[MLB-WIRELESS] Routing help.
Simon Hall
simon.hall at getstarted.com.au
Tue May 11 10:10:02 EST 2004
How about IPCOP I have heard good raps about it. www.ipcop.org It has some
good docco for getting started too.
Simon Hall
-----Original Message-----
From: owner-melbwireless at wireless.org.au
[mailto:owner-melbwireless at wireless.org.au] On Behalf Of Dan Flett
Sent: Tuesday, 11 May 2004 12:20 AM
To: vk3jma at net2000.com.au; 'Melbourne Wireless'
Subject: RE: [MLB-WIRELESS] Routing help.
Hi Mark,
Sounds like you may not even have to worry too much about routing. If your
wireless box has only one wireless interface you can put in a static route
to point at whomever your link partner is and leave it at that. Hopefully
they are running Quagga/OSPF to further distribute the wireless traffic.
You can use 'route' or 'ip' to add static routes. I'm more familiar with
'ip' - it has lots of shortcuts in it's command line - you can type 'r'
instead of 'route', 'a' instead of 'add' and so on.
To put in a static route to your link partner for wireless traffic I'd do
something like
'ip r a 10.10.0.0/16 via <link partner's ip addy> dev <wireless NIC>'
then type 'ip r' to see the routing table.
I prefer putting in a route like this for all Melbourne wireless traffic
instead of a default route because your box won't send any traffic intended
for the internet or your LAN out the wireless interface. I have no formal
training in this, but two default routes in the one box seems to cause
problems for me.
A firewall is definitely a good idea on your wireless box. I use Shorewall
on mine. But there's a few iptables-based firewalls out there. Shorewall
has a feature called 'masquerading' which is basically NAT. It does a good
job of making all your devices on your LAN appear on the wireless network to
have come from your one wireless IP. We don't wanna see no steenkin'
192.168.x.x addys on the wireless network!
:)
Shorewall (and other firewalls) allow you to put your network interfaces in
"zones" and you can apply different port-blocking or port-allowing rules to
each of them. It basically acts as a traffic cop - you can allow or
disallow any traffic on any port in any direction. Usually you'd have a
'wireless' zone, a 'local' zone for your LAN, a 'firewall' zone for the
router box itself and sometimes a 'DMZ' zone for things like webservers,
gameservers (if they are on separate boxes) etc which are more open to the
wide-area-network than you'd want your LAN to be.
If you do have two wireless interfaces in your box - say one for a
directional link and one for an AP, you can put them both in the one zone,
or put them in separate zones if you want to block ports from one to the
other. My philosophy is it's a free network and people can send whatever
traffic they want via my box, so I put them both in the one zone and set a
default policy of allowing all traffic between them.
But if you have two wireless interfaces in your box you'll definitely want
to install Quagga with the OSPF dynamic routing daemon. It's not too
difficult, and there's many examples of the setup files in the Melb.
Wireless Wiki.
Hope this helps...
Dan
> -----Original Message-----
> From: owner-melbwireless at wireless.org.au [mailto:owner-
> melbwireless at wireless.org.au] On Behalf Of vk3jma at net2000.com.au
> Sent: Tuesday, 11 May 2004 7:54
> To: melbwireless at wireless.org.au
> Subject: [MLB-WIRELESS] Routing help.
>
> Hello,
>
> I have managed to get 2 lan cards working in my one of my linux boxes.
>
> Now I have eth0 and eth1, both work as I have tested them seperatly by
> making each the default interfacxe and pinging out of it.
>
> Now that I have the ability to route, I want to set things up to have
the
> wireless network on one card and my home lan on the other protecting
my
> home
> lan with a firewall.
>
> One thing I am just not sure of is routing. I know what it does and
what
> it is
> for but getting the finer points are a bit confusing. I am using my
Melb
> wireless alloted ip address throughout my whole lan, wired and
wireless.
>
> Should I have seperate subnets for wired and wireless?
>
> Any assistance, pointers would be greatly appreciated.
>
> Regards
>
> Mark
>
>
>
> To unsubscribe: send mail to majordomo at wireless.org.au
> with "unsubscribe melbwireless" in the body of the message
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
More information about the Melbwireless
mailing list