No reverse Internet traffic on tethering interface

Didko · February 7, 2021 at 10:38 PM

Hi,

I'm running LibreELEC (official): 9.2.6 on Raspberry Pi 3 Model B Rev 1.2.

I have an STB next to my RPi which doesn't have Wi-Fi, so I want to share Internet to it through the Ethernet interface of the RPi.

My home network is 192.168.1.0/24

The tethered network is 192.168.0.0/24

The device behind the RPi is getting IP and can reach ALL devices in the LAN. However, there is no Internet access and the problem seems to be in the RPi which for some reason is not passing back the returning traffic to the tether/eth0.

I installed the network tools addon and I ran tcpdump. The NAT is working properly. I see that the returning traffic from the Internet is hitting wlan0, but is not going out through eth0/tether.

Here are some outputs:

Code

LibreELEC:~ # ifconfig
eth0      Link encap:Ethernet  HWaddr B8:27:EB:34:8B:DB
          inet6 addr: fe80::ba27:ebff:fe34:8bdb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5191 errors:0 dropped:5 overruns:0 frame:0
          TX packets:805 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:462630 (451.7 KiB)  TX bytes:404655 (395.1 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:679 errors:0 dropped:0 overruns:0 frame:0
          TX packets:679 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:80984 (79.0 KiB)  TX bytes:80984 (79.0 KiB)

tether    Link encap:Ethernet  HWaddr B8:27:EB:34:8B:DB
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::c014:8fff:fe7e:85b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5186 errors:0 dropped:0 overruns:0 frame:0
          TX packets:764 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:462400 (451.5 KiB)  TX bytes:383185 (374.2 KiB)

wlan0     Link encap:Ethernet  HWaddr B8:27:EB:61:DE:8E
          inet addr:192.168.1.10  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8812 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10624 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1479792 (1.4 MiB)  TX bytes:2081414 (1.9 MiB)

Display More

Code

LibreELEC:~ # iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
connman-POSTROUTING  all  --  anywhere             anywhere

Chain connman-POSTROUTING (1 references)
target     prot opt source               destination
MASQUERADE  all  --  192.168.0.0/24       anywhere

Display More

Code

LibreELEC:~ # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Display More

Code

LibreELEC:~ # tcpdump -i tether -n -nn host 1.1.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tether, link-type EN10MB (Ethernet), capture size 262144 bytes
00:19:23.103098 IP 192.168.0.3 > 1.1.1.1: ICMP echo request, id 1, seq 211, length 40
00:19:27.729353 IP 192.168.0.3 > 1.1.1.1: ICMP echo request, id 1, seq 212, length 40
00:19:32.732445 IP 192.168.0.3 > 1.1.1.1: ICMP echo request, id 1, seq 213, length 40
^C
3 packets captured

Code

LibreELEC:~ # tcpdump -i wlan0 -n -nn host 1.1.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
00:19:42.731694 IP 192.168.1.10 > 1.1.1.1: ICMP echo request, id 1, seq 215, length 40
00:19:42.747546 IP 1.1.1.1 > 192.168.1.10: ICMP echo reply, id 1, seq 215, length 40
00:19:42.747647 IP 192.168.1.10 > 1.1.1.1: ICMP time exceeded in-transit, length 68
00:19:47.745308 IP 192.168.1.10 > 1.1.1.1: ICMP echo request, id 1, seq 216, length 40
00:19:47.759697 IP 1.1.1.1 > 192.168.1.10: ICMP echo reply, id 1, seq 216, length 40
00:19:47.759917 IP 192.168.1.10 > 1.1.1.1: ICMP time exceeded in-transit, length 68

As you can see in the end, for some reason the RPi returns TTL expired and can't send the traffic back to the tether... And this is happening only for Internet IP Addresses. Pinging my edge router - 192.168.1.1 works just fine.

zeolo · February 10, 2021 at 7:41 PM

What is the output of the command : route

Code

route 
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    0      0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
_gateway        0.0.0.0         255.255.255.255 UH    0      0        0 wlan0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 tether

Do you have that ?