Bridge (br0) not forwarding packets (RPi)

Question

I'm currently in the middle of an LTE network project. I have two wwan interfaces (wwan0.1 and wwan0.2) and two Ethernet interfaces (eth0 and eth1). These interfaces are configured as shown below:

                       +-------------------------------------------------------------------------------------+ 
                       | Raspberry Pi                                                                        |
                       |    +------------------+    +-----+    +-----+    +-----+                            |
 +----------------+    |    |  +------------+  |    |     |    |     |    |     |    +-------------------+   |
 |  PC 1          |    |    |  |            |  |    |     |    |     |    |     |    | WWAN0.1 (Private) |   | 
 |  DHCP          |----+----+--|    ETH0    |  |    |     |    |     |    |     |<-->| Static            |   | 
 |  192.18.1.123  |    |    |  |            |  |    |  E  |    |  D  |    |  I  |    | 10.16.ppp.ppp     |   |
 +----------------+    |    |  +------------+  |    |  B  |    |  N  |    |  P  |    +-------------------+   |
                       |    |                  |    |  T  |    |  S  |    |     |                            |
                       |    |       BR0        |<-->|  A  |<-->|  M  |<-->|  R  |                            |
                       |    |                  |    |  B  |    |  A  |    |  O  |                            |
 +----------------+    |    |  +------------+  |    |  L  |    |  S  |    |  U  |    +-------------------+   |
 |  PC 2          |    |    |  |            |  |    |  E  |    |  Q  |    |  T  |    | WWAN0.1 (Public)  |   |
 |  DHCP          |----+----+--|    ETH1    |  |    |  S  |    |     |    |  E  |<-->| DHCP              |   |
 |  192.18.1.169  |    |    |  |            |  |    |     |    |     |    |     |    | 10.xxx.xxx.xxx    |   |
 +----------------+    |    |  +------------+  |    |     |    |     |    |     |    +-------------------+   |
                       |    +------------------+    +-----+    +-----+    +-----+                            |
                       |                                                                                     |
                       +-------------------------------------------------------------------------------------+

The following works:

From the RPi I can ping a server on the private network wwan0.1
From the RPi I can ping a server on the public network wwan0.2
PC1 and PC2 are allocated an IP address from DNSMasq (via br0)
From PC1 I can ping PC2
From PC2 I can ping PC1
From PC1 and PC2, I can ping the RPi (192.168.1.1)
From PC1 and PC2, I can connect to the RPi via SSH (192.168.1.1)

However the following does not work:

I cannot ping anything on the private or public networks from PC1
I cannot ping anything on the private or public networks from PC2

Here is my current setup

brctl

brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.0050b69c9bf5       no              eth0
                                                        eth1

ebtables

Bridge table: filter

Bridge chain: FORWARD, entries: 4, policy: DROP
-p IPv4 -j ACCEPT
-p ARP -j ACCEPT
-j ACCEPT
--log-level info --log-prefix "EBFW" --log-ip -j CONTINUE

Bridge chain: INPUT, entries: 4, policy: DROP
-p IPv4 -j ACCEPT
-p ARP -j ACCEPT
-j ACCEPT
--log-level info --log-prefix "EBFW" --log-ip -j CONTINUE

Bridge chain: OUTPUT, entries: 4, policy: DROP
-p IPv4 -j ACCEPT
-p ARP -j ACCEPT
-j ACCEPT
--log-level info --log-prefix "EBFW" --log-ip --log-arp -j DROP

sysctl.conf

net.ipv4.ip_forward=1
net.ipv4.conf.br0.bc_forwarding=1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

ip route

default dev wwan0.2 scope link
10.16.ppp.ppp/30 dev wwan0.1 proto kernel scope link src 10.16.ppp.ppp
10.xxx.xxx.xxx/29 dev wwan0.2 proto kernel scope link src 10.xxx.xxx.xxx
10.10.124.0/24 dev wwan0.1 scope link
10.100.0.0/22 dev wwan0.1 scope link
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1

Anyone know what the missing piece is?

Cheers,

Lee

A.B · Accepted Answer · 2020-06-30 14:02:05Z

You probably miss the NAT part, as would require any router routing between a LAN using private IP addresses on one side and public IP addresses on the other side.

Something as simple as:

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o wwan+ -j MASQUERADE

If you have total control of the wwan and its remote side too, one could imagine the remote devices on the private part (wwan0.1) could receive direct routes to 192.168.1.0/24 via 10.16.ppp.ppp instead of using NAT on the RPi, but the possibility to do that would depend on how the communication is implemented.

Stack Exchange Network

Bridge (br0) not forwarding packets (RPi)

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
networking
bridge
forwarding
.

Hot Network Questions

Bridge (br0) not forwarding packets (RPi)

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged networkingbridgeforwarding.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
networking
bridge
forwarding
.