use ubuntu as router + wifi spot

[xmagixx]

hi there!
i got this machine i wanted to use as gateway/router and wifi shareing
i tried numerous guides i can find on this forum and by google and none of them works
i can get so far as getting a ip on another machine with lan cable but no internet access

eth0 LAN
eth1 WAN
wlan0 Wireless
br0 wlan0 + eth0

Code:

 # This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

#MY BROKEN INTERFACE (3com on-board)
#auto eth0
#iface eth0 inet dhcp
#pre-up iptables-restore < /etc/iptables.conf

# Gateway 
# You should set this to DHCP if your cable/DSL ISP provides it.
# the "pre-up" command brings up the iptables "firewall"
# it is just set to static for testing purposes.  see eth0 for DHCP setup.
auto eth1
iface eth1 inet dhcp
pre-up iptables-restore < /etc/iptables.conf

#Wireless Setup
auto wlan0
iface wlan0 inet manual
wireless-mode master
# CHANGE ME!!! to your own ESSID
wireless-essid ubuntuwireless

#Bridge interface
auto br0
iface br0 inet static
    address 10.1.1.1
    network 10.1.1.0
    netmask 255.255.255.0
    broadcast 10.1.1.255
    bridge-ports eth0 wlan0

atm i got a bridge between eth0 & wlan0
on that bridge i got dhcp running and it works on hte cable side, can't find the network wireless ???
anyway i got no internet on cable LAN side BUT i got internet on the server "as i'm writeing this from it now"

please say if you want some infomations or anything that could help me

[YesWeCan]

Hi. Would you post the outputs of:
route -n
sudo iptables-save
cat /proc/sys/net/ipv4/ip_forward

[xmagixx]

Hi. Would you post the outputs of:
route -n
sudo iptables-save
cat /proc/sys/net/ipv4/ip_forward

route -n

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
82.211.225.128  0.0.0.0         255.255.255.128 U     0      0        0 eth1
10.0.1.0        0.0.0.0         255.255.255.0   U     0      0        0 br0
0.0.0.0         82.211.225.129  0.0.0.0         UG    100    0        0 eth1

iptables-save

Code:

# Generated by iptables-save v1.4.4 on Sat Jul 24 01:08:59 2010
*nat
:PREROUTING ACCEPT [267:46322]
:POSTROUTING ACCEPT [102:7399]
:OUTPUT ACCEPT [102:7399]
-A POSTROUTING -s 10.0.1.0/24 -o eth1 -j MASQUERADE 
COMMIT
# Completed on Sat Jul 24 01:08:59 2010
# Generated by iptables-save v1.4.4 on Sat Jul 24 01:08:59 2010
*filter
:INPUT ACCEPT [1540:190242]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1239:397073]
-A FORWARD -s 10.0.1.0/24 -o eth1 -j ACCEPT 
-A FORWARD -d 10.0.1.0/24 -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT 
COMMIT
# Completed on Sat Jul 24 01:08:59 2010

cat /proc/sys/net/ipv4/ip_forward

Code:

1

[YesWeCan]

Try
POSTROUTING -o eth1 -j MASQUERADE

The thing is a bridge interface is not a real interface. So it does not do anything to the IP addresses or subnets of the interfaces it merges. So I think telling iptables to only NAT packets of source 10.0.1.0/24 won't work because there are no such packets. The packets keep their original eth0 and wlan0 source IP addresses.
That's what I think is the issue.

Similarly, I guess your forward rules aren't quite right. I don't think this matters at the moment because your iptables are set up to forward everything anyway.
I'm not sure but I think your forward rules might be better as:
FORWARD -i br0 -o eth1 -j ACCEPT
FORWARD -i eth1 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
FORWARD -j DROP

The universal drop at then end stops your server forwarding everything by default. Now it only forwards packets from br0 or replies to br0. Without this drop the preceding rules don't have any effect because any packet that does not meet them gets forwarded anyhow.

At some stage you may want to set up a proper firewall with INPUT rules: https://help.ubuntu.com/community/IptablesHowTo