fails as above.
$ sudo netstat -taupen | grep domoticz
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1000 21943078 27425/domoticz <<---
tcp 0 0 172.22.0.99:8080 172.22.0.102:52060 ESTABLISHED 1000 21949101 27425/domoticz
tcp 0 0 172.22.0.99:8080 172.22.0.100:52135 ESTABLISHED 1000 21949100 27425/domoticz
tcp 0 0 172.22.0.99:58528 172.22.0.99:1883 ESTABLISHED 1000 21946463 27425/domoticz
tcp6 0 0 :::6144 :::* LISTEN 1000 21943086 27425/domoticz
iptables network-interface routing webserver nat
I’m trying to access a Web Service (port 8080) on my Raspberry Pi via both of the following interfaces (which have static IPs):
- Ethernet (eth0, 172.22.0.99, connected to a Netgear router).
- Wi-Fi (wlan0, 172.24.1.1, providing an Access Point).
Currently, I can only access the web service if I connect to eth0 and gain an IP address 172.22.0.x.
If I connect to the Wi-Fi Access Point on wlan0 then I correctly acquire an IP Address 172.24.1.x, hence SSH works, but the web service is inaccessible (both http://172.22.0.99:8080 and http://172.24.1.1:8080).
I’ve been testing the above using a Windows 10 laptop. The actual problem is that I have a number of Arduinos which can connect to the Pi’s Wi-Fi Access Point (wlan0), but cannot then access the Pi’s Web Service. Hence instead I’m currently having to connect them via the Netgear router, and hence the Pi’s eth0. This is what I’m trying to avoid.
Aside: the Pi is also running:
- OpenVPN, hence eth0 is bridged (br0, tap0).
- A Wi-Fi sniffer (wlan1alfa, renameX).
- 172.22.0.100/102/106/113 examples of a working Arduinos
Various outputs :
Windows 10 laptop when connected to the Pi’s Wi-Fi Access Point:
ipconfig (on laptop 172.24.1.42):
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::7489:b292:4e73:cbfd%2
IPv4 Address. . . . . . . . . . . :172.24.1.42
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.24.1.1
http://172.22.0.99:8080/ (on laptop 172.24.1.42)
Unable to connect
Firefox can't establish a connection to the server at 172.22.0.99.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
http://172.24.1.1:8080/ (on laptop 172.24.1.42)
The connection has timed out
The server at 172.24.1.1 is taking too long to respond.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
Pi:
$ ifconfig
br0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
inet addr:172.22.0.99 Bcast:172.22.255.255 Mask:255.255.0.0
inet6 addr: fe80::ba27:ebff:fe1a:16a3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1150213 errors:0 dropped:0 overruns:0 frame:0
TX packets:431995 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:200587924 (191.2 MiB) TX bytes:137714386 (131.3 MiB)
eth0 Link encap:Ethernet HWaddr b8:27:eb:1a:16:a3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1150375 errors:0 dropped:0 overruns:0 frame:0
TX packets:449400 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:200603903 (191.3 MiB) TX bytes:143711369 (137.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1128130 errors:0 dropped:0 overruns:0 frame:0
TX packets:1128130 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:129944607 (123.9 MiB) TX bytes:129944607 (123.9 MiB)
rename7 Link encap:UNSPEC HWaddr 00-C0-CA-8F-F8-1D-30-30-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2753461 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:328484228 (313.2 MiB) TX bytes:0 (0.0 B)
tap0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c
inet6 addr: fe80::8085:54ff:fe54:e18c/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:644390 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:135759131 (129.4 MiB)
wlan0 Link encap:Ethernet HWaddr b8:27:eb:4f:43:f6
inet addr:172.24.1.1 Bcast:172.24.1.255 Mask:255.255.255.0
inet6 addr: fe80::f446:4155:5d19:860a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:479547 errors:0 dropped:0 overruns:0 frame:0
TX packets:488461 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:30867423 (29.4 MiB) TX bytes:40144827 (38.2 MiB)
$ ip route
default via 172.22.0.1 dev br0 metric 205
default via 172.24.1.1 dev wlan0 metric 303
172.22.0.0/16 dev br0 proto kernel scope link src 172.22.0.99 metric 205
172.24.1.0/24 dev wlan0 proto kernel scope link src 172.24.1.1 metric 303
$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether b8:27:eb:1a:16:a3 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:4f:43:f6 brd ff:ff:ff:ff:ff:ff
inet 172.24.1.1/24 brd 172.24.1.255 scope global wlan0
valid_lft forever preferred_lft forever
inet6 fe80::f446:4155:5d19:860a/64 scope link
valid_lft forever preferred_lft forever
4: wlan1alfa: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
inet 172.22.0.99/16 brd 172.22.255.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::ba27:ebff:fe1a:16a3/64 scope link
valid_lft forever preferred_lft forever
6: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 100
link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
inet6 fe80::8085:54ff:fe54:e18c/64 scope link
valid_lft forever preferred_lft forever
7: rename7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN group default qlen 1000
link/ieee802.11/radiotap 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff
iptables:
# Add a masquerade for outbound traffic on eth0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
..
