How can I share LTE modem internet over Wifi?

Question

I've got my LTE modem setup with NetworkManager/ModemManager and that's working fine. I've also got Wifi setup as an access point in NetworkManager with DHCP.

But how can I share the LTE modem internet access over Wifi? I've enabled IP forwarding (echo 1 > /proc/sys/net/ipv4/ip_forward), what else is there?

# ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:12946 errors:0 dropped:0 overruns:0 frame:0 TX packets:12946 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1297231 (1.2 MiB) TX bytes:1297231 (1.2 MiB) wlan0 Link encap:Ethernet HWaddr E8:4F:25:DD:BD:51 inet addr:10.42.0.1 Bcast:10.42.0.255 Mask:255.255.255.0 inet6 addr: fe80::ea4f:25ff:fedd:bd51/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:77 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:12101 (11.8 KiB) wwan0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:100.72.254.176 P-t-P:100.72.254.176 Mask:255.255.255.224 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:1808 errors:0 dropped:0 overruns:0 frame:0 TX packets:2176 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:356293 (347.9 KiB) TX bytes:261384 (255.2 KiB) # ip route default via 100.72.254.177 dev wwan0 metric 700 10.42.0.0/24 dev wlan0 scope link src 10.42.0.1 metric 600 100.72.254.160/27 dev wwan0 scope link src 100.72.254.176 metric 700

The DHCP for the Wifi is done by NetworkManager starting dnsmasq with default parameters:

# ps -eF | grep dnsmasq nobody 1104 606 0 1285 2444 0 09:05 ? 00:00:00 /usr/bin/dnsmasq --conf-file=/dev/null --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=10.42.0.1 --dhcp-range=10.42.0.10,10.42.0.254,60m --dhcp-lease-max=50 --dhcp-leasefile=/var/lib/NetworkManager/dnsmasq-wlan0.leases --pid-file=/var/run/nm-dnsmasq-wlan0.pid --conf-dir=/etc/NetworkManager/dnsmasq-shared.d

ref NetworkManager and dnsmasq dhcp address range).

# cat /etc/NetworkManager/system-connections/ap.nmconnection [connection] id=ap uuid=3205b229-8c4d-4766-8d63-bcd949d03321 type=wifi autoconnect=false interface-name=wlan0 [wifi] band=bg channel=1 mode=ap ssid=MySSID [wifi-security] group=ccmp; key-mgmt=wpa-psk pairwise=ccmp; proto=rsn; psk=MyPSK [ipv4] method=shared [ipv6] addr-gen-mode=stable-privacy method=ignore [proxy]

A colleague suggested https://github.com/oblique/create_ap. I tried both the NAT and bridge options but they both failed.

NAT:

# create_ap -w 2 wlan0 wwan0 APTest 12345678 WARN: brmfmac driver doesn't work properly with virtual interfaces and it can cause kernel panic. For this reason we disallow virtual interfaces for your adapter. For more info: https://github.com/oblique/create_ap/issues/203 WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt Config dir: /tmp/create_ap.wlan0.conf.XX59Vdf8 PID: 537195 Network Manager found, set wlan0 as unmanaged device... [46988.754925] ieee80211 phy1: brcmf_set_pmk: failed to change PSK in firmware (len=0) [46988.784848] ieee80211 phy1: brcmf_vif_set_mgmt_ie: vndr ie set error : -52 [46988.792027] ieee80211 phy1: brcmf_vif_set_mgmt_ie: vndr ie set error : -52 DONE Sharing Internet using method: nat iptables v1.8.7 (legacy): unknown option "--to-ports" Try `iptables -h' or 'iptables --help' for more information. Doing cleanup.. done

Bridge:

# create_ap -w 2 -m bridge wlan0 wwan0 APTest 12345678 WARN: brmfmac driver doesn't work properly with virtual interfaces and it can cause kernel panic. For this reason we disallow virtual interfaces for your adapter. For more info: https://github.com/oblique/create_ap/issues/203 WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt Config dir: /tmp/create_ap.wlan0.conf.XXgGPNON PID: 540585 Network Manager found, set wlan0 as unmanaged device... DONE Sharing Internet using method: bridge Create a bridge interface... ip: RTNETLINK answers: Operation not supported

