Thinkpad wireless masquerade

Discussion in 'Linux Networking' started by PenguinsAnonymous, Aug 9, 2004.

  1. I have a thinkpad 760ELD with SuSE 9.0 loaded and running
    fine. I have two PCMCIA cards Orinoco Gold wireless and
    ethernet II IBM. The Orinoco is configured outgoing interface
    and the ethernet to an attached hub so I can hook PCs to
    masquerade through the connection.
    On configuring the interfaces individually they work fine,
    in other words I can use them.
    If I configure them both at once with forwarding enabled
    neither interface can ping from outside or in.
    The routing table does not contain the default route, not
    sure why yast did not handle it..
    so
    eth0 192.168.1.8 is inward (forwarded or local network with hub)
    wlan0 192.168.1.9 is outward connected

    My access point is plugged into a switch which is plugged
    to a routing PC with IP 192.168.1.19. Other ports on this
    switch find their way just fine.
    In fact if I remove the eth0 config using yast I can surf
    fine through this wlan0 connection.

    The entire network has subnet 255.255.255.0.

    So what should the default route be and is it my only issue?

    Thanks for any info.
    -Walt
     
    PenguinsAnonymous, Aug 9, 2004
    #1
    1. Advertisements

  2. PenguinsAnonymous

    Tauno Voipio Guest

    A rule of thumb for the default route in leaf nodes of the Internet
    is to point it to the next node toward the Net.

    Your problem comes from an attempt to keep the separate local
    nets (Ethernet and wireless) in the same subnet (192.168.1.0/24).
    Make them separate and use the default route rule to each node.

    HTH

    Tauno Voipio
    tauno voipio (at) iki fi
     
    Tauno Voipio, Aug 9, 2004
    #2
    1. Advertisements

  3. Ok I thought for a moment I understood but I'm guessing not.

    thinkpad interfaces are
    eth0 192.168.0.8 netmask 255.255.0.0
    wlan0 192.168.1.9 netmask 255.255.255.0 (so this connects to the .19 below)

    remember the AP connects to a switch connects to a router PC with
    eth1 dhcp (broadband connection)
    eth0 192.168.1.19 netmask 255.255.255.0

    A pc behind the thinkpad configures with
    eth0 192.168.0.1 netmask 255.255.0.0

    On the thinkpad I can ping forward to the outward connection
    but not back to the 192.168.0.1 PC.

    firewall and forwarding is enabled on the thinkpad. Being a router and connected
    direct it shouldn't have a router specified right?
    But the PC 192.168.0.1 specifies router 192.168.0.8

    Thanks for any direction.
    -Walt
     
    PenguinsAnonymous, Aug 12, 2004
    #3
  4. PenguinsAnonymous

    Tauno Voipio Guest

    The 192.168.0.x network masks are suspect: 255.255.0.0 covers the
    whole 192.168.x.y range, including the outgoing network.

    The PC behind the Thinkpad should be 192.168.0.1 / 255.255.255.0
    (note the mask), with default gateway 192.168.1.9

    The Thinkpad wlan0 should be 192.168.1.9 / 255.255.255.0. (mask!)
    The Thinkpad default gateway should be 192.168.1.19.

    If the ping still does not get there, run tcpdump or Ethereal on
    both hosts and post the results.

    HTH

    Tauno Voipio
    tauno voipio (at) iki fi

    PS. Written on a Thinkpad A21p and Lucent Orinoco to WLAN and
    a Linux router to ADSL.

    TV
     
    Tauno Voipio, Aug 12, 2004
    #4
  5. Ahh yes I got it....
    Now I am discovering a thinkpad might not be a good candidate for router?
    I see two problems.
    Traffic is very slow to load a page. I'll have to analyze it hop by hop with
    ethereal as you suggested.
    The other thing is thinkpads suspend :) Kind of like the toll taker at the bridge
    sleeping in the way.
    Thanks for your help though I appreciate it.
    -Walt

     
    PenguinsAnonymous, Aug 13, 2004
    #5
  6. PenguinsAnonymous

    Tauno Voipio Guest

    The ADSL line is slower than my first Thinkpad (300, i386SX).
    The processor speed should not be an issue.

    Check that there are no DNS timeouts (or maybe IDENT from the server).