echo " # Forward WLAN to Eth, and back (note: incoming initiated on WLAN do not get to LAN)"
sudo iptables -A FORWARD -i wlan0 -o eth0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_WLAN0_to_Eth0
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_Eth0_backTo_WLAN0
sudo iptables -A FORWARD -i eth0 -o wlan0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_eth0_to_wlan0
sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_wlan0_to_eth0
$ tail /var/log/messages from iptables (with everything being logged whether Accepted or Dropped):
trying http://172.22.0.99:8080 :
• Feb 18 13:23:25 shep kernel: [1630978.112563] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26841 PROTO=TCP SPT=51634 DPT=22 WINDOW=66 RES=0x00 ACK URGP=0
• Feb 18 13:23:37 shep kernel: [1630990.317785] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=26843 PROTO=TCP SPT=51634 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
• Feb 18 13:23:37 shep kernel: [1630990.318185] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=104 TOS=0x10 PREC=0x00 TTL=64 ID=54479 DF PROTO=TCP SPT=22 DPT=51634 WINDOW=424 RES=0x00 ACK PSH URGP=0
• Feb 18 13:23:49 shep kernel: [1631002.193203] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26851 DF PROTO=TCP SPT=51642 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
• Feb 18 13:23:49 shep kernel: [1631002.193337] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51503 DF PROTO=TCP SPT=80 DPT=51642 WINDOW=0 RES=0x00 ACK RST URGP=0
• Feb 18 13:24:01 shep kernel: [1631014.835337] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
• Feb 18 13:24:01 shep kernel: [1631014.835409] IPTables-Accepted-I: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
• Feb 18 13:24:27 shep kernel: [1631039.962078] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26874 DF PROTO=TCP SPT=51648 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
• Feb 18 13:24:27 shep kernel: [1631039.962176] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53485 DF PROTO=TCP SPT=80 DPT=51648 WINDOW=0 RES=0x00 ACK RST URGP=0
• Feb 18 13:24:37 shep kernel: [1631050.042812] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=55862 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
• Feb 18 13:24:37 shep kernel: [1631050.065256] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=31426 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1200 RES=0x00 ACK URGP=0
• Feb 18 13:24:49 shep kernel: [1631062.130744] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=31430 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1672 RES=0x00 ACK PSH URGP=0
• Feb 18 13:24:49 shep kernel: [1631062.131706] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=519 TOS=0x00 PREC=0x00 TTL=64 ID=55865 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
• Feb 18 13:25:01 shep kernel: [1631074.255485] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=165 TOS=0x00 PREC=0x00 TTL=255 ID=31435 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1645 RES=0x00 ACK PSH URGP=0
• Feb 18 13:25:01 shep kernel: [1631074.301286] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 (Arduino) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=55867 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK URGP=0
trying http://172.24.1.1:8080 :
• Feb 18 15:14:15 shep kernel: [1637627.961592] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:92:d6:08:00 SRC=172.22.0.102 (Arduino 2) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=72 PROTO=TCP SPT=52001 DPT=8080 WINDOW=1875 RES=0x00 ACK FIN URGP=0
• Feb 18 15:14:15 shep kernel: [1637627.961831] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.102 (Arduino 2) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11122 DF PROTO=TCP SPT=8080 DPT=52001 WINDOW=29200 RES=0x00 ACK FIN URGP=0