Could we get some clarification on the hardware for the LTE modem? I'm assuming it is a one port, wired only device, or is it a MiFi/hotspot device? I'm also assuming in the case of a wired only modem, it is plugged directly into your Linux machine, and you're trying to get said machine to broadcast over WiFi, yes? — Caturday Saint
– Caturday Saint, Commented Jul 22, 2024 at 4:56

Philip Couling · Accepted Answer · 2024-07-22 06:40:11Z

For IPv4, the pieces you need are:

Access WiFi access point (you have it)
IPv4 Forwarding (you've enabled it)
Configured WAN device (you have it)
NAT between WIFI access point and WAN (you've not mentioned it).

What's a NAT and why do you need one?

Accross the internet all IP addresses are registered (in blocks) with IANA. The internet itself organises routing for every registered IP address [block], so the IP address alone tells each router where to forward packets to.

But your local network IP address (10.42.0.x in your case) are not registerd with IANA and internet routers don't know how to find you. You don't own that address anyway, but it's reserved for anyone to use like this.

Network Address Translation swaps local IP address on outgoing packets with the router's own [public] IP address so that servers on the internet see the router's public IP address, not a device's local network IP address. The router then does reverse swap for incoming packets before sending them back to local devices.

Setting up a NAT with iptables

Don't forget you might need sudo and don't forget that iptables to not save on reboot normally. Instructions on how to persist iptables rules in Ubuntu can be found here: https://askubuntu.com/questions/84781/iptables-resets-when-server-reboots

The iptables rule:

iptables -t nat -A POSTROUTING -i wlan0 -o wwan0 -j MASQUERADE

That gives me iptables v1.8.7 (legacy): Can't use -i with POSTROUTING — parsley72
– parsley72, Commented Jul 22, 2024 at 9:08
I tried iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE from netfilter.org/documentation/HOWTO/NAT-HOWTO-4.html#ss4.1 but I still don't get internet from the Wifi. — parsley72
– parsley72, Commented Jul 22, 2024 at 9:16
If it’s something else you may need to give a lot more information, like the configuration of DHCP server. — Philip Couling
– Philip Couling, Commented Jul 22, 2024 at 9:53

parsley72 · Accepted Answer · 2024-07-31 23:02:40Z

Following https://community.unix.com/t/iptables-v1-8-7-nf-tables-unknown-option-to-ports/385377/7, I added strace to my device:

