Skip to first unread message
ferdster
Feb 13, 2018, 4:58:06 PM2/13/18
to BeagleBoard
Hi,
Using the latest "Debian 9.3 2018-01-28 4GB SD IoT", I'd like to disable routing between any of the interfaces. If I have wlan0 configured to connect to the internet, I don't want being connected to the SoftAP to give me internet access. I plan to install a 4G module and I definitely don't want the BB to become an internet access point. I just want to use the SoftAP as an easy way to access the BB (ssh and web).
Thanks.
Robert Nelson
Feb 13, 2018, 5:02:40 PM2/13/18
to Beagle Board, Ferdi Tjandra
ferdster
Feb 13, 2018, 6:10:23 PM2/13/18
to BeagleBoard
If I set TETHER_ENABLED=no, then I lose the SoftAP interface completely. I still want the SoftAP, I just don't want data to be routed between the SoftAP and wlan0 (or 4G or USB eth0, etc).
I am not very familiar with it, but is it something in iptables? Initially it was:
debian@beaglebone:~$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i wlan0 -o SoftAp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i SoftAp0 -o wlan0 -j ACCEPT
I tried removing the last two lines to make it:
debian@beaglebone:~$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
But, that still didn't stop internet access while connected to the SoftAP.
Thanks.
Robert Nelson
Feb 13, 2018, 6:15:53 PM2/13/18
to Beagle Board
On Tue, Feb 13, 2018 at 5:10 PM, ferdster <ftja...@gmail.com> wrote:
> If I set TETHER_ENABLED=no, then I lose the SoftAP interface completely. I
> still want the SoftAP, I just don't want data to be routed between the
> SoftAP and wlan0 (or 4G or USB eth0, etc).
>
> I am not very familiar with it, but is it something in iptables? Initially
> it was:
> debian@beaglebone:~$ sudo iptables -S
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
> -A FORWARD -i wlan0 -o SoftAp0 -m state --state RELATED,ESTABLISHED -j
> ACCEPT
> -A FORWARD -i SoftAp0 -o wlan0 -j ACCEPT
>
> I tried removing the last two lines to make it:
> debian@beaglebone:~$ sudo iptables -S
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
>
> But, that still didn't stop internet access while connected to the SoftAP.
i think..
> If I set TETHER_ENABLED=no, then I lose the SoftAP interface completely. I
> still want the SoftAP, I just don't want data to be routed between the
> SoftAP and wlan0 (or 4G or USB eth0, etc).
>
> I am not very familiar with it, but is it something in iptables? Initially
> it was:
> debian@beaglebone:~$ sudo iptables -S
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
> -A FORWARD -i wlan0 -o SoftAp0 -m state --state RELATED,ESTABLISHED -j
> ACCEPT
> -A FORWARD -i SoftAp0 -o wlan0 -j ACCEPT
>
> I tried removing the last two lines to make it:
> debian@beaglebone:~$ sudo iptables -S
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
>
> But, that still didn't stop internet access while connected to the SoftAP.
iptables -A INPUT -i SoftAp0 -p tcp ! --dport 22 -j DROP
then you can ssh into SoftAP0...
ferdster
Feb 13, 2018, 6:28:16 PM2/13/18
to BeagleBoard
That works if I only wanted SSH, but I still want to be able to access the webserver on the BB.
If I add another rule for port 80, we're back to square one where it routes incoming web requests on SoftAP to wlan0.
Reply all
Reply to author
Forward
0 new messages