Report comment

Hi Roboberry,

After some further 'tinkling' I have managed to get it to work, but not with just iptables statements below. Here are the changes (just for reference to others and if you think I have done something wrong/unstable).

1. dhcpcd.conf - I needed to comment out the router, domain_name_server and denyinterfaces statements as below. Otherwise I found that the DNS did not work correctly. When logging into the Pi (using xrdp) and using the browser, even though I was connected to the wifi it did not correctly resolve the addresses. I found this when I disabled the wlan0 interface using sudo ifconfig wlan0 down. Once I had done this (even though it was not the solution) I could access the internet using wlan1 so it seems the packets were being routed to the AP?

#denyinterface wlan0

interface wlan0
nohook wpa_supplicant
static ip_address=172.24.1.1/24
#static routers=172.24.1.1
#static domain_name_servers=8.8.8.8

2. iptables-hs was updated as below. Nearly what you had but the extra line I needed to do when I configured the same in Jessie. Not sure what it actually does but it seems to make a difference.

iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE
iptables -A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o wlan1 -j ACCEPT
iptables -t nat -A POSTROUTING -s 172.24.1.1/24 ! -d 172.24.1.1/24 -j MASQUERADE

Note: wlan0 (the AP) is configured with the IP Address 172.24.1.1. (not 172.24.1.50 as per your example).

Anyway, traffic does appear to be routing through now. So hopefully all is good. Happy that the eth0 port cannot route through.

Many thanks for your time and help.

Regards

Keith.