[MLB-WIRELESS] Routing help.
Dan Flett
conhoolio at hotmail.com
Tue May 11 09:19:34 EST 2004
Hi Mark,
Sounds like you may not even have to worry too much about routing. If
your wireless box has only one wireless interface you can put in a
static route to point at whomever your link partner is and leave it at
that. Hopefully they are running Quagga/OSPF to further distribute the
wireless traffic.
You can use 'route' or 'ip' to add static routes. I'm more familiar
with 'ip' - it has lots of shortcuts in it's command line - you can type
'r' instead of 'route', 'a' instead of 'add' and so on.
To put in a static route to your link partner for wireless traffic I'd
do something like
'ip r a 10.10.0.0/16 via <link partner's ip addy> dev <wireless NIC>'
then type 'ip r' to see the routing table.
I prefer putting in a route like this for all Melbourne wireless traffic
instead of a default route because your box won't send any traffic
intended for the internet or your LAN out the wireless interface. I
have no formal training in this, but two default routes in the one box
seems to cause problems for me.
A firewall is definitely a good idea on your wireless box. I use
Shorewall on mine. But there's a few iptables-based firewalls out
there. Shorewall has a feature called 'masquerading' which is basically
NAT. It does a good job of making all your devices on your LAN appear
on the wireless network to have come from your one wireless IP. We
don't wanna see no steenkin' 192.168.x.x addys on the wireless network!
:)
Shorewall (and other firewalls) allow you to put your network interfaces
in "zones" and you can apply different port-blocking or port-allowing
rules to each of them. It basically acts as a traffic cop - you can
allow or disallow any traffic on any port in any direction. Usually
you'd have a 'wireless' zone, a 'local' zone for your LAN, a 'firewall'
zone for the router box itself and sometimes a 'DMZ' zone for things
like webservers, gameservers (if they are on separate boxes) etc which
are more open to the wide-area-network than you'd want your LAN to be.
If you do have two wireless interfaces in your box - say one for a
directional link and one for an AP, you can put them both in the one
zone, or put them in separate zones if you want to block ports from one
to the other. My philosophy is it's a free network and people can send
whatever traffic they want via my box, so I put them both in the one
zone and set a default policy of allowing all traffic between them.
But if you have two wireless interfaces in your box you'll definitely
want to install Quagga with the OSPF dynamic routing daemon. It's not
too difficult, and there's many examples of the setup files in the Melb.
Wireless Wiki.
Hope this helps...
Dan
> -----Original Message-----
> From: owner-melbwireless at wireless.org.au [mailto:owner-
> melbwireless at wireless.org.au] On Behalf Of vk3jma at net2000.com.au
> Sent: Tuesday, 11 May 2004 7:54
> To: melbwireless at wireless.org.au
> Subject: [MLB-WIRELESS] Routing help.
>
> Hello,
>
> I have managed to get 2 lan cards working in my one of my linux boxes.
>
> Now I have eth0 and eth1, both work as I have tested them seperatly by
> making
> each the default interfacxe and pinging out of it.
>
> Now that I have the ability to route, I want to set things up to have
the
> wireless network on one card and my home lan on the other protecting
my
> home
> lan with a firewall.
>
> One thing I am just not sure of is routing. I know what it does and
what
> it is
> for but getting the finer points are a bit confusing. I am using my
Melb
> wireless alloted ip address throughout my whole lan, wired and
wireless.
>
> Should I have seperate subnets for wired and wireless?
>
> Any assistance, pointers would be greatly appreciated.
>
> Regards
>
> Mark
>
>
>
> To unsubscribe: send mail to majordomo at wireless.org.au
> with "unsubscribe melbwireless" in the body of the message
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
More information about the Melbwireless
mailing list