Linux/Android devices connected by WiFi require iptables to add NEW state in FORWARD chain for external interface to connect to internet

Artur

2/20/23, 1:21 PM

Iptables rule for external interface (ens33 has a public IP):

iptables -A FORWARD -i ens33 -m state --state ESTABLISHED,RELATED -j ACCEPT

allows access to internet for all computers connected to wired LAN and Windows laptops connected by a wireless Access Point. But Android smartphones and Linux laptops connected by the same WiFi AP have a problem "connected, but no internet" - they have access to all local computers, but not to internet. If I change above rule to:

iptables -A FORWARD -i ens33 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT

then all devices have access to internet.

Why do Linux/Android wireless devices require adding a "NEW" state to connect to internet?

Here is a complete iptables script: iptables_tests.sh

Networks in the script:

10.215.121.0 - our internal network for all devices, wired and wireless

10.121.216.0 - our VPN network for remote workers

10.171.172.0 - second company network, VPN tunnel 1

10.10.3.19 - third company server, VPN tunnel 2

0 + 0

linux

wifi

iptables

android

Artur

3/17/23, 3:03 PM

I left a new rule "FORWARD ... NEW" as it is above - I don't like this, but I have no idea, what better configuration could I use.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Linux/Android devices connected by WiFi require iptables to add NEW state in FORWARD chain for external interface to connect to internet

TH: อุปกรณ์ Linux/Android ที่เชื่อมต่อด้วย WiFi ต้องการ iptables เพื่อเพิ่มสถานะใหม่ใน FORWARD chain สำหรับอินเทอร์เฟซภายนอกเพื่อเชื่อมต่อกับอินเทอร์เน็ต

RO: Dispozitivele Linux/Android conectate prin WiFi necesită iptables pentru a adăuga stare NOUĂ în lanțul FORWARD pentru interfața externă pentru a se conecta la internet

RU: Устройства Linux/Android, подключенные через Wi-Fi, требуют, чтобы iptables добавил состояние NEW в цепочку FORWARD для внешнего интерфейса для подключения к Интернету.

VI: Các thiết bị Linux/Android được kết nối bằng WiFi yêu cầu iptables thêm trạng thái MỚI trong chuỗi FORWARD để giao diện bên ngoài kết nối với internet

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.