ARM WIFI AP mode uses iptables nat forwarding to access the Internet through LAN cable

Compile the kernel to support iptables, forward and nat.

Compile the kernel and use the new kernel to start the arm development board.

Compile the kernel to support iptables
-> Networking support (NET [=y])
  -> Networking options
    -> Network packet filtering framework (Netfilter) (NETFILTER [=y])
      -> IP: Netfilter Configuration.
      
This development board is wired to connect to on the router. The router network segment is 192.168.1.1.
      
First, you need to configure the LAN gateway, DNS, etc., because dhcp has been configured before.
If you are not using the NFS file system, you can do this.
dhclient eth0

uses the NFS file system. Because it is already connected, it will disconnect and re-obtain the IP when executing dhcp. The file system is on NFS, so it will crash.
#Manually set IP
ifconfig eth0 192.168.1.10 netmask 255.255.255.0
#Gateway
route add default gw 192.168.1.1
#DNS
echo nameserver 192.168.1.1 >/etc/resolv.conf      

ping qq.com Test

LAN network is normal and configured.

Manually assign an IP to WLAN0
ifconfig wlan0 192.168.100.1 netmask 255.255.255.0

Start the DHCP service
dhcpd -cf /etc/dhcpd.conf wlan0
Please note that there is a network segment of wlan0 in the DHCP configuration file
cat /etc/dhcpd.conf
subnet 192.168.100.0 netmask 255.255.255.0 {
  range 192.168.100.10 192.168.100.100;
  option domain-name-servers 192.168.1.1,8.8.8.8,8.8.4.4;
  option routers 192.168.100.1;
}

enable wlan0 AP
hostapd -B /etc/myhost apd.conf

key iptables

Compile iptables
download address to download the latest 1.6.1
wget ftp://ftp.netfilter.org/pub/iptables/iptables-1.6.1.tar.bz2
tar xvf iptables-1.6.1.tar.bz2
cd iptables-1.6. 1./configure
--prefix=$PWD/tmp --host=arm-linux

There is an error
checking for libmnl... no
*** Error: No suitable libmnl found. ***
    Please install the 'libmnl' package
    Or consider --disable-nftables to skip
    iptables-compat over nftables support.

There are instructions here. You can remove it. I feel that this has nothing to do with NAT, so I won’t install it./configure
--prefix=$PWD/tmp --host=arm-linux - -disable-nftables
make
libebt_log.c: In function 'brlog_parse':
libebt_log.c:147: error: 'EBT_LOG_IP6' undeclared (first use in this function)
libebt_log.c:147: error: (Each undeclared identifier is reported only once
libebt_log.c:147: error: for each function it appears in.)
libebt_log.c: In function 'brlog_print':
libebt_log.c:174: error: 'EBT_LOG_IP6' undeclared (first use in this function)
make[2]: *** [libebt_log.oo] Error 1
make[2]: Leaving directory `/home/iptables-1.6.1/extensions'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving the directory `/home/iptables-1.6.1'
make: *** [all] Error 2

opened and found no macro definition. Found a
#define EBT_LOG_IP6 0x08 from the LINUX source code
and added it to the libebt_log.c file

make install
cd tmp

Copy libraries and executable files to ARM board
cp lib/* -rfd /home/nfs/fs2440/lib
cp bin/* -rfd /home/nfs/fs2440/usr/bin
cp sbin/* -rfd /home/nfs/ fs2440/usr/bin

Copy the ubunto configuration file to the ARM file system
cp /etc/sysctl.conf /home/nfs/fs2440/etc

edit vi /home/nfs/fs/etc/sysctl.conf
net.ipv4.ip_forward= 1 Remove the # in front to enable kernel forwarding.
After testing, it was found to be invalid.
cat /proc/sys/net/ipv4/ip_forward.
Manually enable
echo "1" > /proc/sys/net/ipv4/ip_forward.

Execute the configuration iptables on ARM
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

/ # iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables v1.4.12.1: Couldn't load target `MASQUERADE': No such file or directory
error, I also tested the 1.4.12 version here

to view the source code iptables-1.4.12.1/iptables/xtables.c +727
#ifndef NO_SHARED_LIBS
    if (!ptr && tryload != XTF_DONT_LOAD && tryload != XTF_DURING_LOAD) {
        ptr = load_extension(xtables_libdir, afinfo->libprefix,
              name, true);

        if (ptr == NULL &&                    tryload
            ==
load target `%s':%sn",
                   name, strerror(errno));
    }
It seems that this will not be executed without using a dynamic library.
void xtables_init(void)
{
    xtables_libdir = getenv("XTABLES_LIBDIR");
    if (xtables_libdir != NULL)
        return;

The solution is to define an XTABLES_LIBDIR variable or compile it into a static one.

Before executing         iptables , set the library
export 192.168.1.1 >/etc/resolv.conf ifconfig wlan0 192.168.100.1 netmask 255.255.255.0 dhcpd -cf /etc/dhcpd.conf wlan0 hostapd -B /etc/myhostapd.conf echo "1" > /proc/sys/net/ ipv4/ip_forward export XTABLES_LIBDIR=/lib/xtables iptables -F iptables -t nat -F iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Finally, put the test image.