Jump to content

Recommended Posts

Posted

I am trying to solve this issue and would like any suggestions. I have a Fon+ configured as the LAN's DHCP server and AP. My Internet gateway (10.0.0.200/8) is another devices on the LAN. The Fon (10.0.0.1/8) can access the Internet but the clients connected to it wireless cannot access the internet.

while typing up this topic i realized what i was doing wrong. I need to set the client gateway to 10.0.0.200/8.

my question now is, can i tell the Fon to give the clients a default gw of 10.0.0.200 with dnsmasq or some other way? OR is it possible to let the clients get a gw of 10.0.0.1 and have the fon route the traffic to its (the correct) gw?

Posted

Well I'm not exactly sure why it works now.

I was doing some research on iptables. with mine, DNS worked fine so I figured the gateway was ok.

I changed the the FORWARDING line to an -I instead of -A

( but all that does is insert the line instead of appending it so not sure why that changes it but it works now )

#Allows wireless clients to access the internet
iptables -A INPUT -i ath0 -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A OUTPUT -o ath0 -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT
iptables -I FORWARD -i ath0 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#Allow wan to connect via SSH
iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT
iptables -A input_wan -p tcp --dport 22 -j ACCEPT

#Allow wan to open to Webif
iptables -t nat -A prerouting_wan -p tcp --dport 80 -j ACCEPT
iptables -A input_wan -p tcp --dport 80 -j ACCEPT

#Allow wan to open Jasager
iptables -t nat -A prerouting_wan -p tcp --dport 1471 -j ACCEPT 
iptables -A input_wan -p tcp --dport 1471 -j ACCEPT

Posted

I cheated when I was getting into this and just renamed the iptables binary so I knew that it wasn't getting in the way and affecting any testing.

Posted

hmm. my firewall.user config is quite different than yours

I'm running Piranha firmware

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

## -- kismet-drone
iptables -t nat -A prerouting_wan -p tcp --dport 3501 -j ACCEPT
iptables -A input_wan -p tcp --dport 3501 -j ACCEPT

Posted

What do you have running at port 3501?

Looks like you need to add iptables to route the lan packs to the wan.

I haven't tried digininja's suggestion of renaming the iptables binary.

Let us know what you end up doing.

Posted

a kismet server is running on port 3501.

the packets will never getting forward to the WAN. My gateway is on the LAN. I want the clients to send the packets to the fon (10.0.0.1) which then forwards them to the gateway (10.0.0.200)

Posted

Found a solution. Need to add some dnsmasq dhcp options

uci a

dd_list dhcp.lan.dhcp_option="3,192.168.200.3"
uci commit dhcp
#/ect/init.d/dnsmasq restart

will advertise the gateway as 192.168.200.3 thru DHCP

same as adding this to /etc/config/dhcp config dhcp lan

list 'dhcp_option' '3,192.168.200.3'

sources:

http://forum.openwrt.org/viewtopic.php?id=17316

http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html <- read -O switch section

Posted
taiyed14, could you post your dhcp and network config? I have the same setup and still problems with the internet access.

here you go.

network

root@fonzie:~# cat /etc/config/network 

config 'interface' 'loopback'
    option 'ifname' 'lo'
    option 'proto' 'static'
    option 'ipaddr' '127.0.0.1'
    option 'netmask' '255.0.0.0'

config 'interface' 'lan'
    option 'type' 'bridge'
    option 'proto' 'static'
    option 'ipaddr' '10.0.3.1'
    option 'netmask' '255.255.255.0'
    option 'ifname' 'eth0.0'
    option 'dns' '208.67.220.220'

config 'interface' 'wan'
    option 'ifname' 'eth0.1'
    option 'proto' 'dhcp'
    #option 'proto' 'static'
    #option 'ipaddr' '192.168.0.250'
    #option 'netmask' '255.255.255.0'
    #option 'dns' '208.67.220.220'

dhcp

root@fonzie:~# cat /etc/config/dhcp 

config 'dnsmasq'
    option 'domainneeded' '1'
    option 'boguspriv' '1'
    option 'filterwin2k' '0'
    option 'localise_queries' '1'
    option 'local' '/lan/'
    option 'domain' 'lan'
    option 'expandhosts' '1'
    option 'nonegcache' '0'
    option 'authoritative' '1'
    option 'readethers' '1'
    option 'leasefile' '/tmp/dhcp.leases'
    option 'resolvfile' '/tmp/resolv.conf.auto'

config 'dhcp' 'lan'
    option 'interface' 'lan'
    option 'start' '10'
    option 'limit' '49'
    option 'leasetime' '8m'
    list 'dhcp_option' '3,10.0.3.254'

config 'dhcp' 'wan'
    option 'interface' 'wan'
    option 'ignore' '1'

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...