Networking (Anymal)
An overview of the ANYmal's network configuration.
| Host / role | Address | Notes |
|---|---|---|
| Laptop (wifi) | 192.168.123.x |
DHCP from the router |
| OpenWRT router – wifi side | 192.168.123.1 |
laptop's default gateway on wifi |
| OpenWRT router – robot side | 192.168.0.1 |
robot's default gateway |
Robot LPC (anymal-d172-lpc) |
192.168.0.68 |
locomotion PC, gateway 192.168.0.1
|
Robot NPC (anymal-d172-npc) |
192.168.0.69 |
wired enp0s31f6, gateway 192.168.0.1
|
Connecting to the robot should be straightforward:
- Connect your computer to
anymal-d172-wifi ssh integration@192.168.0.68
However, if you want to have wired internet while being connected to the robot's wifi, it blocks. This is because the robot subnet 192.168.0.0/24 lives behind 192.168.123.1. Without an explicit route, the laptop's eth0 default route hijacks all 192.168.0.x traffic, so the robot is only reachable with ethernet unplugged.
Fix: route the robot subnet via the wifi router. Make it permanent in NetworkManager on the wifi profiles:
nmcli connection modify "anymal-d172-wifi-2.4" +ipv4.routes "192.168.0.0/24 192.168.123.1"
nmcli connection modify "anymal-d172-wifi" +ipv4.routes "192.168.0.0/24 192.168.123.1"Note: You can also connect you computer to the robot's ethernet port and set a static IP on the 192.168.0.0/24 subnet.
The robot already routes its internet via 192.168.0.1 (the router). The router, however, sends internet traffic to the dead 192.168.0.5. To share the laptop's internet we just repoint the router's default route at the current laptop.
anymal-share-internet.sh (run on the laptop) does three things:
-
Laptop NAT —
ip_forward=1,MASQUERADEout the internet interface, and FORWARD rules between the wifi and internet interfaces (idempotent). -
Return route — ensures
192.168.0.0/24is routed via192.168.123.1. -
Router default route — SSHes into OpenWRT and runs
ip route replace default via <this-laptop-ip>.
Interfaces and the laptop IP are auto-detected, so it works from any laptop and nothing laptop-specific is hardcoded in the router.
FULL SCRIPT
#!/bin/bash
#
# Share this laptop's internet with the ANYmal robot over wifi.
#
# Works from ANY laptop: it auto-detects the internet interface and this
# laptop's wifi IP, then tells the OpenWRT router to route the robot's internet
# traffic here. Nothing laptop-specific is hardcoded in the router.
#
# Topology:
# internet <--[WAN]-- [laptop 192.168.123.x] --wifi--> OpenWRT router 192.168.123.1
# | (192.168.0.1)
# +--> robot 192.168.0.0/24
#
# Internet path once running:
# robot -> router(192.168.0.1, default -> this laptop) -> laptop -> WAN -> internet
#
# Usage:
# ./anymal-share-internet.sh # start sharing
# ./anymal-share-internet.sh down # stop sharing (clear router default + NAT)
#
# Requirements: sudo on the laptop, and SSH access to the router (OpenWRT root).
set -euo pipefail
ROUTER_WIFI_IP="192.168.123.1" # router's IP on the wifi (robot) network
ROUTER_USER="root" # OpenWRT SSH user
ROBOT_SUBNET="192.168.0.0/24" # subnet the robot lives on
WIFI_NET_PREFIX="192.168.123." # how we recognise the robot-wifi interface
if [[ $EUID -ne 0 ]]; then
exec sudo "$0" "$@"
fi
# --- auto-detect interfaces / addresses -------------------------------------
LAN_IF=$(ip -o -4 addr show | awk -v p="inet ${WIFI_NET_PREFIX}" '$0 ~ p {print $2; exit}')
if [[ -z "${LAN_IF:-}" ]]; then
echo "Error: not connected to the robot wifi (${WIFI_NET_PREFIX}0/24)." >&2
exit 1
fi
MY_IP=$(ip -o -4 addr show dev "$LAN_IF" | awk '{print $4}' | grep "^${WIFI_NET_PREFIX}" | cut -d/ -f1 | head -1)
# Internet interface = the default route's device that is NOT the robot wifi.
WAN_IF=$(ip route show default | awk -v l="$LAN_IF" '$5 != l {print $5; exit}')
add_rule() { iptables -t "$1" -C "${@:2}" 2>/dev/null || iptables -t "$1" -A "${@:2}"; }
del_rule() { iptables -t "$1" -D "${@:2}" 2>/dev/null || true; }
case "${1:-up}" in
up)
[[ -n "${WAN_IF:-}" ]] || { echo "Error: no internet (no default route besides wifi)." >&2; exit 1; }
echo "Laptop $MY_IP on $LAN_IF | internet via $WAN_IF | router $ROUTER_WIFI_IP"
# 1. Laptop NAT + forwarding (idempotent).
sysctl -wq net.ipv4.ip_forward=1
add_rule nat POSTROUTING -o "$WAN_IF" -j MASQUERADE
add_rule filter FORWARD -i "$LAN_IF" -o "$WAN_IF" -j ACCEPT
add_rule filter FORWARD -i "$WAN_IF" -o "$LAN_IF" -m state --state RELATED,ESTABLISHED -j ACCEPT
# 2. Return route to the robot subnet (usually already set by NetworkManager).
ip route replace "$ROBOT_SUBNET" via "$ROUTER_WIFI_IP" dev "$LAN_IF"
# 3. Point the router's default route at this laptop (runtime, no hardcoding).
ssh "${ROUTER_USER}@${ROUTER_WIFI_IP}" "ip route replace default via ${MY_IP}"
echo "Sharing internet with the robot. (Robot DNS must be set, e.g. 8.8.8.8.)"
;;
down)
del_rule nat POSTROUTING -o "$WAN_IF" -j MASQUERADE
del_rule filter FORWARD -i "$LAN_IF" -o "$WAN_IF" -j ACCEPT
del_rule filter FORWARD -i "$WAN_IF" -o "$LAN_IF" -m state --state RELATED,ESTABLISHED -j ACCEPT
ssh "${ROUTER_USER}@${ROUTER_WIFI_IP}" "ip route del default" 2>/dev/null || true
echo "Stopped sharing. Robot internet route on the router removed."
;;
*)
echo "Usage: $0 [up|down]" >&2; exit 1 ;;
esac./anymal-share-internet.sh # start sharing
./anymal-share-internet.sh down # stop (clears router default + laptop NAT)The router's default route is set at runtime — it lasts until the router reboots / netifd reloads, or until you run down. Re-run after reconnecting.
The middle box is an OpenWRT router with three relevant networks:
| Interface | Zone | Address(es) | Role |
|---|---|---|---|
switch (LAN) |
internal |
192.168.0.1/24, 192.168.1.1/24
|
robot's wired network |
br-isolation |
isolation |
192.168.123.1/24 |
wifi AP that laptops join (DHCP) |
wifi (STA) |
wan |
DHCP (client mode, auto=0) |
router's own uplink to some AP |
cellular |
wan |
ModemManager (LTE, auto=0) |
router's own LTE uplink |
Firewall forwardings: internal↔isolation (both directions) and internal→wan. The isolation zone has forward REJECT and no path to wan — wifi clients are intentionally isolated from the router's own internet. Only the wan zone masquerades. So the robot↔laptop path (internal↔isolation) is not NATed by the router; the laptop sees the robot's real source 192.168.0.69 and does its own MASQUERADE.