    The Thinkpad stops (at least mine) to suspend if you feed it with
    line power.

    I was first thinking to set up a retired Thinkpad to perform
    as the router, but changed my mind and built a small system
    from a VIA EPIA Mini-ITX board (55 W, about the same as a laptop).

    My router runs a masquerading firewall (iptables), a NTP server,
    and a DNS cache (dnsmasq).

    Tauno Voipio
    tauno voipio (at) iki fi
     
    Tauno Voipio, Aug 13, 2004
    #6
  7. Basically what happens are specific connections like the graphic
    on the google page do not complete. In some cases most of the page
    loads except a few graphics.
    In ethereal it eventually becomes 'unreachable' after a long time.
    I'm using this on the thinkpad while loading a page on the PC behind it.
    So I think most of this works its just some distance problem.
    Are there issues with going through 2 routers/firewalls?

    Thanks.
    -Walt

    I could send the output of ethereal if you think you might recognize the
    problem? (size 27443)


     
    PenguinsAnonymous, Aug 13, 2004
    #7
  8. yes of course you are right but I was refering to subtle
    hardware issues with linux and it's sometimes incomplete
    support of many models.

    Again I did not think. I need to leave it docked to get around this.

    Thanks.
    -Walt
     
    PenguinsAnonymous, Aug 14, 2004
    #8
  9. there are .... resolution is intermittant.
    Explorer delivers the message 'unknown zone'
    I'm starting to think its a problem with using the two network address
    groups 192.168.1.x and 192.168.0.x and the same netmask 255.255.255.0

    -Walt
     
    PenguinsAnonymous, Aug 14, 2004
    #9
  10. new description
    both TP and PCrouter are masquerading boxes using iptables

    PC <-> TPint1 TPint2 <-> PCrouter1 PCrouter2 (DHCP)

    PC 192.168.0.1 255.255.254.0
    TPint1 192.168.0.8 255.255.254.0
    TPint2 192.168.1.9 255.255.255.0
    PCrouter1 192.168.1.19 255.255.255.0
    PCrouter2 DHCP (external int)

    ping from TP to PC works
    ping from TP to PCrouter works
    ping from PC to TP works
    ping from PC to PCrouter does not or is sporadic

    TP (thinkpad masquerade box) route table
    192.168.0.1 (network entry)
    192.168.1.1 (network entry)
    default through 192.168.1.19

    This bolsters my statement before that parts of web pages seem to load
    I'm really bleeding here any ideas?
    Thanks.
    -Walt
     
    PenguinsAnonymous, Aug 14, 2004
    #10
  11. PenguinsAnonymous

    Tauno Voipio Guest

    ^^^

    The masks make the networks at the Thinkpad collide - it's not
    able to uniquely route the traffic to the PCRouter2 as it can
    think that the routing is possible via 192.168.0.x.

    Please post the routing tables of PC and TP, using 'route -n'.
    The corresponding 'ifconfig -n' results can also help.

    Tauno Voipio
    tauno voipio (at) iki fi
     
    Tauno Voipio, Aug 15, 2004
    #11
  12. Please note I have tried both 255.255.255.0 also both appear to produce similar.

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
    192.168.0.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
    0.0.0.0 192.168.1.19 0.0.0.0 UG 0 0 0 wlan0

    eth0 Link encap:Ethernet HWaddr 00:06:29:14:DD:F1
    inet addr:192.168.0.8 Bcast:192.168.1.255 Mask:255.255.254.0
    inet6 addr: fe80::206:29ff:fe14:ddf1/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:1422 errors:0 dropped:0 overruns:0 frame:0
    TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:85548 (83.5 Kb) TX bytes:1632 (1.5 Kb)
    Interrupt:5 Base address:0x300 Memory:c00ce000-c00d2000

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:78 errors:0 dropped:0 overruns:0 frame:0
    TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:7470 (7.2 Kb) TX bytes:7470 (7.2 Kb)

    wlan0 Link encap:Ethernet HWaddr 00:60:1D:F7:74:BC
    inet addr:192.168.1.9 Bcast:192.168.1.255 Mask:255.255.255.0
    inet6 addr: fe80::260:1dff:fef7:74bc/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:227 errors:0 dropped:0 overruns:0 frame:0
    TX packets:310 errors:11 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:50369 (49.1 Kb) TX bytes:39828 (38.8 Kb)
    Interrupt:3 Base address:0x100

