Date: Sun, 05 Feb 2006 13:28:29 -0800
From: Douglas Phillipson < douglas@xxxxxxxxxxxxx>
Subject: Re: Bridging wifi to ethernet
To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Message-ID: < 43E66DFD.6050602@xxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Les Mikesell wrote:
>>>A simpler approach that is also more likely to work would be
>>>to set up a different private address range on the wired side
>>>and a dhcp server for it, then route and NAT to the wireless
>>>interface. The only tricky part is that you either have
>>>to run your own caching dns server and point the dhcp clients
>>>to it, or you'll have to pick up the DNS server you receive
>>>from the wireless DHCP and edit your dhcpd.conf to pass that
>>>on to the clients.
>>>
>>
>>The magic part I don't know how to do is "route and NAT". Can you
>>point me to an example on how to route and NAT between interfaces? Is
>>this a IPTables thing?
>
>
> You just need to:
> modprobe iptable_nat
> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> And make sure any other firewalling lets what you need through.
> You should get a default route via dhcp on the wireless side
> and one will be added by the netmask for your private wired
> side so you don't need to add any extra routes.
>
My wifi interface is eth1 and will pull an address from the library,
wired is eth0. Do I give my eth0 interface a 192.168.0.x address?
Thanks
Doug P
Hi Doug!
Doing a similar thing in the interest of my LUG.
What follows is for Ubuntu Breezy but the issues are the same:
I used System>Administration>Networking to establish a static IP (192.168.1.1) for the laptop ethernet port (and to see that wlan0, the wireless port, was connected to the proper AP and to know it's IP).
Instructions for setting up the dhcpserver I found at: http://ubuntuguide.org/#dhcpserver
Instructions for setting up the dhcpserver I found at: http://ubuntuguide.org/#dhcpserver
The iptables in Breezy come unset. Forwarding accomplished by:
# iptables:
# iptables:
# Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
iptables --flush - Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain - Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain
# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward - Enables packet forwarding by kernel
#
A friend of mine (Paul Edwards) added:
"The excellent "Firestarter" Gnome firewall software makes this an
incredibly simple and easy-to-do task with the nice user-friendly GUI.
"
incredibly simple and easy-to-do task with the nice user-friendly GUI.
"
Browsing appears normal (laptop or downstream), and use of the "apt-get" "Synaptic" and other tools as well. However, I had to pull down the Firestarter forwarding/firewall (iptables GUI) to enable the use of an FTP server on the laptop (again, an Ubuntu box - I did get dual boot on FC4 on this box yesterday but have not tried the NAT thing on FC4 there yet) on its ethernet path to another desktop FC4 box on the ethernet wire. I could ping everywhere and I could browse to the ftp server (
ftp://192.168.1.1 - the laptop ethernet port) from within the laptop but no one on the wire could do the same.
Well, at least I am pretty well ready for the next public linux technical session.
Cheers!
Tod