Thinkpad wireless masquerade

Discussion in 'Linux Networking' started by PenguinsAnonymous, Aug 9, 2004.

  1. I have a thinkpad 760ELD with SuSE 9.0 loaded and running
    fine. I have two PCMCIA cards Orinoco Gold wireless and
    ethernet II IBM. The Orinoco is configured outgoing interface
    and the ethernet to an attached hub so I can hook PCs to
    masquerade through the connection.
    On configuring the interfaces individually they work fine,
    in other words I can use them.
    If I configure them both at once with forwarding enabled
    neither interface can ping from outside or in.
    The routing table does not contain the default route, not
    sure why yast did not handle it..
    eth0 is inward (forwarded or local network with hub)
    wlan0 is outward connected

    My access point is plugged into a switch which is plugged
    to a routing PC with IP Other ports on this
    switch find their way just fine.
    In fact if I remove the eth0 config using yast I can surf
    fine through this wlan0 connection.

    The entire network has subnet

    So what should the default route be and is it my only issue?

    Thanks for any info.
    PenguinsAnonymous, Aug 9, 2004
    1. Advertisements

  2. PenguinsAnonymous

    Tauno Voipio Guest

    A rule of thumb for the default route in leaf nodes of the Internet
    is to point it to the next node toward the Net.

    Your problem comes from an attempt to keep the separate local
    nets (Ethernet and wireless) in the same subnet (
    Make them separate and use the default route rule to each node.


    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 9, 2004
    1. Advertisements

  3. Ok I thought for a moment I understood but I'm guessing not.

    thinkpad interfaces are
    eth0 netmask
    wlan0 netmask (so this connects to the .19 below)

    remember the AP connects to a switch connects to a router PC with
    eth1 dhcp (broadband connection)
    eth0 netmask

    A pc behind the thinkpad configures with
    eth0 netmask

    On the thinkpad I can ping forward to the outward connection
    but not back to the PC.

    firewall and forwarding is enabled on the thinkpad. Being a router and connected
    direct it shouldn't have a router specified right?
    But the PC specifies router

    Thanks for any direction.
    PenguinsAnonymous, Aug 12, 2004
  4. PenguinsAnonymous

    Tauno Voipio Guest

    The 192.168.0.x network masks are suspect: covers the
    whole 192.168.x.y range, including the outgoing network.

    The PC behind the Thinkpad should be /
    (note the mask), with default gateway

    The Thinkpad wlan0 should be / (mask!)
    The Thinkpad default gateway should be

    If the ping still does not get there, run tcpdump or Ethereal on
    both hosts and post the results.


    Tauno Voipio
    tauno voipio (at) iki fi

    PS. Written on a Thinkpad A21p and Lucent Orinoco to WLAN and
    a Linux router to ADSL.

    Tauno Voipio, Aug 12, 2004
  5. Ahh yes I got it....
    Now I am discovering a thinkpad might not be a good candidate for router?
    I see two problems.
    Traffic is very slow to load a page. I'll have to analyze it hop by hop with
    ethereal as you suggested.
    The other thing is thinkpads suspend :) Kind of like the toll taker at the bridge
    sleeping in the way.
    Thanks for your help though I appreciate it.

    PenguinsAnonymous, Aug 13, 2004
  6. PenguinsAnonymous

    Tauno Voipio Guest

    The ADSL line is slower than my first Thinkpad (300, i386SX).
    The processor speed should not be an issue.

    Check that there are no DNS timeouts (or maybe IDENT from the server).

    The Thinkpad stops (at least mine) to suspend if you feed it with
    line power.

    I was first thinking to set up a retired Thinkpad to perform
    as the router, but changed my mind and built a small system
    from a VIA EPIA Mini-ITX board (55 W, about the same as a laptop).

    My router runs a masquerading firewall (iptables), a NTP server,
    and a DNS cache (dnsmasq).

    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 13, 2004
  7. Basically what happens are specific connections like the graphic
    on the google page do not complete. In some cases most of the page
    loads except a few graphics.
    In ethereal it eventually becomes 'unreachable' after a long time.
    I'm using this on the thinkpad while loading a page on the PC behind it.
    So I think most of this works its just some distance problem.
    Are there issues with going through 2 routers/firewalls?


    I could send the output of ethereal if you think you might recognize the
    problem? (size 27443)

    PenguinsAnonymous, Aug 13, 2004
  8. yes of course you are right but I was refering to subtle
    hardware issues with linux and it's sometimes incomplete
    support of many models.

    Again I did not think. I need to leave it docked to get around this.

    PenguinsAnonymous, Aug 14, 2004
  9. there are .... resolution is intermittant.
    Explorer delivers the message 'unknown zone'
    I'm starting to think its a problem with using the two network address
    groups 192.168.1.x and 192.168.0.x and the same netmask

    PenguinsAnonymous, Aug 14, 2004
  10. new description
    both TP and PCrouter are masquerading boxes using iptables

    PC <-> TPint1 TPint2 <-> PCrouter1 PCrouter2 (DHCP)

    PCrouter2 DHCP (external int)

    ping from TP to PC works
    ping from TP to PCrouter works
    ping from PC to TP works
    ping from PC to PCrouter does not or is sporadic

    TP (thinkpad masquerade box) route table (network entry) (network entry)
    default through

    This bolsters my statement before that parts of web pages seem to load
    I'm really bleeding here any ideas?
    PenguinsAnonymous, Aug 14, 2004
  11. PenguinsAnonymous

    Tauno Voipio Guest


    The masks make the networks at the Thinkpad collide - it's not
    able to uniquely route the traffic to the PCRouter2 as it can
    think that the routing is possible via 192.168.0.x.