    Also take a look at this description and pay careful attention to how the AP is
    attached to the switch. It is a lucent AP in bridge mode with no access mode or
    encription enabled. The thinkpad uses this connection fine and exhibits no
    problems it's only when you take a step back to a machine behind the thinkpads
    firewall.
    Thanks!
    -Walt
     
    PenguinsAnonymous, Aug 15, 2004
    #12
  13. PenguinsAnonymous

    Tauno Voipio Guest

    Please, the same information for the PC behind the link.

    Tauno Voipio
    tauno voipio (at) iki fi
     
    Tauno Voipio, Aug 15, 2004
    #13

  14. Well :) it's not connected!

    route
    192.168.0.0
    default 192.168.0.8

    ifconfig
    192.168.0.1 255.255.254.0

    again this PC can ping the thinkpad (both interface) but not beyond!
    and the tp can ping it.
     
    PenguinsAnonymous, Aug 15, 2004
    #14
  15. 192.168.0.1 255.255.254.0

    I have no idea if it's the source of the problem, but as people have told
    you already the "254" is wrong. More precisely it's WRONG WRONG WRONG.
    Use 255.255.255.0 for all those 192.168.N.M interfaces.


    Stefan
     
    Stefan Monnier, Aug 15, 2004
    #15

  16. fine fine fine :)
    I said I did it both ways.
    In fact it is back now to 255.255.255.0 everywhere and generates the
    same symptom. I think its the AP bridge configuration stopping returning
    packets that are one step away from the IP it knows. (ie the thinkpad)

    as I said when you ping from the PC beyond the thinkpad
    toward the routing PC beyond the AP it cannot find the .19 address.
    This was discovered with ethereal on the thinkpad.
    Then pinging 192.168.1.19 on the 192.168.0.1 PC.
    The thinkpad shows a broadcast that does not find the 192.168.1.19
    address. And it is beyond the AP right.

    So both the 192.168.0.x and 192.168.1.x are same subnet?
    Wouldn't the firewall on the 192.168.1.19 machine have to know about the
    192.168.0.x addresses down the line?
    What would the entire description be for both address ranges?
    192.168.0.0/16?
    -Walt
     
    PenguinsAnonymous, Aug 15, 2004
    #16
  17. I just proved this condition no longer valid perhaps it had to do with
    the 2 subnets you were pointing out was wrong.

    I used ethereal on 192.168.1.19
    ran ping on 192.168.0.1 to 192.168.1.19

    ethereal proves it gets there so its the response that is not coming back.
    But one hop closer the thinkpads response does come back.

    -Walt
     
    PenguinsAnonymous, Aug 15, 2004
    #17
  18. PenguinsAnonymous

    Tauno Voipio Guest

    Do you have IP forwarding turned on in Thinkpad?

    Check:

    cat /proc/sys/net/ipv4/ip_forward,

    set:

    echo 1 >proc/sys/net/ipv4/ip_forward

    Please DO correct the .254 netmasks to .255

    Tauno Voipio
    tauno voipio (at) iki fi
     
    Tauno Voipio, Aug 16, 2004
    #18
  19. Ok I think I now understand abstractly what my problem is.
    I changed the subnets to be brutally clear.
    When I ping from TProuter to PCrouter successfully it's because on the
    router you still have one foot in the same subnet. (ie one interface)
    When you ping from PC to PCrouter you get there because of
    the default routing but the way back is unclear because
    PCrouter has no idea what subnet 172.16 is.

    So do I need a route command on PCrouter?

    Thanks.
    -Walt

     
    PenguinsAnonymous, Aug 17, 2004
    #19
  20. PenguinsAnonymous

    Tauno Voipio Guest

    Yes - tell her that the 172.16.0.x network is available via
    TProuter (192.168.1.9). Did you change the net from
    previous?

    The 172.16.x.y network has a far too wide netmask. You should
    be able to handle the net with a small 192.168.x.y net.

    Tauno Voipio
    tauno voipio (at) iki fi
     
    Tauno Voipio, Aug 17, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.