• Feb 18 15:14:25 shep kernel: [1637638.193698] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:5c:cf:7f:3c:59:86:08:00 SRC=172.24.1.106 (Arduino 3) DST=172.22.0.99 LEN=81 TOS=0x00 PREC=0x00 TTL=255 ID=16314 PROTO=TCP SPT=49154 DPT=1883 WINDOW=1884 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:25 shep kernel: [1637638.194012] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=93 TOS=0x00 PREC=0x00 TTL=64 ID=3867 DF PROTO=TCP SPT=1883 DPT=50392 WINDOW=6231 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:35 shep kernel: [1637648.508430] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=27282 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=64 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:35 shep kernel: [1637648.508521] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=31818 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
• Feb 18 15:14:48 shep kernel: [1637661.183931] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=27329 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:48 shep kernel: [1637661.187210] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 LEN=1500 TOS=0x10 PREC=0x00 TTL=64 ID=31852 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
• Feb 18 15:14:58 shep kernel: [1637671.438928] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:96:51:08:00 SRC=172.22.0.100 (Arduino 4) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=1463 PROTO=TCP SPT=52080 DPT=8080 WINDOW=1680 RES=0x00 ACK PSH URGP=0
• Feb 18 15:14:58 shep kernel: [1637671.440119] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.100 (Arduino 4) LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=60505 DF PROTO=TCP SPT=8080 DPT=52080 WINDOW=29200 RES=0x00 ACK PSH URGP=0
Edit 1 (but see Edit 2). The Web Service is 'domoticz':
$ sudo netstat -taupen | grep LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 15295 1847/smbd
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1000 11927 1437/Xtightvnc
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 1000 11924 1437/Xtightvnc
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 0 14462 1154/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 14453 1143/sshd
tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN 1000 15768 716/node-red
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 0 11708 903/mosquitto
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 15294 1847/smbd
tcp6 0 0 :::139 :::* LISTEN 0 15293 1847/smbd
tcp6 0 0 :::8080 :::* LISTEN 1000 4902627 25249/domoticz
tcp6 0 0 :::53 :::* LISTEN 0 14464 1154/dnsmasq
tcp6 0 0 :::22 :::* LISTEN 0 14455 1143/sshd
tcp6 0 0 :::1883 :::* LISTEN 0 11709 903/mosquitto
tcp6 0 0 :::445 :::* LISTEN 0 15292 1847/smbd
tcp6 0 0 :::6144 :::* LISTEN 1000 4902635 25249/domoticz
$ netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::53 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::1883 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 :::6144 :::* LISTEN
Edit 2: Following a configuration change, the Domoticz Web Server is now listening on 0.0.0.0:8080, but still fails as above.
$ sudo netstat -taupen | grep domoticz
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1000 21943078 27425/domoticz <<---
tcp 0 0 172.22.0.99:8080 172.22.0.102:52060 ESTABLISHED 1000 21949101 27425/domoticz
tcp 0 0 172.22.0.99:8080 172.22.0.100:52135 ESTABLISHED 1000 21949100 27425/domoticz
tcp 0 0 172.22.0.99:58528 172.22.0.99:1883 ESTABLISHED 1000 21946463 27425/domoticz
tcp6 0 0 :::6144 :::* LISTEN 1000 21943086 27425/domoticz
iptables network-interface routing webserver nat
iptables network-interface routing webserver nat
edited Feb 18 at 19:55
Rui F Ribeiro
41.5k1482140
41.5k1482140
asked Feb 18 at 15:58
GeoffGeoff
316
316
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Problem solved! I was only doing the following single flush command:
sudo iptables -F
Hence specifically I wasn't flushing all of the iptables rules, eg. the NAT.
