Hi

I have a wired LAN at home with internet, and it's working fine. Now I am trying add wireless net access to my neighbours. But I have some problems, not with the wireless router, but with my Ubuntu server - I think.

Here is the setup:
An ADSL router gives DHCP and internet access to the LAN. It has 10.0.0.1 as IP address, and gives addresses 10.0.0.x by DHCP to the wired LAN. I also have a wireless router that I just configured. I don't want to connect the wireless router to the switch/modem, because I want to set a bandwith limit on the wireless, so the neighbours can't take all the bandwidth.

I also have a Linux server on the LAN and it has two network cards. The server has address 10.0.0.10 on the cable LAN (static), and I configured the other NIC to have 192.168.1.2. The wireless router has IP 192.168.1.1 - I found out by reading the manual. I reach the wireless router with Firefox from the Linux server. I set it up as access point with no password. Then I set up DHCP on the Linux server on the "wireless" NIC:

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
option domain-name-servers 10.0.0.1;
option routers 192.168.1.2;
}

I can connect to the wireless router with my neighbours windows laptop, I get an IP address, and can ping both 192.168.1.1 (the wireless router) and 192.168.1.2 (the Linux server). But I cannot reach anything else, anything on the 10.0.0.* network.

I enabled ip_forwarding:

cat /proc/sys/net/ipv4/ip_forward
1

Still no net for the neighbours. Is there something wrong with my plan or is there anything else I need to do? I have not setup iptables yet, I was thinking of getting it working first.

sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Let's try to get a little more data:

1. Can you log into your Linux box from the neighbor's laptop? This will require either that your Linux box is running telnetd (to telnet in) or sshd (and then you'll need Putty or some ssh-like program on the laptop); an alternative, if you have a mail system running on the Linux box is This experiment will let us know if you are actually talking to the Linux box when you ping 192.168.1.2.

2. Examine your route table with netstat -rn. The result should look something like this: This will tell us that, if it receives a packet from the 192.168.1.x subnet, the Linux box will know how to forward it.

3. Can you ping from the laptop by address to a machine on the 10.0.0.x subnet? If so, then there is trouble in the DNS part of the system, not the IP routing part. If not, I recommend using traceroute on the Linux box to find out where the ICMP packets are going and coming.

Let us know how these turn out, and then we can narrow down the search some.

Hi

Thank you, I think there is something wrong with the routing. Sorry but this is something I know very little about.

I can ping and ssh from the wireless LAN to the Linux box. But there is no DNS, and I can't connect either way thru it. The server can reach everything, the wireless LAN, the wired LAN and the internet.

Here is the output of the command (executed on the Linux server):
I guess the last line means to send everything to 10.0.0.1 which is the ADSL router. How can I make a rule so packets from 192.168.1.x also go there?

From here, it looks like your routing table is correct. You have only a single default route, and it specifies the other end of your link to the Internet, as it should.

I think I can guess at the trouble: my hypothesis is that the ADSL router is only set up to do Network Address Translation on net 10.x.x.x, and is therefore forwarding packets from the 192.168.1.x (wireless) net without translation. This will result in those packets being lost, since any public Internet router that sees such a packet will drop it unceremoniously on the floor (it being a Private Networking packet address).

There are several ways to solve this problem. Choose whichever seems best in your circumstances.

1. Network 10.x.x.x is a *big* address space. You are already set up to segment it and assign two of the subnets to your wired and wireless networks, since the subnet mask is set to 255.255.255.0, which means that, as far as routing is concerned, 10.0.1.x is a different network than 10.0.0.x.

Therefore, try changing your eth0 address to 10.0.1.2, and the wireless router to 10.0.1.1 (you will need to alter its DHCP stuff as well, so that it hands out addresses in the right range on the wireless segment). This should give you connectivity to the Internet from the wireless segment, as well as DNS service (since that is being provided on network 10.0.0.x).

2. Alternatively, you can set up NAT on the Linux box to translate the 192.168.1.x addresses so that they all appear to come from the Linux box address (10.0.0.10). This would be your fallback choice if the wireless router cannot be altered. This should also give you the desired connectivity from the wireless LAN, but might get in the way of your bandwidth-limiting scheme. I have a page on my website (there are lots of others) that shows how to set up NAT using iptables.

3. Depending on the capabilities of your ADSL router, it might also be able to do NAT on more than one address range. If that is so, you could ask it to translate 192.168.1.x as well as 10.x.x.x, and that should provide the connectivity you need.

Thanks a lot!

The problem was I thought the server stopped the traffic. It went thru, but the ADSL router didn't understand the traffic from the 192.168.1.x net.

So I added this:
Now the wireless LAN can access the internet. I just have to do some reading on how I can limit the upload speed from the wireless LAN.

I got it working. http://www.szabilinux.hu/bandwidth/index.html was very useful too. The two last lines of the script I had was unneccessay becuase I don't see a reason to stop anything.

Cool! Another satisfied customer.