    Please post the routing tables of PC and TP, using 'route -n'.
    The corresponding 'ifconfig -n' results can also help.

    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 15, 2004
  12. Please note I have tried both also both appear to produce similar.

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface U 0 0 0 wlan0 U 0 0 0 eth0 UG 0 0 0 wlan0

    eth0 Link encap:Ethernet HWaddr 00:06:29:14:DD:F1
    inet addr: Bcast: Mask:
    inet6 addr: fe80::206:29ff:fe14:ddf1/64 Scope:Link
    RX packets:1422 errors:0 dropped:0 overruns:0 frame:0
    TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:85548 (83.5 Kb) TX bytes:1632 (1.5 Kb)
    Interrupt:5 Base address:0x300 Memory:c00ce000-c00d2000

    lo Link encap:Local Loopback
    inet addr: Mask:
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:78 errors:0 dropped:0 overruns:0 frame:0
    TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:7470 (7.2 Kb) TX bytes:7470 (7.2 Kb)

    wlan0 Link encap:Ethernet HWaddr 00:60:1D:F7:74:BC
    inet addr: Bcast: Mask:
    inet6 addr: fe80::260:1dff:fef7:74bc/64 Scope:Link
    RX packets:227 errors:0 dropped:0 overruns:0 frame:0
    TX packets:310 errors:11 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:50369 (49.1 Kb) TX bytes:39828 (38.8 Kb)
    Interrupt:3 Base address:0x100

    Also take a look at this description and pay careful attention to how the AP is
    attached to the switch. It is a lucent AP in bridge mode with no access mode or
    encription enabled. The thinkpad uses this connection fine and exhibits no
    problems it's only when you take a step back to a machine behind the thinkpads
    PenguinsAnonymous, Aug 15, 2004
  13. PenguinsAnonymous

    Tauno Voipio Guest

    Please, the same information for the PC behind the link.

    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 15, 2004

  14. Well :) it's not connected!



    again this PC can ping the thinkpad (both interface) but not beyond!
    and the tp can ping it.
    PenguinsAnonymous, Aug 15, 2004

    I have no idea if it's the source of the problem, but as people have told
    you already the "254" is wrong. More precisely it's WRONG WRONG WRONG.
    Use for all those 192.168.N.M interfaces.

    Stefan Monnier, Aug 15, 2004

  16. fine fine fine :)
    I said I did it both ways.
    In fact it is back now to everywhere and generates the
    same symptom. I think its the AP bridge configuration stopping returning
    packets that are one step away from the IP it knows. (ie the thinkpad)

    as I said when you ping from the PC beyond the thinkpad
    toward the routing PC beyond the AP it cannot find the .19 address.
    This was discovered with ethereal on the thinkpad.
    Then pinging on the PC.
    The thinkpad shows a broadcast that does not find the
    address. And it is beyond the AP right.

    So both the 192.168.0.x and 192.168.1.x are same subnet?
    Wouldn't the firewall on the machine have to know about the
    192.168.0.x addresses down the line?
    What would the entire description be for both address ranges?
    PenguinsAnonymous, Aug 15, 2004
  17. I just proved this condition no longer valid perhaps it had to do with
    the 2 subnets you were pointing out was wrong.

    I used ethereal on
    ran ping on to

    ethereal proves it gets there so its the response that is not coming back.
    But one hop closer the thinkpads response does come back.

    PenguinsAnonymous, Aug 15, 2004
  18. PenguinsAnonymous

    Tauno Voipio Guest

    Do you have IP forwarding turned on in Thinkpad?


    cat /proc/sys/net/ipv4/ip_forward,


    echo 1 >proc/sys/net/ipv4/ip_forward

    Please DO correct the .254 netmasks to .255

    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 16, 2004
  19. Ok I think I now understand abstractly what my problem is.
    I changed the subnets to be brutally clear.
    When I ping from TProuter to PCrouter successfully it's because on the
    router you still have one foot in the same subnet. (ie one interface)
    When you ping from PC to PCrouter you get there because of
    the default routing but the way back is unclear because
    PCrouter has no idea what subnet 172.16 is.

    So do I need a route command on PCrouter?


    PenguinsAnonymous, Aug 17, 2004
  20. PenguinsAnonymous

    Tauno Voipio Guest

    Yes - tell her that the 172.16.0.x network is available via
    TProuter ( Did you change the net from

    The 172.16.x.y network has a far too wide netmask. You should
    be able to handle the net with a small 192.168.x.y net.

    Tauno Voipio
    tauno voipio (at) iki fi
    Tauno Voipio, Aug 17, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.