On Sun, 2006-02-05 at 15:28, Douglas Phillipson wrote: > Les Mikesell wrote: > > >>>A simpler approach that is also more likely to work would be > >>>to set up a different private address range on the wired side > >>>and a dhcp server for it, then route and NAT to the wireless > >>>interface. The only tricky part is that you either have > >>>to run your own caching dns server and point the dhcp clients > >>>to it, or you'll have to pick up the DNS server you receive > >>>from the wireless DHCP and edit your dhcpd.conf to pass that > >>>on to the clients. > >>> > >> > >>The magic part I don't know how to do is "route and NAT". Can you > >>point me to an example on how to route and NAT between interfaces? Is > >>this a IPTables thing? > > > > > > You just need to: > > modprobe iptable_nat > > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE > > echo 1 > /proc/sys/net/ipv4/ip_forward > > > > And make sure any other firewalling lets what you need through. > > You should get a default route via dhcp on the wireless side > > and one will be added by the netmask for your private wired > > side so you don't need to add any extra routes. > > > > My wifi interface is eth1 and will pull an address from the library, > wired is eth0. Do I give my eth0 interface a 192.168.0.x address? It can be anything except in the range you get on the 'outside' interface. 192.168.0.x is pretty common so you might have a problem if the library uses private addresses too. Something like 192.168.232.1 for your eth0 might be less likely to collide. You can use a netmask of 255.255.255.0 and give out the range of 192.168.232.2 - 192.168.232.254 via dhcp. Your 'inside' address should be the default router for the dhcp clients, and if you are running a DNS server it can be their dns also. -- Les Mikesell lesmikesell@xxxxxxxxx
