[SOLVED] Routing Wireless AP from eth0 to Wireless connection on wlan0

tenk · 09-19-2014, 12:20 PM

Hi,
I'd like to develop a wireless AP Web interface to manage some user access/accounts (maybe PHP/SQL) but I'm stuck with the network configuration, maybe someone could help me ?
I'm using a Debian as server connected to internet through a wireless network on wlan0 and a wireless access point on this server on eth0 to serve clients.
My first aim is to simply give access to Internet to the clients then later I'll redirect them on an apache server for authentication and for restricting navigation to some specific sites.
I manage to offer some IP to clients with isc-dhcp-server through the AP and eth0 but I don't manage to route the traffic from clients to wlan0 connection. At this moment, I'm testing with a PS3 and it says "DNS error".

Here are my network configurations:

- Wireless AP on eth0
192.168.121.127 : 255.255.255.0 : 192.168.121.1

- eth0
192.168.121.1 : 255.255.255.0 : 192.168.121.1
Through the Network Manager, in "Routes...", I checked "Use this connection only for resources on its network" else I didn't manage to connect to Internet with the server because it tries to go on eth0 instead of wlan0.

- wlan0
192.168.0.12 : 255.255.255.0 : 192.168.0.254

- my dhcpd.conf is:

Code:

...
subnet 192.168.121.0 netmask 255.255.255.0 {
range 192.168.121.100 192.168.121.150;
option domain-name-servers 192.168.0.254:
option routers 192.168.121.1;
}
...

(I will reduce the network ranges/sizes later according to the number of clients)

At this point there's already something I don't understand well. Is it correct to give 192.168.0.254 as DNS to clients ? Shouldn't it rather be the eth0 IP (192.168.121.1) ?

Then I'm stuck, I guess I need to add a route but I don't understand well the "gw" argument of "route add". I tried this without success:

Code:

route add -net 192.168.121.0 netmask 255.255.255.0 gw 192.168.0.254

Same as for the dhcpd.conf, I wonder if "gw" shouldn't be the eth0 IP because it acts like a gateway for the network 192.168.121.0 ?

Thanks in advance for any advice

nini09 · 09-19-2014, 02:39 PM

What's output of route command?

tenk · 09-20-2014, 04:20 AM

Hi,
route says me that:

Code:

default		192.168.0.254		0.0.0.0		UG	0	0	0	wlan0
192.168.0.0		*		255.255.255.0	U	0	0	0	wlan0
192.168.121.0		*		255.255.255.0	U	0	0	0	eth0

nini09 · 09-22-2014, 02:37 PM

You don't need add a route entry. Routing is Ok.
What's DNS IP address for wlan0. The domain-name-servers IP address in dhcpd.conf should be equal to DNS IP address for wlan0.
By the way, red character is dhcpd.conf is wrong, should be ;.

Quote:

subnet 192.168.121.0 netmask 255.255.255.0 {
range 192.168.121.100 192.168.121.150;
option domain-name-servers 192.168.0.254:
option routers 192.168.121.1;

tenk · 09-27-2014, 11:05 AM

Thanks.
Actually the DNS IP for wlan0, which is the interface connected to the Internet, is 192.168.0.254. I tried it for the DHCP server but it doesn't work. And I guess it's normal because it's a local IP not in the same network of the clients connected to the AP on eth0 (192.168.121.0/24), isn't it ? About the ":" character, I made a mistake while retyping the configuration :/

I'm programmer but I have some gaps in networking. At this moment I'm looking too for alternative solutions like proxy software but I also would like to do this myself for learning purpose.
The final purpose is to offer Internet to 15-20 students in a temporary training classroom. (I strive to tell them for years that networking and programming are two different jobs

)
Security is not really important, it's just in order that students do not disperse too much during training (therefore they won't have the WPA Key), but give them access through the open wireless AP to certain websites but also to a local web site with large files to download. At first I wanted to manage the connection access through the local website for the adjacent classrooms do not have access to the local network but it's not really important if I don't manage to do that.
So I guess I need to filter the tcp requests through eth0 then redirect them to the local server if they doesn't match a permitted websites list otherwise redirect them to the gateway. Or redirect all traffic to the local server but after that it seems difficult to redirect to the permitted websites.

If someone knows a software for this, any advice is welcome

nini09 · 10-01-2014, 02:26 PM

I guess it's normal because it's a local IP not in the same network of the clients connected to the AP on eth0 (192.168.121.0/24).
The client machine can reach any IP in the world if routing is correct. Normally, default route take care of it.
Now we need debugging why DNS is failure.

Can client ping 192.168.121.1, 192.168.0.254?

tenk · 10-02-2014, 10:35 AM

Yes the client can ping 192.168.121.1 but not 192.168.0.254.
At this moment I'll see 3 solutions:
- install a local DNS server
- forwarding the DNS requests to the gateway 192.168.0.254
- use a public DNS

Do you think I'm right ?

nini09 · 10-03-2014, 02:22 PM

The routing in your network is wrong somewhere. If you don't solve the issue, DNS can't work even if you try to do something else.
Draw network topology between client and DNS server and dump route table on each machine on path using route command.

tenk · 10-03-2014, 05:08 PM

K, thanks.