# strace iptables -A OUTPUT -m owner --uid 0 execve("/usr/sbin/iptables", ["iptables", "-A", "OUTPUT", "-m", "owner", "--uid", "0"], 0x7ffa7423d0 /* 29 vars */) = 0 brk(NULL) = 0x55a5afa000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8502f000 faccessat(AT_FDCWD, "/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=32961, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 32961, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f85026000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/libip4tc.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=31152, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 160296, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84fd1000 mmap(0x7f84fe0000, 94760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84fe0000 munmap(0x7f84fd1000, 61440) = 0 munmap(0x7f84ff8000, 552) = 0 mprotect(0x7f84fe7000, 61440, PROT_NONE) = 0 mmap(0x7f84ff6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f84ff6000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/libip6tc.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=31152, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 160296, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84fb8000 mmap(0x7f84fc0000, 94760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84fc0000 munmap(0x7f84fb8000, 32768) = 0 munmap(0x7f84fd8000, 29224) = 0 mprotect(0x7f84fc7000, 61440, PROT_NONE) = 0 mmap(0x7f84fd6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f84fd6000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/libxtables.so.12", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=59304, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 199720, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84f8f000 mmap(0x7f84f90000, 134184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84f90000 munmap(0x7f84f8f000, 4096) = 0 munmap(0x7f84fb1000, 60456) = 0 mprotect(0x7f84f9e000, 61440, PROT_NONE) = 0 mmap(0x7f84fad000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7f84fad000 mmap(0x7f84faf000, 7208, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f84faf000 close(3) = 0 openat(AT_FDCWD, "/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0@\264\2\0\0\0\0\0"..., 832) = 832 pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0/\267c\324\361R\25\177\n\177\26\327\322\277\4\211"..., 68, 768) = 68 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1630088, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 1805328, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84dd7000 mmap(0x7f84de0000, 1739792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84de0000 munmap(0x7f84dd7000, 36864) = 0 munmap(0x7f84f89000, 27664) = 0 mprotect(0x7f84f68000, 61440, PROT_NONE) = 0 mmap(0x7f84f77000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x187000) = 0x7f84f77000 mmap(0x7f84f7d000, 48144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f84f7d000 close(3) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f85024000 set_tid_address(0x7f850240f0) = 25050 set_robust_list(0x7f85024100, 24) = 0 rseq(0x7f850247c0, 0x20, 0, 0xd428bc00) = 0 mprotect(0x7f84f77000, 12288, PROT_READ) = 0 mprotect(0x7f84fad000, 4096, PROT_READ) = 0 mprotect(0x7f84fd6000, 4096, PROT_READ) = 0 mprotect(0x7f84ff6000, 4096, PROT_READ) = 0 mprotect(0x557a8bc000, 4096, PROT_READ) = 0 mprotect(0x7f85033000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 munmap(0x7f85026000, 32961) = 0 newfstatat(AT_FDCWD, "/usr/lib/xtables/libipt_owner.so", 0x7fdac3dc78, 0) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/usr/lib/xtables/libxt_owner.so", {st_mode=S_IFREG|0755, st_size=18904, ...}, 0) = 0 getrandom("\x89\xee\xcc\x55\xdc\x6d\x75\xd8", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55a5afa000 brk(0x55a5b1b000) = 0x55a5b1b000 openat(AT_FDCWD, "/usr/lib/xtables/libxt_owner.so", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=18904, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 148048, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84dbb000 mmap(0x7f84dc0000, 82512, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84dc0000 munmap(0x7f84dbb000, 20480) = 0 munmap(0x7f84dd5000, 41552) = 0 mprotect(0x7f84dc3000, 65536, PROT_NONE) = 0 mmap(0x7f84dd3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f84dd3000 close(3) = 0 mprotect(0x7f84dd3000, 4096, PROT_READ) = 0 socket(AF_INET, SOCK_RAW, IPPROTO_RAW) = 3 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 newfstatat(AT_FDCWD, "/proc/net/ip_tables_names", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 statfs("/proc/net/ip_tables_names", {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0 getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, 0x7fdac3db68, [30]) = -1 ENOENT (No such file or directory) close(3) = 0 socket(AF_INET, SOCK_RAW, IPPROTO_RAW) = 3 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, 0x7fdac3db68, [30]) = -1 ENOENT (No such file or directory) close(3) = 0 write(2, "iptables v1.8.7 (legacy): ", 26iptables v1.8.7 (legacy): ) = 26 write(2, "Couldn't load match `owner':No s"..., 54Couldn't load match `owner':No such file or directory ) = 54 write(2, "\n", 1 ) = 1 write(2, "Try `iptables -h' or 'iptables -"..., 61Try `iptables -h' or 'iptables --help' for more information. ) = 61 exit_group(2) = ? +++ exited with 2 +++

Looks like we're missing /usr/lib/xtables/libipt_owner.so. https://forums.gentoo.org/viewtopic-t-754259-start-0.html suggests this requires CONFIG_NETFILTER_XT_MATCH_OWNER=m so I tried that:

# iptables -A OUTPUT -m owner --uid 0

Interestingly when running strace on the working command the line that changes is getsockopt, from:

newfstatat(AT_FDCWD, "/proc/net/ip_tables_names", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 statfs("/proc/net/ip_tables_names", {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0 getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, 0x7fdac3db68, [30]) = -1 ENOENT (No such file or directory)

to:

newfstatat(AT_FDCWD, "/proc/net/ip_tables_names", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 statfs("/proc/net/ip_tables_names", {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0 getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, "owner\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1", [30]) = 0

NAT still fails, so try {{strace}} again:

# strace iptables -w -t nat -I PREROUTING -s 192.168.12.0/24 -d 192.168.12.1 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 5353 execve("/usr/sbin/iptables", ["iptables", "-w", "-t", "nat", "-I", "PREROUTING", "-s", "192.168.12.0/24", "-d", "192.168.12.1", "-p", "tcp", "-m", "tcp", "--dport", "53", "-j", "REDIRECT", "--to-ports", "5353"], 0x7ff90c7de8 /* 29 vars */) = 0 brk(NULL) = 0x55b6039000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4e97000 faccessat(AT_FDCWD, "/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=32961, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 32961, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fb4e8e000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/libip4tc.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=31152, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 160296, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4e39000 mmap(0x7fb4e40000, 94760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4e40000 munmap(0x7fb4e39000, 28672) = 0 munmap(0x7fb4e58000, 33320) = 0 mprotect(0x7fb4e47000, 61440, PROT_NONE) = 0 mmap(0x7fb4e56000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fb4e56000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/libip6tc.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=31152, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 160296, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4e18000 mmap(0x7fb4e20000, 94760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4e20000 munmap(0x7fb4e18000, 32768) = 0 munmap(0x7fb4e38000, 29224) = 0 mprotect(0x7fb4e27000, 61440, PROT_NONE) = 0 mmap(0x7fb4e36000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fb4e36000 close(3) = 0 openat(AT_FDCWD, "/usr/lib/libxtables.so.12", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=59304, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 199720, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4def000 mmap(0x7fb4df0000, 134184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4df0000 munmap(0x7fb4def000, 4096) = 0 munmap(0x7fb4e11000, 60456) = 0 mprotect(0x7fb4dfe000, 61440, PROT_NONE) = 0 mmap(0x7fb4e0d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7fb4e0d000 mmap(0x7fb4e0f000, 7208, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb4e0f000 close(3) = 0 openat(AT_FDCWD, "/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0@\264\2\0\0\0\0\0"..., 832) = 832 pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0/\267c\324\361R\25\177\n\177\26\327\322\277\4\211"..., 68, 768) = 68 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1630088, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 1805328, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4c37000 mmap(0x7fb4c40000, 1739792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4c40000 munmap(0x7fb4c37000, 36864) = 0 munmap(0x7fb4de9000, 27664) = 0 mprotect(0x7fb4dc8000, 61440, PROT_NONE) = 0 mmap(0x7fb4dd7000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x187000) = 0x7fb4dd7000 mmap(0x7fb4ddd000, 48144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb4ddd000 close(3) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4e8c000 set_tid_address(0x7fb4e8c0f0) = 83953 set_robust_list(0x7fb4e8c100, 24) = 0 rseq(0x7fb4e8c7c0, 0x20, 0, 0xd428bc00) = 0 mprotect(0x7fb4dd7000, 12288, PROT_READ) = 0 mprotect(0x7fb4e0d000, 4096, PROT_READ) = 0 mprotect(0x7fb4e36000, 4096, PROT_READ) = 0 mprotect(0x7fb4e56000, 4096, PROT_READ) = 0 mprotect(0x558371f000, 4096, PROT_READ) = 0 mprotect(0x7fb4e9b000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 munmap(0x7fb4e8e000, 32961) = 0 getrandom("\xfa\xf8\xa1\x00\x5e\xc6\xd6\x38", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55b6039000 brk(0x55b605a000) = 0x55b605a000 newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=482, ...}, 0) = 0 newfstatat(AT_FDCWD, "/", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=482, ...}, AT_EMPTY_PATH) = 0 read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 482 read(3, "", 4096) = 0 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=482, ...}, AT_EMPTY_PATH) = 0 close(3) = 0 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=32961, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 32961, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fb4e8e000 close(3) = 0 openat(AT_FDCWD, "/lib/tls/aarch64/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/lib/tls/aarch64", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib/tls/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/lib/tls", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib/aarch64/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/lib/aarch64", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 openat(AT_FDCWD, "/usr/lib/tls/aarch64/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/usr/lib/tls/aarch64", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/tls/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/usr/lib/tls", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/aarch64/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/usr/lib/aarch64", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/usr/lib/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/usr/lib", {st_mode=S_IFDIR|0755, st_size=32768, ...}, 0) = 0 munmap(0x7fb4e8e000, 32961) = 0 openat(AT_FDCWD, "/etc/protocols", O_RDONLY|O_CLOEXEC) = 3 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=2932, ...}, AT_EMPTY_PATH) = 0 lseek(3, 0, SEEK_SET) = 0 read(3, "# Internet (IP) protocols\n#\n# Up"..., 4096) = 2932 close(3) = 0 newfstatat(AT_FDCWD, "/usr/lib/xtables/libipt_tcp.so", 0x7fe4e68508, 0) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/usr/lib/xtables/libxt_tcp.so", {st_mode=S_IFREG|0755, st_size=14424, ...}, 0) = 0 openat(AT_FDCWD, "/usr/lib/xtables/libxt_tcp.so", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=14424, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 143568, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4c1c000 mmap(0x7fb4c20000, 78032, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4c20000 munmap(0x7fb4c1c000, 16384) = 0 munmap(0x7fb4c34000, 45264) = 0 mprotect(0x7fb4c23000, 61440, PROT_NONE) = 0 mmap(0x7fb4c32000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fb4c32000 close(3) = 0 mprotect(0x7fb4c32000, 4096, PROT_READ) = 0 socket(AF_INET, SOCK_RAW, IPPROTO_RAW) = 3 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 newfstatat(AT_FDCWD, "/proc/net/ip_tables_names", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 statfs("/proc/net/ip_tables_names", {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0 getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, "tcp\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", [30]) = 0 close(3) = 0 newfstatat(AT_FDCWD, "/usr/lib/xtables/libipt_REDIRECT.so", {st_mode=S_IFREG|0755, st_size=10344, ...}, 0) = 0 openat(AT_FDCWD, "/usr/lib/xtables/libipt_REDIRECT.so", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=10344, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 139480, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4bfd000 mmap(0x7fb4c00000, 73944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4c00000 munmap(0x7fb4bfd000, 12288) = 0 munmap(0x7fb4c13000, 49368) = 0 mprotect(0x7fb4c02000, 61440, PROT_NONE) = 0 mmap(0x7fb4c11000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7fb4c11000 close(3) = 0 mprotect(0x7fb4c11000, 4096, PROT_READ) = 0 socket(AF_INET, SOCK_RAW, IPPROTO_RAW) = 3 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_TARGET, 0x7fe4e683e8, [30]) = -1 ENOENT (No such file or directory) close(3) = 0 write(2, "iptables v1.8.7 (legacy): ", 26iptables v1.8.7 (legacy): ) = 26 write(2, "unknown option \"--to-ports\"", 27unknown option "--to-ports") = 27 write(2, "\n", 1 ) = 1 write(2, "Try `iptables -h' or 'iptables -"..., 61Try `iptables -h' or 'iptables --help' for more information. ) = 61 exit_group(2) = ? +++ exited with 2 +++