So I had this mess of PREROUTING & POSTROUTING duplicates:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
Once I started using the following before creating my rules it worked (no other change):
sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo ipset flush
sudo ipset destroy
sudo ipset list
Apparently I should also do:
sudo iptables -t raw -F
sudo iptables -t raw -X
Now I have:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
So now if I connect to the Pi's Wireless Access Point on 172.24.1.1 (wlan0) and get IP address 172.24.1.x I can access the Domoticz Web Server on the Pi via http://172.24.1.1:8080, which is what I want.
It was previously the case that I had to go via a separate router (172.22.0.1), get IP address 172.22.0.x, and access the Pi via eth0: http://172.22.0.99:8080.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501390%2fweb-server-access-via-second-interface%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Problem solved! I was only doing the following single flush command:
sudo iptables -F
Hence specifically I wasn't flushing all of the iptables rules, eg. the NAT.
So I had this mess of PREROUTING & POSTROUTING duplicates:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
Once I started using the following before creating my rules it worked (no other change):
sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo ipset flush
sudo ipset destroy
sudo ipset list
Apparently I should also do:
sudo iptables -t raw -F
sudo iptables -t raw -X
Now I have:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
So now if I connect to the Pi's Wireless Access Point on 172.24.1.1 (wlan0) and get IP address 172.24.1.x I can access the Domoticz Web Server on the Pi via http://172.24.1.1:8080, which is what I want.
It was previously the case that I had to go via a separate router (172.22.0.1), get IP address 172.22.0.x, and access the Pi via eth0: http://172.22.0.99:8080.
add a comment |
Problem solved! I was only doing the following single flush command:
sudo iptables -F
Hence specifically I wasn't flushing all of the iptables rules, eg. the NAT.
So I had this mess of PREROUTING & POSTROUTING duplicates:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
Once I started using the following before creating my rules it worked (no other change):
sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo ipset flush
sudo ipset destroy
sudo ipset list
Apparently I should also do:
sudo iptables -t raw -F
sudo iptables -t raw -X
Now I have:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
So now if I connect to the Pi's Wireless Access Point on 172.24.1.1 (wlan0) and get IP address 172.24.1.x I can access the Domoticz Web Server on the Pi via http://172.24.1.1:8080, which is what I want.
It was previously the case that I had to go via a separate router (172.22.0.1), get IP address 172.22.0.x, and access the Pi via eth0: http://172.22.0.99:8080.
add a comment |
Problem solved! I was only doing the following single flush command:
sudo iptables -F
Hence specifically I wasn't flushing all of the iptables rules, eg. the NAT.
So I had this mess of PREROUTING & POSTROUTING duplicates:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
Once I started using the following before creating my rules it worked (no other change):
sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo ipset flush
sudo ipset destroy
sudo ipset list
Apparently I should also do:
sudo iptables -t raw -F
sudo iptables -t raw -X
Now I have:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
So now if I connect to the Pi's Wireless Access Point on 172.24.1.1 (wlan0) and get IP address 172.24.1.x I can access the Domoticz Web Server on the Pi via http://172.24.1.1:8080, which is what I want.
It was previously the case that I had to go via a separate router (172.22.0.1), get IP address 172.22.0.x, and access the Pi via eth0: http://172.22.0.99:8080.
Problem solved! I was only doing the following single flush command:
sudo iptables -F
Hence specifically I wasn't flushing all of the iptables rules, eg. the NAT.
So I had this mess of PREROUTING & POSTROUTING duplicates:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
Once I started using the following before creating my rules it worked (no other change):
sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo ipset flush
sudo ipset destroy
sudo ipset list
Apparently I should also do:
sudo iptables -t raw -F
sudo iptables -t raw -X
Now I have:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
So now if I connect to the Pi's Wireless Access Point on 172.24.1.1 (wlan0) and get IP address 172.24.1.x I can access the Domoticz Web Server on the Pi via http://172.24.1.1:8080, which is what I want.
It was previously the case that I had to go via a separate router (172.22.0.1), get IP address 172.22.0.x, and access the Pi via eth0: http://172.22.0.99:8080.
edited Feb 19 at 17:13
answered Feb 19 at 17:03
GeoffGeoff
316
316
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501390%2fweb-server-access-via-second-interface%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown