Problems with Ethernet sharing to a device

Ask Fedora
, , ,
1

Good day to all

Purchase the following device, LED Signal Tower (https://www.patlite.com/product/detail0000000651.html).
The device needs 802.3af POE, so purchase a POE Injector (TL-POE150S | Inyector PoE | TP-Link México).

But where the LED Signal Tower device will be installed there is no Ethernet network, but there is a computer (Fedora KDE 39) with an Ethernet port, and it also has Wi-Fi, so my idea was to make a bridge or NAT between the Wi-Fi and the Ethernet port, but I have not been able to achieve it. The tutorials I have found do not work and are relatively old. I also tried to configure the Ethernet network with the “Share with other computers” option, but it did not work.
The only thing I managed to achieve is that from the computer with Fedora 39 I can connect to the LED signal tower, but from another computer (in this case with Windows) I could not.

Attached diagram

POE
POE785×340 30.1 KB

The idea of all this is to be able to access the LED signal tower from any computer connected to the network.

Can anyone help me with the correct configuration or how to do it in Fedora 39?

Thank you in advance

Regards

2

There are technical limitations for bridging on Wi-Fi networks, but you can still provide routed access or set up port forwarding.

Connection sharing works as restrictive NAT by default and should be reconfigured in order to allow your LAN clients access the shared network:

sudo tee /etc/NetworkManager/conf.d/00-local.conf << EOF > /dev/null
[main]
firewall-backend=none
EOF
sudo systemctl restart NetworkManager.service
sudo firewall-cmd --permanent --new-policy=shared-lan
sudo firewall-cmd --permanent --policy=shared-lan --set-target=ACCEPT
sudo firewall-cmd --permanent --policy=shared-lan --add-ingress-zone=nm-shared
sudo firewall-cmd --permanent --policy=shared-lan --add-egress-zone=FedoraWorkstation
sudo firewall-cmd --permanent --policy=shared-lan --add-masquerade
sudo firewall-cmd --permanent --new-policy=lan-shared
sudo firewall-cmd --permanent --policy=lan-shared --set-target=ACCEPT
sudo firewall-cmd --permanent --policy=lan-shared --add-ingress-zone=FedoraWorkstation
sudo firewall-cmd --permanent --policy=lan-shared --add-egress-zone=nm-shared
sudo firewall-cmd --reload

Then add a static route on your LAN router to the shared network via the IP of the Fedora PC.

3

The other workstations must know the IP of the tower.
The AP must be configured to forward all communications for 10.1.2.126 to your host that is connected to the tower
Your host then forwards signals to the tower and provides the connections.
Bridging may not work since you host has an ip in the same subnet as the tower.
It is apparent that all hosts on that network have an address in the 10.1.0.0/16 subnet and having the tower within the same subnet means you must explicitly provide routing at the AP for that specific IP. Your pc also should have a reserved IP so it always remains constant for this to work.

It would be easier to assign the tower an ip in a different subnet (possibly a 192.168.X.0/24 subnet, and assign your ethernet port a fixed IP in that same subnet. Then there would be no confusion with routing. Anything for the 192.168.X.X IP range would be routed to your host IP on the 10.1.0.0 subnet and your host would automatically forward it to the tower via ethernet.
Again, it is a routing issue and not a bridging issue.

When fedora is installed as a workstation it is automatically set for forwarding of traffic.

$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

the 1 means forwarding is enabled so anything coming in one port that is addressed to a network on another port is always forwarded.