Linux networking help

[Crusty]

Okay, im in my new apartment, but unfortunately my internet doesn't get installed for 5 more days. I talked to my neighbor and he is gonna let me use his wireless until I get my internet installed.

I have a laptop which has a Wireless PCMCIA card in it. It's working fine and dandy(using it now). It also has built in 100mbit ethernet. How can I hook the rest of my computers up using those two devices? I will hook a switch up to the wired port, but I need it to route the data out the wireless(bad terminology?)..any ideas?

 

[n0cmonkey]

I did something like that at home for a while, but using OpenBSD. I basically just turned on IP forwarding, and used a different subnet for the wired machines. I had to set a static route to the new subnet on my firewall though.

 

[Crusty]

Originally posted by: n0cmonkey
I did something like that at home for a while, but using OpenBSD. I basically just turned on IP forwarding, and used a different subnet for the wired machines. I had to set a static route to the new subnet on my firewall though.

English please?

How would I go about turning IP forwarding on?

I tried using a bridge...but it dind't work.

 

[n0cmonkey]

Not sure how you turn IP forwarding on in Linux. I think there was something in /proc for it.

EDIT: echo 1 > /proc/sys/net/ipv4/ip_forward maybe

 

[Crusty]

As for the firewall...since it's not my router would I add the static route on my laptop? How would I do that?

 

[n0cmonkey]

Originally posted by: MCrusty
As for the firewall...since it's not my router would I add the static route on my laptop? How would I do that?

I had to add it to my router/firewall. Not sure if you'll need to or if there is an easier way to do this. I used something like: route add 10.132.1.0 10.132.0.15

 

[Crusty]

wireless card -> inet addr:192.168.1.125 Bcast:192.168.1.255 Mask:255.255.255.0


wired -> inet addr:192.168.1.127 Bcast:192.168.1.255 Mask:255.255.254.0


Other network connection on a dif computer hooked into a switch that is plugged into the wired connection. Is set to 192.168.1.63 with a subnet of 255.255.254.0

Even without ip forwarding and the static route I should still be able to ping the two ip's hooked into the switch correct?

I changed ip_forward with the echo as well...but im stuck on the route issue..

 

[drag]

Ok assuming you have already have connectivity via the wireless stuff this is what you do. (this is just for setting up a ethernet bridge, also you can use it as a Wireless access point if your going the other way (from your wireless to twisted wire-based gateway So this is insecure, you'll need firewall rules and stuff to make it protect your lan)

You hook wireless out using wlan0
You hook ethernet for your lan using eth0

Now all IP addresses you have are on the same subnet. With the bridge your going to have flat network topography (one big lan) with your neighbors network (unless he sets up your specific wireless connection on a different port on the router or something). No security, no routing(well very simple routing), no port forwarding. No nuntin.

Assuming all your networking IP crap is like this:
Your computer: 192.168.1.10
Your gateway: 192.168.1.1

(for debian you need to have the bridge-utils stuff installed)

This is simple manual setup, reboots will lose settings:

# brctl addbr br0
# brctl addif wlan0
# brctl addif eth0
# ifconfig eth0 down
# ifconfig wlan0 down
# ifconfig eth0 0.0.0.0 up
# ifconfig wlan0 0.0.0.0 up

That will get the bridge operational. Because bridges operate on a (remembering... application, presentation, umm... session, transport, network, data link, physical) data link layer they do not need ip addresses.

But if you want to use your bridge as a computer, and know were to send packets if your using a gateway, you'll have to setup simple routing stuff.

ifconfig br0 192.168.1.10 up
echo -n "1" > /proc/sys/net/ipv4/ip_forward
route add default gw 192.168.1.1

It will take 30 seconds or so for your bridge to become operational because it needs to gather the mac address information in order to figure out if and on which port it needs to retransmit packets.

 

[drag]

Or you can setup a nat-based firewall router, which is quite a bit different from a bridge....

 

[n0cmonkey]

Originally posted by: MCrusty
wireless card -> inet addr:192.168.1.125 Bcast:192.168.1.255 Mask:255.255.255.0


wired -> inet addr:192.168.1.127 Bcast:192.168.1.255 Mask:255.255.254.0


Other network connection on a dif computer hooked into a switch that is plugged into the wired connection. Is set to 192.168.1.63 with a subnet of 255.255.254.0

Even without ip forwarding and the static route I should still be able to ping the two ip's hooked into the switch correct?

I changed ip_forward with the echo as well...but im stuck on the route issue..

Probably not. Everything for 192.168.1.0/24 should be going out of the wireless network card.

 

[n0cmonkey]

Originally posted by: drag
Or you can setup a nat-based firewall router, which is quite a bit different from a bridge....

Double nats are icky, and I've never seen them work. :Q

 

[drag]

Oh ya. I don't know if this will affect you or not, but if your setting up a wireless access point using linux your wireless card will need to be able to operate in "master" mode thru the iwconfig stuff.

I think prism2 cards can do this, and prism54 cards can too. (not all of thing I think)

I think peer-to-peer would be ad-hoc? and Managed mode is used for connecting to a WAP.

