[WLANware] Freifunk 1.6.29, dhcp-splash, and natting
Jan Groenewald
jan at aims.ac.za
Fri Jul 25 19:25:36 CEST 2008
Hi
I run a 30 node freifunk mesh network.
Each node has LAN (all 5 ports) DHCP and OLSR-DHCP.
The LAN and the WLAN is unnatted into the mesh.
The WLAN (OLSR-DHCP) is on the same subnet.
ADSL -ethernet- Linuxrouter -ethernet- mesh-gw-node -w-i-r-e-l-e-s-s-
all other mesh nodes.
172.18.0.0 mesh network
172.18.172.1 example node, mask 255.255.0.0
172.18.172.10 to 172.18.172.14 example node's WLAN, mask 255.255.255.240
192.168.172.2 to 192.168.172.6 example node's LAN
In /etc/init.d/S45firewall I unnat:
jan at osprey:~/freifunk$ cat S45firewall-wannat.patch
--- S45firewall 2008-03-07 12:43:51.000000000 +0200
+++ S45firewall.gw 2008-03-07 12:43:55.000000000 +0200
@@ -58,6 +58,8 @@
iptables -t nat -A POSTROUTING -o $WIFIDEV -s $LANNET/$LANPRE -j MASQUERADE
fi
+WANOLSR="dontnat"
+
if [ -n "$WANDEV" ]; then
if [ -z "$WANOLSR" ]; then
# Mask packets to WAN
jan at osprey:~/freifunk$ cat S45firewall-wlannat.patch
--- S45firewall-25 2008-03-07 12:43:55.000000000 +0200
+++ S45firewall 2008-03-07 12:43:51.000000000 +0200
@@ -43,15 +43,15 @@
# Accept fragments
iptables -I INPUT -f -j ACCEPT
- # Mask packets from these WLAN DHCP clients, so they can do inet w/o OLSR
- ENTS=$(nvram get ff_wldhcp)
- IFS=\;
- for ENT in $ENTS; do
- NET=${ENT%[:,]*}
- MSK=${ENT#*[:,]}
- iptables -t nat -A POSTROUTING -s $NET -j MASQUERADE
- done
- unset IFS
+# # Mask packets from these WLAN DHCP clients, so they can do inet w/o OLSR
+# ENTS=$(nvram get ff_wldhcp)
+# IFS=\;
+# for ENT in $ENTS; do
+# NET=${ENT%[:,]*}
+# MSK=${ENT#*[:,]}
+# iptables -t nat -A POSTROUTING -s $NET -j MASQUERADE
+# done
+# unset IFS
if [ -z "$LANOLSR" ] && [ "$(nvram get ff_nonat)" != "1" ]; then
# Mask packets from LAN to WIFI
The stanza commented out makes sure the WLAN (OLSR-DHCP) is not natted.
The one-liner WANOLSR="dontnat" is just for the gateway node so it doesn't nat.
Perhaps this is a terrible way to unnat. Let me know. It has worked
great so far.
Why do I unnat?
Outside the gw node is my Linux router before the ADSL router, and the Linux
router knows all these IPs and does some routing, bandwidth management, etc.
This has worked fine up to 1.6.28 (from many versions ago). Two or
three versions
ago I started playing with dhcpsplash which has worked OK as well. We
use dhcpsplash
and wanted to extend it's use even further to the agreement and
location specific splash pages.
But now, after upgrading to 1.6.29 the routers mysteriously start
natting again...
so the IPs which are allowed to use the smtp server (yes, smtp-auth
will follow in some weeks
or months, it cannot come immediately) are now not allowed to use the
SMTP server.
And the accounting on the mesh-gateway-node starts to show only the
router IPs of each
node, not the laptop (connected by wire or wirelessly via OLSR-DHCP),
whereas we would
like to know those IPs on the linux router.
I found this in crontab:
0-59/10 * * * * /usr/sbin/cron.dhcpsplash
Which runs a /etc/init.d/S70dhcpsplash
Which is doing some natting and more.
Something must have changed from 1.6.28 to 1.6.29
in freifunk-dhcpsplash-en ?
Can someone suggest a solution for me?
A better way to unnat with some nvram variables, or an easy way
to prevent the dhcpsplash interfering, as I do want to use that.
regards,
Jan
www.muizenmaze.za.org/drupal5/
More information about the WLANware
mailing list