Previously we had a failure with IPT_SO_GET_REVISION_MATCH, now it's IPT_SO_GET_REVISION_TARGET. I looked for usage of this in the Linux source for v5.4.238: https://elixir.bootlin.com/linux/v5.4.238/C/ident/IPT_SO_GET_REVISION_TARGET They're used in the same function. I also noticed that if you run without --to-ports you get:

# iptables -w -t nat -I PREROUTING -s 192.168.12.0/24 -d 192.168.12.1 -p tcp -m tcp --dport 53 -j REDIRECT iptables v1.8.7 (legacy): Couldn't load target `REDIRECT':No such file or directory

So if adding CONFIG_NETFILTER_XT_MATCH_OWNER fixed IPT_SO_GET_REVISION_MATCH, would adding CONFIG_NETFILTER_XT_TARGET_REDIRECT fix IPT_SO_GET_REVISION_TARGET?

Yes it does, NAT method now works.

Stack Exchange Network

How can I share LTE modem internet over Wifi?

2 Answers 2

What's a NAT and why do you need one?

Setting up a NAT with iptables

You must log in to answer this question.

Linked

Hot Network Questions

How can I share LTE modem internet over Wifi?

2 Answers 2

What's a NAT and why do you need one?

Setting up a NAT with iptables

You must log in to answer this question.

Linked

Related

Hot Network Questions