taiyed14 Posted June 25, 2009 Posted June 25, 2009 I am trying to solve this issue and would like any suggestions. I have a Fon+ configured as the LAN's DHCP server and AP. My Internet gateway (10.0.0.200/8) is another devices on the LAN. The Fon (10.0.0.1/8) can access the Internet but the clients connected to it wireless cannot access the internet. while typing up this topic i realized what i was doing wrong. I need to set the client gateway to 10.0.0.200/8. my question now is, can i tell the Fon to give the clients a default gw of 10.0.0.200 with dnsmasq or some other way? OR is it possible to let the clients get a gw of 10.0.0.1 and have the fon route the traffic to its (the correct) gw? Quote
cyoung_mi Posted June 27, 2009 Posted June 27, 2009 What do you have in your Network config? I found I have a problem in my Firewall.user file that was blocking the clients from reaching the internet. Quote
zavvi1 Posted June 27, 2009 Posted June 27, 2009 Having same issue i dont suppose you could post your firewall.user config file. so i can see where i am going wrong Quote
cyoung_mi Posted June 27, 2009 Posted June 27, 2009 Well I'm not exactly sure why it works now. I was doing some research on iptables. with mine, DNS worked fine so I figured the gateway was ok. I changed the the FORWARDING line to an -I instead of -A ( but all that does is insert the line instead of appending it so not sure why that changes it but it works now ) #Allows wireless clients to access the internet iptables -A INPUT -i ath0 -j ACCEPT iptables -A INPUT -i eth0 -j ACCEPT iptables -A OUTPUT -o ath0 -j ACCEPT iptables -A OUTPUT -o eth0 -j ACCEPT iptables -I FORWARD -i ath0 -o eth0 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #Allow wan to connect via SSH iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT iptables -A input_wan -p tcp --dport 22 -j ACCEPT #Allow wan to open to Webif iptables -t nat -A prerouting_wan -p tcp --dport 80 -j ACCEPT iptables -A input_wan -p tcp --dport 80 -j ACCEPT #Allow wan to open Jasager iptables -t nat -A prerouting_wan -p tcp --dport 1471 -j ACCEPT iptables -A input_wan -p tcp --dport 1471 -j ACCEPT Quote
digininja Posted June 28, 2009 Posted June 28, 2009 I cheated when I was getting into this and just renamed the iptables binary so I knew that it wasn't getting in the way and affecting any testing. Quote
taiyed14 Posted June 29, 2009 Author Posted June 29, 2009 hmm. my firewall.user config is quite different than yours I'm running Piranha firmware # This file is interpreted as shell script. # Put your custom iptables rules here, they will # be executed with each firewall (re-)start. ## -- kismet-drone iptables -t nat -A prerouting_wan -p tcp --dport 3501 -j ACCEPT iptables -A input_wan -p tcp --dport 3501 -j ACCEPT Quote
cyoung_mi Posted June 29, 2009 Posted June 29, 2009 What do you have running at port 3501? Looks like you need to add iptables to route the lan packs to the wan. I haven't tried digininja's suggestion of renaming the iptables binary. Let us know what you end up doing. Quote
taiyed14 Posted June 30, 2009 Author Posted June 30, 2009 a kismet server is running on port 3501. the packets will never getting forward to the WAN. My gateway is on the LAN. I want the clients to send the packets to the fon (10.0.0.1) which then forwards them to the gateway (10.0.0.200) Quote
taiyed14 Posted July 4, 2009 Author Posted July 4, 2009 Found a solution. Need to add some dnsmasq dhcp options uci a dd_list dhcp.lan.dhcp_option="3,192.168.200.3" uci commit dhcp #/ect/init.d/dnsmasq restart will advertise the gateway as 192.168.200.3 thru DHCP same as adding this to /etc/config/dhcp config dhcp lan list 'dhcp_option' '3,192.168.200.3' sources: http://forum.openwrt.org/viewtopic.php?id=17316 http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html <- read -O switch section Quote
the_ethan Posted July 10, 2009 Posted July 10, 2009 taiyed14, could you post your dhcp and network config? I have the same setup and still problems with the internet access. Quote
taiyed14 Posted July 10, 2009 Author Posted July 10, 2009 taiyed14, could you post your dhcp and network config? I have the same setup and still problems with the internet access. here you go. network root@fonzie:~# cat /etc/config/network config 'interface' 'loopback' option 'ifname' 'lo' option 'proto' 'static' option 'ipaddr' '127.0.0.1' option 'netmask' '255.0.0.0' config 'interface' 'lan' option 'type' 'bridge' option 'proto' 'static' option 'ipaddr' '10.0.3.1' option 'netmask' '255.255.255.0' option 'ifname' 'eth0.0' option 'dns' '208.67.220.220' config 'interface' 'wan' option 'ifname' 'eth0.1' option 'proto' 'dhcp' #option 'proto' 'static' #option 'ipaddr' '192.168.0.250' #option 'netmask' '255.255.255.0' #option 'dns' '208.67.220.220' dhcp root@fonzie:~# cat /etc/config/dhcp config 'dnsmasq' option 'domainneeded' '1' option 'boguspriv' '1' option 'filterwin2k' '0' option 'localise_queries' '1' option 'local' '/lan/' option 'domain' 'lan' option 'expandhosts' '1' option 'nonegcache' '0' option 'authoritative' '1' option 'readethers' '1' option 'leasefile' '/tmp/dhcp.leases' option 'resolvfile' '/tmp/resolv.conf.auto' config 'dhcp' 'lan' option 'interface' 'lan' option 'start' '10' option 'limit' '49' option 'leasetime' '8m' list 'dhcp_option' '3,10.0.3.254' config 'dhcp' 'wan' option 'interface' 'wan' option 'ignore' '1' Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.