How to configure IP forwarding for Android clients?
Staex on Android not only uses the parent node to route the traffic inside MCC network, but also uses it as the default gateway for any other traffic. This tutorial explains how to configure parent node to route the traffic from your Android device to the Internet.
First of all you need to enable IP forwarding on the parent node.
To do that create a file /etc/sysctl.d/01-ip-forward.conf
with the following contents.
net.ipv4.ip_forward=1
This file ensures that IP forwarding is enabled on boot. Then enable IP forwarding manually for the running system like this.
sysctl -w net.ipv4.ip_forward=1
The next step is to setup firewall rules that control how the traffic is forwarded between MCC network and the Internet. We will use Iptables to write these rules. First we install the package that enables the rules on boot.
apt-get install iptables-persistent
dnf install iptables-services
Now we add the following rules to /etc/sysconfig/iptables
.
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.83.0.0/16 -o eth0 -j MASQUERADE
COMMIT
*filter
:FORWARD DROP [0:0]
-A FORWARD -i mcc0 -o mcc0 -j ACCEPT
-A FORWARD -i mcc0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o mcc0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
If the file already contains *nat
or *filter
sections,
add the corresponding rules to the existing sections.
Now use iptables-apply
command to test if the rules are working
without locking yourself out of the server.
iptables-apply < /etc/sysconfig/iptables
# use iptables-restore --test < /etc/sysconfig/iptables
# if iptables-apply is not available
Finally enable system service to apply Iptables rules now and restore them on each boot.
systemctl enable --now netfilter-persistent
systemctl enable --now iptables
Done! Now the parent node will forward the traffic from your Android device to the Internet.