OK, after a lot of trial and error it is the iptables for port forwarding that is causing the problem for some reason.
The iptables work in the way that I want them, but there seems to be a side effect with both apt-get and dietpi-update that causes problems.
I’m guessing that apt-get is trying to use the wrong interface. etc/network/interfaces file specifies gateway as 192.168.1.1 which is on the wifi interface.
I connect to the rpi through wifi. The rpi has an IP camera connected to the ethernet port. The rpi requests pictures from the camera and saves them locally. A web server with a web app serves the pictures that are requested back to a laptop with browser. There are times when I want to access the camera directly from the laptop browser. To do this I point the browser to rpi 192.168.1.104:5001, which gets forwarded to camera at 10.0.0.101:80.
IP camera 10.0.0.101:80
rpi ethernet port 10.0.0.1
rpi wifi server 192.168.1.104:80
rpi port forward to camera 192.168.1.104:5001
laptop connected router 192.168.1.1
To create the iptables I use:
root@dietpi:~# iptables -t nat -A POSTROUTING -p tcp -j SNAT --to-source 10.0.0.1
root@dietpi:~# iptables -t nat -A PREROUTING -p tcp --dport 5001 -j DNAT --to-destination 10.0.0.100:80
root@DietPi:~# sysctl net.ipv4.ip_forward=1
root@FinCam:~# iptables -L -vt nat
Chain PREROUTING (policy ACCEPT 2 packets, 256 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp – any any anywhere anywhere tcp dpt:5001 to:10.0.0.101:80
Chain INPUT (policy ACCEPT 2 packets, 256 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 42 packets, 2545 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 7 packets, 445 bytes)
pkts bytes target prot opt in out source destination
35 2100 SNAT tcp – any any anywhere anywhere to:10.0.0.1
Can you see anything that is causing problems here?
Just to follow up with the solution. The proper iptables incantation is
root@dietpi:~# iptables -t nat -A POSTROUTING -o eth0 -p tcp -j SNAT --to-source 10.0.0.1
root@dietpi:~# iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 5001 -j DNAT --to-destination 10.0.0.100:80
Although without the -o and -i it was forwarding properly, it seems to need these arguments to make apt-get work properly.