-- Leo's gemini proxy

-- Connecting to gemini.ctrl-c.club:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini

IPv4 forwarding with ufw on Void Linux


There is an old Dell desktop computer within my house that only has an Ethernet port and is too far away from the router. A 50-foot Ethernet cable is not an option, and a USB Wi-Fi dongle would result in painfully slow speeds since the desktop only has USB 1.1 ports. Thus, I looked for other solutions, and it turns out that I can share my laptop's Wi-Fi connection with the desktop by connecting an Ethernet cable between the two devices. This article will document the process.


The laptop is running Void Linux, and the desktop is running Devuan Linux that is somewhat out of date due to not having an internet connection for several months. The laptop's wireless interface is wlan0, and its Ethernet interface is eth0. The desktop's Ethernet interface is eth0. Throughout the process, Wireshark helped with figuring out what was going on.


The first step is to temporarily enable IPv4 forwarding on the laptop with this command:


# sysctl net.ipv4.ip_forward=1

Afterwards, disable and enable ufw:


# ufw disable && ufw enable

Then add a rule to allow traffic to go into the Ethernet interface and come out of the Wi-Fi interface:


# ufw route allow in on eth0 out on wlan0

At this point, the two computers can be connected with an Ethernet cable, and they can ping each other using their IPv6 link-local addresses. The forwarding will not work properly, however, as the IPv4 addresses on both Ethernet devices need to be configured and NAT needs to be performed.


On the laptop, dhcpcd assigns an APIPA address to an interface by default if it cannot reach a DHCP server. Add this to the end of /etc/dhcpcd.conf to give eth0 a static address instead if a DHCP server is not reachable:


profile eth0-routing
static ip_address=192.168.2.1/24

interface eth0
fallback eth0-routing

Note that the static IPv4 address for eth0 must not be on the same subnet as the IPv4 address assigned to wlan0, which is in the 192.168.1.0/24 subnet. 192.168.2.1 is used because the laptop will act as a gateway for the desktop.


Unplug the Ethernet cable and restart the dhcpcd service:


# sv restart dhcpcd

Plug the Ethernet cable back in. After a few moments, check /var/log/messages to see if dhcpcd logged any errors, and use 'ifconfig' or 'ip addr' to confirm that the eth0 interface has an IP address of 192.168.2.1.


There is no easy way to tell ufw to use NAT, unfortunately. After some searching, I found some rules within a GitHub gist that can be placed in /etc/ufw/before.rules to enable NAT. The following needs to be placed before the filter rules:


# From: https://gist.github.com/kimus/9315140
*nat
:POSTROUTING ACCEPT [0:0]

-A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE

COMMIT

This ensures that all IP traffic coming from 192.168.2.0/24 has its source IP changed to the IPv4 address of the laptop's wlan0 interface, which is in the 192.168.1.0/24 subnet. Otherwise, the router that has the outside connection to the Internet will have no idea what to do with any traffic heading to or from the 192.168.2.0/24 subnet. In order for packets from the desktop to reach the Internet, NAT will be performed twice: once on the laptop, and once on the router itself. In fact, the laptop basically becomes a router.


Afterwards, disable and enable ufw again:


# ufw disable && ufw enable

The desktop tries to use DHCP to obtain an IPv4 address, which will not work. First, the eth0 interface needs to be brought down:


# ifdown eth0

Then, /etc/network/interfaces needs to be edited so that eth0 has a static configuration:


allow-hotplug eth0
iface eth0 inet static
    address 192.168.2.100
    gateway 192.168.2.1
    netmask 255.255.255.0

This configures the desktop to be in the 192.168.2.0/24 subnet and to use the laptop as its default gateway. Make sure to backup the existing /etc/network/interfaces file before modifying it.


Afterwards, bring up the eth0 interface:


# ifup eth0

Then try to ping an IP address on the Internet and hope it works:


$ ping 8.8.8.8

If the Internet connection is really slow on the desktop for some reason, try unplugging the cable and plugging it back in.


Now I can finally update all the packages on the desktop and browse the Internet. Unfortunately, modern web browsers are extremely slow on 20-year-old computers, but I might find some use for the old desktop. I just need to make sure not to connect to the Internet if I boot into Windows XP instead, which I sometimes do if I wanted to play old games.


There are probably other ways of accomplishing this task, but this is the method that I feel had the highest chance of success for me.


External links


These articles helped me with the configuration of this setup.


Arch Wiki article on dhcpcd

gist on how to apply NAT with ufw

Ubuntu Wiki article with some miscellanous details


Index

-- Response ended

-- Page fetched on Sun May 19 06:31:52 2024