BBAI: iptables: git pull times out, 443

MackTuesday · January 19, 2022, 11:37pm

The name server resolves URLs but git pull times out with error 443. ping times out for google, mozilla, and wikipedia.

Edit: Failed to mention this is Beaglebone AI.

Second Edit: The first line up there used to give the full URLs, but as a new user I’m not allowed to put more than two “links” in my post, and the editor insists on turning the URLs into links. Nothing I can do about it.

iptables -S gives

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i wlan0 -o SoftAp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i SoftAp0 -o wlan0 -j ACCEPT

ifconfig gives

SoftAp0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.8.1  netmask 255.255.255.0  broadcast 192.168.8.255
        inet6 fe80::5251:a9ff:fe98:2cc2  prefixlen 64  scopeid 0x20<link>
        ether 50:51:a9:98:2c:c2  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 41  bytes 7629 (7.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=-28669<UP,BROADCAST,MULTICAST,DYNAMIC>  mtu 1500
        ether 50:51:a9:98:2c:c2  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 126

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 78496  bytes 8509890 (8.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 78496  bytes 8509890 (8.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

usb0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.7.2  netmask 255.255.255.252  broadcast 192.168.7.3
        inet6 fe80::5251:a9ff:fe98:2cc5  prefixlen 64  scopeid 0x20<link>
        ether 50:51:a9:98:2c:c5  txqueuelen 1000  (Ethernet)
        RX packets 691  bytes 83176 (81.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 872  bytes 153056 (149.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

usb1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.6.2  netmask 255.255.255.252  broadcast 192.168.6.3
        inet6 fe80::5251:a9ff:fe98:2cc7  prefixlen 64  scopeid 0x20<link>
        ether 50:51:a9:98:2c:c7  txqueuelen 1000  (Ethernet)
        RX packets 8719  bytes 2336450 (2.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7811  bytes 2212950 (2.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=-28605<UP,BROADCAST,RUNNING,MULTICAST,DYNAMIC>  mtu 1500
        inet 10.0.5.4  netmask 255.255.248.0  broadcast 10.0.7.255
        inet6 fe80::c2e4:34ff:fe2d:c455  prefixlen 64  scopeid 0x20<link>
        ether c0:e4:34:2d:c4:55  txqueuelen 1000  (Ethernet)
        RX packets 125  bytes 11502 (11.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 277  bytes 29223 (28.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Help please?

RobertCNelson · January 20, 2022, 12:04am

I eventually gave up doing this by hand, now days i just let connmanctl figure it out. .

Here’s part of that old script…

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -w -t nat -A POSTROUTING -o wlan0 -j MASQUERADE || true
iptables -w -A FORWARD -i wlan0 -o SoftAp0-m state --state RELATED,ESTABLISHED -j ACCEPT || true
iptables -w -A FORWARD -i SoftAp0 -o wlan0 -j ACCEPT || true

Regards,

MackTuesday · January 20, 2022, 12:44am

Thanks, but this doesn’t work. The second and third iptables lines you give add entries to my iptables -S that were already there, as you can see from my post. The first line doesn’t add anything.

I did insert a space between “SoftAp0” and “-m” in the script you gave.

iptables -S now gives

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i wlan0 -o SoftAp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i SoftAp0 -o wlan0 -j ACCEPT
-A FORWARD -i SoftAp0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o SoftAp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i SoftAp0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o SoftAp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i SoftAp0 -o wlan0 -j ACCEPT

Entries appear three times because two of the lines were already there. Then I ran the script, tried the ping to see that it still failed, then tried sourcing the script. I guess it added the lines both times.