Reasonable idea. Currently DietPi(-Config) does not handle well two WiFi devices.
The currently used iptables rules /etc/iptables.ipv4.nat will always use the Ethernet device to forward connected client requests to.
So what would be required is using a different iptables rule set based on which interface is enabled and remove the other rule set instead. As well to avoid interferences and have one default gateway only at a time, eth0 and wlan1 should be never up/configured in parallel.
I am not sure about the bond setup you did, but you could try the following:
Code: Select all
# Local auto lo iface lo inet loopback # Wifi Hotspot allow-hotplug wlan0 iface wlan0 inet static address 192.168.42.1 netmask 255.255.255.0 # Ethernet allow-hotplug eth0 iface eth0 inet static address 192.168.0.18 netmask 255.255.255.0 gateway 192.168.0.1 dns-nameservers 188.8.131.52 # - De-configure wlan1 before starting eth0 pre-up ifdown --force wlan1 # - Enable forwarding from wlan0 AP up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE up iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT up iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT # - When interface is de-configured, remove forwarding as well down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE down iptables -D FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT down iptables -D FORWARD -i wlan0 -o eth0 -j ACCEPT # Wifi Fallback allow-hotplug wlan1 iface wlan0 inet dhcp wireless-essid WIFI_SSID wireless-key WIFI_KEY wireless-mode Managed wireless-power off wpa-ssid WIFI_SSID wpa-psk WIFI_KEY # - Stop if eth0 is connected pre-up ! grep -qs 'up' /sys/class/net/eth0/operstate # - De-configure eth0 before starting wlan1 pre-up ifdown --force eth0 # - Enable forwarding from wlan0 AP up iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE up iptables -A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT up iptables -A FORWARD -i wlan0 -o wlan1 -j ACCEPT # - When interface is de-configured, remove forwarding as well down iptables -t nat -D POSTROUTING -o wlan1 -j MASQUERADE down iptables -D FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT down iptables -D FORWARD -i wlan0 -o wlan1 -j ACCEPT
- If eth0 is connected, wlan1 will never be configured. I hope when bringing up the interfaces on boot, networking.service respects the order so eth0 will always be configured first.
- If eth0 is not connected, wlan1 will be configured and as first step the obsolete eth0 will be de-configured to avoid interferences.
- eth0, when being configured, as well assures that wlan1 is down.
- Both interfaces will apply correct AP forwarding when being configured and remove them when being de-configured.
In combination the above assures that eth0 and wlan1 are never up together and that there is always only one AP forwarding rule set active at a time.
Only thing, when eth0 is disconnected and wlan1 up, then you plug eth0, it is not configured automatically. ifup eth0 is required to achieve that. Alternatively the ifplugd package can do that job: https://packages.debian.org/de/stretch/ifplugd. It only needs to be assured that it only handles eth0 and not wlan1 (which it is obviously capable of).
Note that when using dhcp, address+netmask+gateway are ignored anyway and dns-nameservers overridden in most cases. All this info is only required for static mode and retrieved via dhcp automatically otherwise.
I was now trying to understand the bonding setup:
- This is actually nice as well if you have multiple adapters/interfaces on the same network and only one should be used.
- But the issue in case of WiFi Hotspot is that the iptables forwarding rules need to be set. And when watching the route output of Fourdee, I think it is not possible to set the rules for the bond0 interface. Although it could be tested.
- So you could try to use the interfaces file you posted with bond0 setup and then check if this works:
Code: Select all
# Remove existing rules first iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE iptables -D FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -D FORWARD -i wlan0 -o eth0 -j ACCEPT # Re-add them with bond0 as www interface instead iptables -t nat -A POSTROUTING -o bond0 -j MASQUERADE iptables -A FORWARD -i bond0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i wlan0 -o bond0 -j ACCEPT
Actually it seems to work indeed: https://unix.stackexchange.com/a/343224
So after testing the above to make these forwarding rules persistent:
Code: Select all
iptables-save > /etc/iptables.ipv4.nat