 

[Crusty]

Yeah, no AP here. Just trying to get my other boxes on the net until my internet get's installed.

I tried what you suggested drag, it seemed to work...kind of. I could ping my other computer from the laptop...and I could ping the bridge from my other computer. But I couldn't ping the router from my other computer..or go on the internet.

When i did ifconfig eth0 0.0.0.0 up it said entering promiscuous mode, which from what I read is correct. Although...when I do that with my wlan card it doens't say that. Once I did ifconfig br0 192.168.1.10 up it said some stuff about the network topology changing and a few other lines...allthough it never mentioned my wlan card...only eth0.

Any ideas?

 

[drag]

what is your output when you just go ifconfig?

Both your ethernet interfaces should be 0.0.0.0, and your br0 should show up. You enabled portforwarding, right?
# cat cat /proc/sys/net/ipv4/ip_forward
should output "1"

Also some cards are not capable of being in promiscious mode. (That allows them to transmit packets that are different from their own address).

Look up your card and see if you can find out if it supports promisiousness(?). Check your dmesg output.


If it doesn't then not all is lost. You should still be able to setup real routing, not just nat routing or bridging. (maybe!?)

 

[Crusty]

When I run ifconfig everything shows up correctly, and cat /proc/sys/../ip_forward outputs 1

And as far as I can tell, my card does support promiscous. Im gonna try a few things, and i'll post some outputs in a sec.

 

[Crusty]

ath0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2 errors:13252 dropped:0 overruns:0 frame:1457
TX packets:23 errors:23 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:199
RX bytes:775 (775.0 b) TX bytes:3331 (3.2 KiB)
Interrupt:11 Memory:ce8b1000-ce8c1000

br0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:81 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11426 (11.1 KiB) TX bytes:0 (0.0 b)

eth0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:90 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:12445 (12.1 KiB) TX bytes:775 (775.0 b)
Interrupt:11

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:280 (280.0 b) TX bytes:280 (280.0 b)

ath0 IEEE 802.11g ESSID:"Casbah"
Mode:Managed Frequency:2.462GHz Access Point: xx:xx:xx:xx:xx:xx
Bit Rate:11Mb/s Tx-Power:50 dBm Sensitivity=0/3
Retryff RTS thrff Fragment thrff
Encryption keyff
Power Managementff
Link Quality=11/94 Signal level=-84 dBm Noise level=-95 dBm
Rx invalid nwid:16345 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:23 Invalid misc:23 Missed beacon:0

That's ifconfig followed iwconfig after I setup the bridge.
This time while setting up the bridge, both cards entered forwarding mode and were in promiscous modes as well.

One thing I did notice, once the bridge was active, my signal to the WAP was very inconsistent. Without the bridge, my connection works just fine...

 

[drag]

maybe the traffic is causing to freak out a bit. By default making a bridge enables the spanning tree protocol for routing stuff, you don't realy need that for just a small lan. Could also be the bridge sending out arp packets looking for ip adresses or something... Don't remember this stuff exactly anymore, but the bridge right when you activate it it's going to generate some traffic in order to build the MAC addresses tables. It won't be operational the instant you activate it like a regular eth0 type thing.

Lets see....

So when you have your bridge set up you can ping:

bridge ---> gateway.
bridge ---> 2nd computer
2nd computer ---> bridge
but not:
2nd computer --> gateway

Right?

When you ping from your 2nd computer to the gateway, do the packets just time out or is the error "Destination Host Unreachable"?

If it's timing out then it thinks that it knows were the computer is, but the other computer is not able to responding. This will happen if the computer knows were to send the packet (to the computer if it's in your lan, or the gateway if it's on the outside) but it's not getting a response.

If it's giving the destination host unreachable, then it can't find the computer period.

 

[Crusty]

Yeah, once I bring the brdige up, after about 20-30 seconds or so it would push stuff onto my console about the network topoology changing.

Pinging the 2nd comp to the gateway times out.

And taht's correct about what I can ping each comp

 

[drag]

is this what you see (or similar) in the dmesg output?

br0: port 2(eth1) entering learning state
br0: port 1(eth0) entering learning state
br0: no IPv6 routers present
br0: topology change detected, propgating
br0: port 2(eth1) entering forwarding state
br0: topology change detected, propgating
br0: port 1(eth0) entering forwarding state

(my mythtv frontend doubles as a wireless gateway (bridge) for my laptop. )

So it times out, that indicates that the computer thinks to know were to go, but can't get a reply from the gateway.

Not sure what is going on.... To your computer it think it knows the MAC address of the gateway, so some sort of communication may be going on. So it's sending your ICMP packet to your bridge, but it's not getting a reply for some reason. Maybe try to do a network capture on your bridge and see if you can find out what is going on that way. (you have ethereal installed, right?)

What is the routing setup for your 2nd computer? (just the "route" command with no arguments will show it)

After you ping all the computers check out the arp tables. Make sure that everybody knows who everybody else is.

