2017-12-30 - Re: [GRASE-Hotspot] IPTABLES Help
Header Data
From: Timothy White <ti***8@gmail.com>
Message Hash: be1dd7a8c76b595d9b2c731c4f055fa219f743c88248b9c841b2f4317ee80463
Message ID: <CAESLx0LN8HQZ16Tvn-RtoDK6m-ACi6oa9TnNB_2TEeA+mFsCsA@mail.gmail.com>
Reply To: <CAFb3bYCynYZKW=SaSU+cf-DxHw1Z2im1jT5Y8LjZNxnhVPrWYQ@mail.gmail.com>
UTC Datetime: 2017-12-30 19:07:12 UTC
Raw Date: Sun, 31 Dec 2017 12:07:12 +1000
Raw message
Hi Sergen
It sounds like the issue is "SMB over NAT". SMB is the windows file
sharing protocol, and it's not designed to work over NAT. Have a look
at https://social.technet.microsoft.com/Forums/office/en-US/afacec9f-fb10-46cc-884e-1cd7877ef1da/accessing-file-shares-over-nat?forum=winserverfiles
I don't think it's actually iptables blocking them (unless you've
customised the default rules), but rather an issue with NAT or
Connection tracking (part of NAT). Why your iptables rules work, I'm
not entirely sure, but I'm fairly sure they break authentication
(allow everything through without authentication), and so you may as
well not have the Hotspot at all.
The hotspot isn't really designed for things like file sharing through
the hotspot, but controlling connections to the internet. Is there a
particular reason you are trying to do this from a client over the
hotspot? Could you instead install SMB on the Hotspot server, so the
clients can access a local SMB server (you'll need to allow the ports
for SMB to the hotspot server)??
Regards
Tim
On Fri, Dec 29, 2017 at 5:57 PM, Sergen Çolak <se***7@gmail.com> wrote:
> Hello again Tim,
> After doing Hotspot authentication, XP and Windows 7 can talk to each other.
> Ping can be thrown. RDP connection can be made. However, when I try to send
> files between two computers, iptables blocks them. At your convenience, you
> can conduct a test on this building. I have reached the solution with the
> rules I have written. But if there is a different way, I am waiting for it
> with curiosity
> Best regards
>
> 2017-12-29 10:33 GMT+03:00 Timothy White <ti***8@gmail.com>:
>>
>> Hi Sergen
>>
>> As long as the Windows XP computer is authenticated to the hotspot, it
>> should be able to talk to the Windows 7 computer. At no point will the
>> Windows 7 computer be able to "talk back" (initiate connections), but
>> it will be able to respond to the Windows XP computer.
>>
>> Those rules you've shown, I don't fully understand them, but it looks
>> like you're forwarding all connections, which makes the hotspot
>> useless (nothing is going through the hotspot properly). You may want
>> to revert to the original settings, and ensure that you are fully
>> authenticated to the hotspot (logged in), and try again.
>>
>> Regards
>>
>> Tim
>>
>> On Fri, Dec 29, 2017 at 4:28 PM, Sergen Çolak <se***7@gmail.com>
>> wrote:
>> > Hi Tim,
>> > I will try to explain what I want to do. In the meantime, I use
>> > translate in
>> > my writing forgive the errors :)
>> > I have a Debian-installed computer and a hotspot is running on it.
>> > Eth0 - 192.168.1.101
>> > Eth1- 10.1.0.1
>> > I have one XP computer and I have IP over Hotspot. 10.1.0.2
>> > I also have another Windows 7 computer and this computer is not
>> > connected to
>> > the hotspot. IP address 192.168.1.238
>> >
>> > What I want to do now is to send files from the XP computer connected to
>> > the
>> > Hotspot to the Windows 7 Computer which is not connected to the Hotspot.
>> > However, Iptables Forward rules prevent this.
>> > I have produced a solution myself and maybe it will benefit. It's
>> > running. I
>> > added it to Coovachilli up.sh file.
>> > ipt -I FORWARD -s $ ADDR / 20 -j ACCEPT
>> > ipt -I FORWARD -s $ ADDR / 20 -i $ TUNTAP -p tcp --dport 80 -j DROP
>> > ipt -I FORWARD -s $ ADDR / 20 -i eth1 -p tcp --dport 80 -j DROP
>> > Thank you for the answer.
>> >
>> > 2017-12-29 0:01 GMT+03:00 Timothy White <ti***8@gmail.com>:
>> >>
>> >> Hi Sergen
>> >>
>> >> I'm not sure we really understand what you are trying to do. Can you
>> >> please draw a diagram of your setup, and explain what you are trying
>> >> to achieve?
>> >>
>> >> The best I can understand, is that you want a computer on the hotspot
>> >> network to talk to a computer on the "internal" network? Is your
>> >> internal network the same network as the hotspots WAN?
>> >> From one of your images, it looks like you can ping and browse that
>> >> internal computer, so what is the problem?
