I'm currently in the middle of an LTE network project. I have two wwan interfaces (wwan0.1 and wwan0.2) and two Ethernet interfaces (eth0 and eth1). These interfaces are configured as shown below:
+-------------------------------------------------------------------------------------+
| Raspberry Pi |
| +------------------+ +-----+ +-----+ +-----+ |
+----------------+ | | +------------+ | | | | | | | +-------------------+ |
| PC 1 | | | | | | | | | | | | | WWAN0.1 (Private) | |
| DHCP |----+----+--| ETH0 | | | | | | | |<-->| Static | |
| 192.18.1.123 | | | | | | | E | | D | | I | | 10.16.ppp.ppp | |
+----------------+ | | +------------+ | | B | | N | | P | +-------------------+ |
| | | | T | | S | | | |
| | BR0 |<-->| A |<-->| M |<-->| R | |
| | | | B | | A | | O | |
+----------------+ | | +------------+ | | L | | S | | U | +-------------------+ |
| PC 2 | | | | | | | E | | Q | | T | | WWAN0.1 (Public) | |
| DHCP |----+----+--| ETH1 | | | S | | | | E |<-->| DHCP | |
| 192.18.1.169 | | | | | | | | | | | | | 10.xxx.xxx.xxx | |
+----------------+ | | +------------+ | | | | | | | +-------------------+ |
| +------------------+ +-----+ +-----+ +-----+ |
| |
+-------------------------------------------------------------------------------------+
The following works:
- From the RPi I can ping a server on the private network wwan0.1
- From the RPi I can ping a server on the public network wwan0.2
- PC1 and PC2 are allocated an IP address from DNSMasq (via br0)
- From PC1 I can ping PC2
- From PC2 I can ping PC1
- From PC1 and PC2, I can ping the RPi (192.168.1.1)
- From PC1 and PC2, I can connect to the RPi via SSH (192.168.1.1)
However the following does not work:
- I cannot ping anything on the private or public networks from PC1
- I cannot ping anything on the private or public networks from PC2
Here is my current setup
brctl
brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0050b69c9bf5 no eth0
eth1
ebtables
Bridge table: filter
Bridge chain: FORWARD, entries: 4, policy: DROP
-p IPv4 -j ACCEPT
-p ARP -j ACCEPT
-j ACCEPT
--log-level info --log-prefix "EBFW" --log-ip -j CONTINUE
Bridge chain: INPUT, entries: 4, policy: DROP
-p IPv4 -j ACCEPT
-p ARP -j ACCEPT
-j ACCEPT
--log-level info --log-prefix "EBFW" --log-ip -j CONTINUE
Bridge chain: OUTPUT, entries: 4, policy: DROP
-p IPv4 -j ACCEPT
-p ARP -j ACCEPT
-j ACCEPT
--log-level info --log-prefix "EBFW" --log-ip --log-arp -j DROP
sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.br0.bc_forwarding=1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
ip route
default dev wwan0.2 scope link
10.16.ppp.ppp/30 dev wwan0.1 proto kernel scope link src 10.16.ppp.ppp
10.xxx.xxx.xxx/29 dev wwan0.2 proto kernel scope link src 10.xxx.xxx.xxx
10.10.124.0/24 dev wwan0.1 scope link
10.100.0.0/22 dev wwan0.1 scope link
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
Anyone know what the missing piece is?
Cheers,
Lee