IP Masqing Airbase to internet, Slackware
Hey guys, wondering if I could get a little help? Ive been working on turning my laptop into a wireless access point for a few days now and it is driving me nuts. The upside is ive learned a ton about how networks and how things such as DNS and DHCP work, the downside is that they don't want to work for me!
EDIT: I am using a slackware distro with the 2.6.21.5 kernel
Im using a program call airbase-ng to mimic wireless AP functionality. This program uses my wlan1 ALFA USB card and creates a new interface called at0 which gets traffic from connected clients.
I am trying to get simple internet connectivity for the clients connected to my laptop AP, let me illustrate.
Client>>><<<Airbase AP>>><<<RealAP>>><<<Internet
My client is an 1ghz pentium 256meg ram running xp unpatched with an old dell truemobile wireless b only card.
My Airbase host is a Dell 1525, x2 2.0ghz core2duo, 3gigs ram, Intel 4965AGN internal wifi (wlan0), and ALFA 500mW USB with RTL 8187 chip (wlan1)
My Real AP is a Netgear wireless BGN router with standard firmware connected to a comcast cable modem.
I have tried a few different methods to get this to work, such as:
Modifying the dhcpd.conf and using dhcpd
Using the DNSMasq program
Using brctl and bridging to simply forward packets from one MAC to another.
Currently I have had the most luck with IPMASQ using a script from:
hxxp ://tldp.org/HOWTO /IP-Masquerade-HOWTO /firewall-examples. html#RC.FIREWALL-IPTABLES (remove spaces for link)
Here is the script without all the #junk from the website: START
-----------------------------------------------------------------------------------------------------------
#!/bin/sh
#
# rc.firewall-iptables
FWVER=0.76
echo -e "\n\nLoading simple rc.firewall-iptables version $FWVER..\n"
#IPTABLES=/sbin/iptables
IPTABLES=/usr/sbiniptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
EXTIF="wlan0"
INTIF="at0"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
echo -en " loading modules: "
echo " - Verifying that all kernel modules are ok"
$DEPMOD -a
echo "----------------------------------------------------------------------"
echo -en "ip_tables, "
$MODPROBE ip_tables
echo -en "ip_conntrack, "
$MODPROBE ip_conntrack
echo -en "ip_conntrack_ftp, "
$MODPROBE ip_conntrack_ftp
echo -en "ip_conntrack_irc, "
$MODPROBE ip_conntrack_irc
echo -en "iptable_nat, "
$MODPROBE iptable_nat
echo -en "ip_nat_ftp, "
$MODPROBE ip_nat_ftp
#echo -e "ip_nat_irc"
#$MODPROBE ip_nat_irc
echo "----------------------------------------------------------------------"
echo -e " Done loading modules.\n"
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\nrc.firewall-iptables v$FWVER done.\n"
---------------------------------------------------------------------------------------------------------------------
SCRIPT END
Here is my method for arriving where I am.
I start an airbase AP
"airbase-ng -c 11 -e "TestWifi" wlan1"
This starts airbase on my ALFA, I am just using it for testing right now so I omitted the -C -P and all that and made a basic AP
I then set my new at0 interface
"ifconfig at0 up"
"ifconfig at0 192.168.1.1 netmask 255.255.255.0"
I wasnt sure what I should set the ip of at0 to so I have tried multiple things such as 10.0.0.1 and 192.168.1.10 all with the same netmask."
Then I run the rc.firewall-iptables script from the link above. The only modification I made to it was to set the location of iptables from
"IPTABLES=/usr/local/sbin/iptables" to
"IPTABLES=/usr/sbin/iptables"
I also set all references to eth0 as wlan0 for my EXTERNAL interface and anything as eth1 to at0 for my INTERNAL interface.
This seemed to solve the errors I got when it said that iptables commands didnt exist, and fixed my refernces to point to the correct interfaces.
I then run the script and get this:
"Loading simple rc.firewall-iptables version 0.76.."
"External Interface: wlan0"
"Internal Interface at0"
"loading modules: - Verifying that all kernel modules are ok"
---------------------------------------------------------------------------------------------
"ip_tables, ip_conntrack_ftp, ip_conntrack_irc, iptable_nat, ip_nat_ftp"
----------------------------------------------------------------------------------------------
"Done loading modules."
"Enabling forwarding.."
"Enabling DynamicAddr.."
"Clearing any existing rules and setting default policy.."
"FWD: Allow all connections OUT and only existing and related ones IN"
"Enabling SNAT (MASQUERADE) functionality on wlan0"
"rc.firewall-iptables v0.76 done."
So far so good, I then connect to the internet through my router with wlan0 and connect my client to my Airbase AP, and I get nothing. I can successfully connect my client to airbase, but it just black holes the client. I watched wireshark carefully and here is what I see.
Wlan1 (ALFA) gets a lot of packets, most of it is just broadcasts and normal stuff.
at0 gets packets only from clients connected to the Airbase AP, it also seems to be handling ARP requests and DHCP requests and assigning an IP address to the clients.
wlan0 (Intel) Gets nothing, unless I try to browse from my Airbase PC then it gets normal traffic, but not a single packet makes it from at0 to wlan0 and vice versa.
If anyone could help me get this working I would be incredibly grateful! Ive been working on this forever and it is driving me batty! If there are other simpler ways of achieving the same kind of function please let me know.
|