Missing iptables_nat

[shimikano]

With the new TinkerOs V1.6, iptables_nat should be integrated in the kernel.
But it seems that there are other kernel modules missing that I need for NAT.

The command 'sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE'
now results in the error message 'iptables: No chain/target/match by that name.'

So even with V1.6 it is not possible for me to configure a wireless router.

I can confirm this with V1.6 (Beta):

Code:

sudo iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE
iptables: No chain/target/match by that name.

Looking at the config, I guess the missing entry is CONFIG_NF_NAT_MASQUERADE_IPV4 (and CONFIG_NF_NAT_MASQUERADE_IPV6, respectively):

Code:

zcat /proc/config.gz | grep -i nf_nat
CONFIG_NF_NAT=y
CONFIG_NF_NAT_NEEDED=y
# CONFIG_NF_NAT_AMANDA is not set
# CONFIG_NF_NAT_FTP is not set
# CONFIG_NF_NAT_IRC is not set
# CONFIG_NF_NAT_SIP is not set
# CONFIG_NF_NAT_TFTP is not set
# CONFIG_NF_NAT_REDIRECT is not set
CONFIG_NF_NAT_IPV4=y
# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_H323 is not set
CONFIG_IP_NF_NAT=y
CONFIG_NF_NAT_IPV6=y
# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set
# CONFIG_IP6_NF_NAT is not set

So, could you please enable this as well? Thank you!

IP masquerading is an important feature, e.g., for a VPN server to route VPN traffic to the internal network correctly, which seems to be a common use case for the Tinker Board.

[bb8x]

With the new TinkerOs V1.6, iptables_nat should be integrated in the kernel.
But it seems that there are other kernel modules missing that I need for NAT.

The command 'sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE'
now results in the error message 'iptables: No chain/target/match by that name.'

So even with V1.6 it is not possible for me to configure a wireless router.

I want to do the same thing and have tried with the v1.8 beta, but run into the same problems. Masquerading apparently is not enabled yet... They must have forgotten that, otherwise NAT makes no sense.

BTW do you have a working "/etc/hostapd/hostapd.conf" file? I seem to get all sorts of errors but am sure it worked in v1.4
EDIT: found that wpa_supplicant was blocking access to the wifi

[shimikano]

I want to do the same thing and have tried with the v1.8 beta, but run into the same problems. Masquerading apparently is not enabled yet... They must have forgotten that, otherwise NAT makes no sense.

Code:

zcat /proc/config.gz | grep -i nf_nat_masq
# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set
# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set

Since the relevant kernel config has not changed, I can confirm that masquerading still fails with the same error message in v1.8 beta.

@ Asus people/moderators: Any comments on this issue?

[manbearpig]

Unfortunately having the same issue with V1.8. I'm trying to use the Tinker Board for a Reverse OpenVPN connection yet this is getting in the way.

linaro@linaro-alip:~$ sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables: No chain/target/match by that name.
linaro@linaro-alip:~$ zcat /proc/config.gz | grep -i nf_nat_masq
# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set
# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set

Any ideas on when this will be fixed?

[shimikano]

It's a pity that this issue doesn't seem to get the attention we'd hoped for, given the supposedly easy fix...

[shimikano]

Better late than never - TinkerOS_Debian V1.9 (Beta version) contains the necessary kernel options for masquerading 

[bb8x]

Better late than never - TinkerOS_Debian V1.9 (Beta version) contains the necessary kernel options for masquerading 

Have you had any succes?

I am stuck right now: Iptables does not report any errors anymore but when I try to set up the board as a Wifi-router (using TinkerOS_Debian V2.0.1), I can't get hostapd working. It never manages to create the Wifi network.
The whole thing gets further confused by the change from Sys V Init to systemd. I am actually not sure if hostapd starts up at all (suddenly I understand why some people have made their own Debian fork to stay with Sys V Init)

Any idea?

[Samarler]

Better late than never - TinkerOS_Debian V1.9 (Beta version) contains the necessary kernel options for masquerading 

Have you had any succes?

I am stuck right now: Iptables does not report any errors anymore but when I try to set up the board as a Wifi-router (using TinkerOS_Debian V2.0.1), I can't get hostapd working. It never manages to create the Wifi network.
The whole thing gets further confused by the change from Sys V Init to systemd. I am actually not sure if hostapd starts up at all (suddenly I understand why some people have made their own Debian fork to stay with Sys V Init)

Any idea?

I'm running TinkerOS_Debian V2.0.1 with hostapd with a USB WiFi adapter and it seems to work, I did have to recompile the kernel to add the USB WiFi support and install firmware for my adapter. I am having speed issues, my connection to the internet through the wireless is extremely slow, especially when compared to what I get using the same USB WiFi adapter on my PI 3. 

Have you had any success getting hostapd running? If so, how is your's running?

[bb8x]

Better late than never - TinkerOS_Debian V1.9 (Beta version) contains the necessary kernel options for masquerading 

Have you had any succes?

I am stuck right now: Iptables does not report any errors anymore but when I try to set up the board as a Wifi-router (using TinkerOS_Debian V2.0.1), I can't get hostapd working. It never manages to create the Wifi network.
The whole thing gets further confused by the change from Sys V Init to systemd. I am actually not sure if hostapd starts up at all (suddenly I understand why some people have made their own Debian fork to stay with Sys V Init)

Any idea?

I'm running TinkerOS_Debian V2.0.1 with hostapd with a USB WiFi adapter and it seems to work, I did have to recompile the kernel to add the USB WiFi support and install firmware for my adapter. I am having speed issues, my connection to the internet through the wireless is extremely slow, especially when compared to what I get using the same USB WiFi adapter on my PI 3. 

Have you had any success getting hostapd running? If so, how is your's running?

Just upgraded to 2.03 - but same issue with hostapd. I need to dig more into it.

[SurferTim]

I'm running v2.03 with hostapd working. This is the setup I use.
I have my Tinker Board working as an AP.

Insure your OS is up to date with this or Synaptic.

Code:

sudo apt-get update
sudo apt-get upgrade

Install the dnsmasq module.

Code:

sudo apt-get install dnsmasq

Add this to /etc/network/interfaces

Code:

auto wlan0
allow-hotplug wlan0

iface wlan0 inet manual

Edit /etc/rc.local and add this just above "exit 0".

Code:

ip addr add 192.168.4.1/24 broadcast 192.168.4.255 dev wlan0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

The /etc/dnsmasq.conf file

Code:

interface=wlan0
dhcp-range=192.168.4.20,192.168.4.100,255.255.255.0,12h

The /etc/hostapd/hostapd.conf file

Code:

interface=wlan0
driver=nl80211
ssid=TinkerNet
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=mypassphrase
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

Edit /etc/default/hostapd, uncomment and change this:

Code:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Edit /etc/sysctl.conf and uncomment

Code:

net.ipv4.ip_forward=1

reboot

You can check everything is running ok with this

Code:

sudo service hostapd status
sudo service dnsmasq status

Both should show active (running).

Edit: The nat works with v2.03.