2

I cannot get internet access from a pizero connected via USB to a pi3 connected via ethernet.

        usb0 +---+
                 |
                 |
                 |
+------+    +---+|   +------+
|ROUTER+----+PI3+v---+PIZERO|
+------+    +---+    +------+
          +-^
          |
          +
         eth0

I tried to compile info from these articles to get where I am:

pi3 and piZero are running Raspbian Jessie Lite 2017-01-11. The Pi Zero was setup for headless OTG with the method described here: https://gist.github.com/gbaman/975e2db164b3ca2b51ae11e45e8fd40a#file-howtootgfast-md

I now have:

1 - pi3 configured with static ips (able to reach internet)

pi3 :: /etc/dhcpcd.conf

[...]
nohook lookup-hostname

# Static IP for ethernet access
interface eth0
static ip_address=192.168.178.77/24
static routers=192.168.178.1
static domain_name_servers=192.168.178.1

# Subnet for usb0 (where the piZero is plugged)
interface usb0
static ip_address=10.0.11.1/24

2 - pi3 able to do ipv4 fwd

pi3 :: /etc/sysctl.conf

[...]
net.ipv4.ip_forward=1
[...]

3 - pi3 firewall set up to allow eth0 / usb0 communication

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE  
sudo iptables -A FORWARD -i eth0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT  
sudo iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT

The output of the rules has been saved into a file automatically loaded by rc.local. This is the result of iptable-save after each reboot:

# Generated by iptables-save v1.4.21 on Mon Feb 13 12:01:27 2017

*nat
:PREROUTING ACCEPT [30:2521]
:INPUT ACCEPT [24:2233]
:OUTPUT ACCEPT [30:2616]
:POSTROUTING ACCEPT [19:1581]
-A POSTROUTING -o eth0 -j SNAT --to-source 192.168.178.77
-A POSTROUTING -o eth0 -j SNAT --to-source 192.168.178.77
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Feb 13 12:01:27 2017
# Generated by iptables-save v1.4.21 on Mon Feb 13 12:01:27 2017
*filter
:INPUT ACCEPT [339:38929]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [293:33013]
-A FORWARD -i usb0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i usb0 -o eth0 -j ACCEPT
COMMIT
# Completed on Mon Feb 13 12:01:27 2017

4 - piZero configured with static ips (reachable from pi3 with ssh pi@10.0.11.2 and ssh pi@raspberrypi.local)

piZero :: /etc/dhcpcd.conf

[...]
interface usb0
static ip_address=10.0.11.2
static routers=10.0.11.1
static domain_name_servers=10.0.11.1

Pinging 8.8.8.8 is successful on the PiZero:

$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=55 time=5.43 ms
[...]
--- 8.8.8.8 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5006ms
rtt min/avg/max/mdev = 4.659/4.850/5.435/0.279 ms

But still no access to internet from the PiZero (impossible to ping stackexchange.com or to run apt-get update). Any ideas?

Community
  • 1
xav
  • 123
  • 4

1 Answers1

2

Did you try to ping 8.8.8.8 from the Zero? You told the piZero to use 10.0.11.1 as DNS, but maybe the RPi3 has none setup.

Did you also reboot the RPi3 after enabling ipv4 forward?

Are the iptables rules on the RPi3 still there? (could be that were lost during the the reboot if no persistency is enabled :))

EDIT: After seeing that @xav could ping 8.8.8.8 from piZero, it was proven that Internet Connectivity was there, however no DNS resolution. This was fixed by adding an public DNS server to the network config of the piZero: 

piZero :: /etc/dhcpcd.conf
[...]
interface usb0
static ip_address=10.0.11.2
static routers=10.0.11.1
static domain_name_servers=8.8.8.8

After an reboot of the piZero, it worked.

However, the piZero is not reachable from the main network 192.168.178.x due to the fact that the pcs in the main network do not know of the route to the piZero via the RPi3

nmaas87
  • 126
  • 5
  • Thanks for looking into this! Please see edit on the OP. – xav Feb 13 '17 at 12:56
  • Perfect, you got internet access working, only your DNS does not work. Please change PiZeros static domain_name_servers=10.0.11.1 to static domain_name_servers=8.8.8.8 and reboot the PiZero :). Then it should work :)! – nmaas87 Feb 13 '17 at 13:01
  • ... and after this change and a reboot it works :) :) !!!!! Thanks a million, could not find the full process anywhere for debian jessie! – xav Feb 13 '17 at 13:06
  • But the piZero doesn't seem to be directly accessible (ssh pi@10.0.1.2) from other computers in the network. Do I need to do something that make the 10.0.1.0 subnet visible? – xav Feb 13 '17 at 14:01
  • The piZero is on a complete different subnet. Your pc i.e. on 192.168.178.x does not now anything about the 10.0.11.x subnet. Whenever a pc does not know how to reach another system, it asks the default router, which is for your pc 192.168.178.1. And as the 10.0.0.0/8 ip range is a private net, which is not allowed to be used in the internet, your router will drop these packets. You need to make so called static routes on your pc and your rpi3 to make this happen. You have to tell your pc that RPi3 is the router for the 10.0.11.x net. – nmaas87 Feb 13 '17 at 14:27
  • 2
    It's great that you guys solved the problem. It looks like there's quite a lot of information in the comments, rather than in the answer itself. It's worth bearing in mind that [comments are temporary things](http://stackoverflow.com/help/privileges/comment), and the information's likely to survive longer (and score more points!) if it's moved into the body of the answer. It would be useful if you could do a quick review of your findings and edit them in. – goobering Feb 13 '17 at 15:23