>> >>
>> >> Regards
>> >>
>> >> Tim
>> >>
>> >> On Fri, Dec 22, 2017 at 5:07 PM, Sergen Çolak <se***7@gmail.com>
>> >> wrote:
>> >> > Hello to everyone,
>> >> > I am using a grase hotspot on Debian. I have a user computer that
>> >> > takes
>> >> > hotspot ip. I have an internal network computer in one bag. However,
>> >> > I
>> >> > can
>> >> > not transfer files from my Hotspot ip computer to the internal
>> >> > network.
>> >> > I
>> >> > share the ifconfig output and my computer's threads and I am waiting
>> >> > for
>> >> > your help.
>> >> >
>> >> > --
>> >> > This mailing list is for the Grase Hotspot Project
>> >> > http://grasehotspot.org
>> >> > ---
>> >> > You received this message because you are subscribed to the Google
>> >> > Groups
>> >> > "Grase Hotspot" group.
>> >> > To unsubscribe from this group and stop receiving emails from it,
>> >> > send
>> >> > an
>> >> > email to gr***e@grasehotspot.org.
>> >> > To post to this group, send email to gr***t@grasehotspot.org.
>> >> > Visit this group at
>> >> > https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>> >> > To view this discussion on the web visit
>> >> >
>> >> >
>> >> > https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/398f5457-abab-4123-99b6-8fb49d69b4dd%40grasehotspot.org.
>> >>
>> >> --
>> >> This mailing list is for the Grase Hotspot Project
>> >> http://grasehotspot.org
>> >> ---
>> >> You received this message because you are subscribed to the Google
>> >> Groups
>> >> "Grase Hotspot" group.
>> >> To unsubscribe from this group and stop receiving emails from it, send
>> >> an
>> >> email to gr***e@grasehotspot.org.
>> >> To post to this group, send email to gr***t@grasehotspot.org.
>> >> Visit this group at
>> >> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>> >> To view this discussion on the web visit
>> >>
>> >> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0%2Bwh-Xpc5iOV5yBrGaqRU2b2iT1gnbQX9v%2BW6MEs_1%2Bqg%40mail.gmail.com.
>> >
>> >
>> > --
>> > This mailing list is for the Grase Hotspot Project
>> > http://grasehotspot.org
>> > ---
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Grase Hotspot" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to gr***e@grasehotspot.org.
>> > To post to this group, send email to gr***t@grasehotspot.org.
>> > Visit this group at
>> > https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>> > To view this discussion on the web visit
>> >
>> > https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAFb3bYCwcpBpqqoQucOnHF4_zp1nbbzj6zi__kj%3DKkgBmBsjLw%40mail.gmail.com.
>>
>> --
>> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to gr***e@grasehotspot.org.
>> To post to this group, send email to gr***t@grasehotspot.org.
>> Visit this group at
>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>> To view this discussion on the web visit
>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0%2B29TG0pwGBLJkwaQXdKkF4v%2B_8jkkF1ogARJKW80Jzzg%40mail.gmail.com.
>
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at
> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAFb3bYCynYZKW%3DSaSU%2Bcf-DxHw1Z2im1jT5Y8LjZNxnhVPrWYQ%40mail.gmail.com.
Thread
-
Return to December 2017
- Return to “Sergen Çolak <se***7@gmail.com>”
-
Return to “Timothy White <ti***8@gmail.com>”
- 2017-12-22 (Thu, 21 Dec 2017 23:07:32 -0800) - IPTABLES Help - Sergen Çolak <se***7@gmail.com>
- 2017-12-28 (Fri, 29 Dec 2017 07:01:33 +1000) - Re: [GRASE-Hotspot] IPTABLES Help - Timothy White <ti***8@gmail.com>
- 2017-12-28 (Fri, 29 Dec 2017 09:28:56 +0300) - Re: [GRASE-Hotspot] IPTABLES Help - Sergen Çolak <se***7@gmail.com>
- 2017-12-29 (Fri, 29 Dec 2017 17:33:12 +1000) - Re: [GRASE-Hotspot] IPTABLES Help - Timothy White <ti***8@gmail.com>
- 2017-12-29 (Fri, 29 Dec 2017 10:57:00 +0300) - Re: [GRASE-Hotspot] IPTABLES Help - Sergen Çolak <se***7@gmail.com>
- 2017-12-30 (Sun, 31 Dec 2017 12:07:12 +1000) - Re: [GRASE-Hotspot] IPTABLES Help - Timothy White <ti***8@gmail.com>
- 2017-12-29 (Fri, 29 Dec 2017 10:57:00 +0300) - Re: [GRASE-Hotspot] IPTABLES Help - Sergen Çolak <se***7@gmail.com>
- 2017-12-29 (Fri, 29 Dec 2017 17:33:12 +1000) - Re: [GRASE-Hotspot] IPTABLES Help - Timothy White <ti***8@gmail.com>
- 2017-12-28 (Fri, 29 Dec 2017 09:28:56 +0300) - Re: [GRASE-Hotspot] IPTABLES Help - Sergen Çolak <se***7@gmail.com>
- 2017-12-28 (Fri, 29 Dec 2017 07:01:33 +1000) - Re: [GRASE-Hotspot] IPTABLES Help - Timothy White <ti***8@gmail.com>