sibero80
Reasonable idea. Currently DietPi(-Config) does not handle well two WiFi devices.
The currently used iptables rules /etc/iptables.ipv4.nat will always use the Ethernet device to forward connected client requests to.
So what would be required is using a different iptables rule set based on which interface is enabled and remove the other rule set instead. As well to avoid interferences and have one default gateway only at a time, eth0 and wlan1 should be never up/configured in parallel.
I am not sure about the bond setup you did, but you could try the following:
# Local
auto lo
iface lo inet loopback
# Wifi Hotspot
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.42.1
netmask 255.255.255.0
# Ethernet
allow-hotplug eth0
iface eth0 inet static
address 192.168.0.18
netmask 255.255.255.0
gateway 192.168.0.1
dns-nameservers 8.8.8.8
# - De-configure wlan1 before starting eth0
pre-up ifdown --force wlan1
# - Enable forwarding from wlan0 AP
up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
up iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
up iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
# - When interface is de-configured, remove forwarding as well
down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
down iptables -D FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
down iptables -D FORWARD -i wlan0 -o eth0 -j ACCEPT
# Wifi Fallback
allow-hotplug wlan1
iface wlan0 inet dhcp
wireless-essid WIFI_SSID
wireless-key WIFI_KEY
wireless-mode Managed
wireless-power off
wpa-ssid WIFI_SSID
wpa-psk WIFI_KEY
# - Stop if eth0 is connected
pre-up ! grep -qs 'up' /sys/class/net/eth0/operstate
# - De-configure eth0 before starting wlan1
pre-up ifdown --force eth0
# - Enable forwarding from wlan0 AP
up iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE
up iptables -A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
up iptables -A FORWARD -i wlan0 -o wlan1 -j ACCEPT
# - When interface is de-configured, remove forwarding as well
down iptables -t nat -D POSTROUTING -o wlan1 -j MASQUERADE
down iptables -D FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
down iptables -D FORWARD -i wlan0 -o wlan1 -j ACCEPT
For sure there will be a more elegant way, but in theory it contains what is required:
- If eth0 is connected, wlan1 will never be configured. I hope when bringing up the interfaces on boot, networking.service respects the order so eth0 will always be configured first.
- If eth0 is not connected, wlan1 will be configured and as first step the obsolete eth0 will be de-configured to avoid interferences.
- eth0, when being configured, as well assures that wlan1 is down.
- Both interfaces will apply correct AP forwarding when being configured and remove them when being de-configured.
In combination the above assures that eth0 and wlan1 are never up together and that there is always only one AP forwarding rule set active at a time.
Only thing, when eth0 is disconnected and wlan1 up, then you plug eth0, it is not configured automatically. ifup eth0 is required to achieve that. Alternatively the ifplugd package can do that job: https://packages.debian.org/de/stretch/ifplugd. It only needs to be assured that it only handles eth0 and not wlan1 (which it is obviously capable of).
Note that when using dhcp, address+netmask+gateway are ignored anyway and dns-nameservers overridden in most cases. All this info is only required for static mode and retrieved via dhcp automatically otherwise.
I was now trying to understand the bonding setup:
- This is actually nice as well if you have multiple adapters/interfaces on the same network and only one should be used.
- But the issue in case of WiFi Hotspot is that the iptables forwarding rules need to be set. And when watching the route output of Fourdee, I think it is not possible to set the rules for the bond0 interface. Although it could be tested.
- So you could try to use the interfaces file you posted with bond0 setup and then check if this works:
# Remove existing rules first
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
iptables -D FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -i wlan0 -o eth0 -j ACCEPT
# Re-add them with bond0 as www interface instead
iptables -t nat -A POSTROUTING -o bond0 -j MASQUERADE
iptables -A FORWARD -i bond0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o bond0 -j ACCEPT
- If then connected clients can access www regardless of eth0 being currently connected or not, this is of course a much easier config with less overhead.
Actually it seems to work indeed: https://unix.stackexchange.com/a/343224
So after testing the above to make these forwarding rules persistent:
iptables-save > /etc/iptables.ipv4.nat