You do the "arp" command with no arguements in your bridge and 2nd computer.
Also check out the mac tables of your bridge.
brctl showmacs br0


from your iwconfig output:
Rx invalid nwid:16345 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:23 Invalid misc:23 Missed beacon:0

That Rx thing is pretty bad. From the man file:
Rx invalid nwid
Number of packets received with a different NWID or ESSID. Used
to detect configuration problems or adjacent network existence
(on the same frequency).

So maybe when it's in promiscious mode it's getting comfused by a adjacent wireless network. Network contention, or excessive collisions or something like that.

I suppose if your in a apartment or something your going to have some more wireless networks. Maybe use a wireless sniffer, see if you can find what other networks are setup?

Unfortunately I am not that familar with wireless stuff. Wish I knew more.

Maybe try a different frequency, or channel. Is the 2.462GHz default for his router/wap?

And your device is ath0 and a 802.11/g card? What type of card is that.

 

[Crusty]

is this what you see (or similar) in the dmesg output?

br0: port 2(eth1) entering learning state
br0: port 1(eth0) entering learning state
br0: no IPv6 routers present
br0: topology change detected, propgating
br0: port 2(eth1) entering forwarding state
br0: topology change detected, propgating
br0: port 1(eth0) entering forwarding state

Yes, that is what I see, except for the IPv6

As for the other stuff, i'll have to enable to bridge again to do it..which means I lose internet Even if I do add the default gw to the route table...could that be a problem?

2.462GHz is Channel 11, the WAP is using that because there are about 10 other people with WAP's on Channel 6, although there are still 3-4 on Channel 11.

But i did iwconfig ath0 ap 00:00:00:00:00:00 <---mac of the WAP, so that it will only connect to that WAP.

I'm using a D-Link DWL-G650 with madwifi drivers . If i turn on my WAP, i can get a solid 108mbps from it .

So maybe when it's in promiscious mode it's getting comfused by a adjacent wireless network. Network contention, or excessive collisions or something like that.

That very well could be my problem, there are lots of networks here. Is there any way I can filter out those packets?

 

[drag]

Now that you say that, I think it's that your card is unable to deal with the traffic in promiscious mode. Maybe flaky drivers, it just can't deal with the conflicts.

Not sure, but I think that would be your problem.

Check out those MAC tables and arp stuff and make sure that everyone knows what everyone else is. If they do then I'd definately say it's your card combining with the busy enviroment.

Maybe talk to some wireless experts. I am brand new to this stuff.

But it works normally (in regular non-promiscious mode), I'd try to set up subnets on your ethernet network, one subnet for your neighbor and the other for you (shouldn't bother him much, just change the subnet mask on his stuff just right so all of this addresses remain the same or whatever) and then setup some real LAN routing (not NAT/masquarading)

Never done that before with Linux, but it shouldn't be to hard. Just a couple extra route commands probably. (done with cisco routers in school though!)

some guides on routing

Probably enough in your man route file to figure it out.

Basicly you divide the ethernet lan (your neighbor + you) into 2 seperate subnets.

On your laptop your eth0 will be on your subnet, your ath0 will be on your neighbor's subnet.

Your laptop will then become your lan's gateway, and from your laptop your neighbor's router will be your laptop's gateway. Anything being sent outside your particular subnet will be taken care of by your laptop and it will decide what to do with the packets (send it to your friend's computer or send them to the external gateway).

So you'd do it like this.

Neighbor's network:
Network IP: 192.168.1.0
Subnet mask: 255.255.255.192
That will give you IP addresses 192.168.1.1 thru 192.168.1.62
The broadcast address for that network would be 192.168.1.63
The gateway/router will be: 192.168.1.1
Your laptop's wireless IP port will be: 192.168.1.10

Your lan:
Network: 192.168.1.64
broadcast: 192.168.1.127
Address range: 192.168.1.65-192.168.1.126
Your laptop's eth0 will be 192.168.1.65
Your gateway will be 192.168.1.65

For routing tables for your laptop I am not to sure of.
Check out the route man file.. google it. Or something. I got to take off for a bit now.

 

[Crusty]

What if I can't change the subnet of my neighbors network?

 

[drag]

I'd probably still work.

Just set it up with a entire new set of IP's. Like use 192.168.0.0 instead of 192.168.1.0

Both are basicly subnets of the network 192.168.0.0 if you look at it that way. I guess you realy don't need to subnet his network to do it... it's already subneted. 192.168.0.0 is a class B private network... forgot about that.

Now I think it would go something like this:

ipconfig eth0 192.168.0.10 netmask 255.255.255.0 up
ipconfig ath0 192.168.1.10 netmask 255.255.255.0 up
iptables -A FORWARD -i eth0 -o ath0
iptables -A FORWARD -i ath0 -o eth0
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i ath0 -j ACCEPT
route add -net 192.168.0.0 netmask 255.255.255.0 eth0
route add -net 192.168.1.0 netmask 255.255.255.0 ath0
route add default gw 192.168.1.whatever

(don't forget that you need to have port forwarding activated, I think)

Then on your client PC you go:
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.10 eth0
route add default gw 192.168.1.10

Or something like that. Hope that's close enough for you to figure it out (as in I hope I didn't confuse you with any mistakes I made). I never used Linux for a lan router (just nat) so I am not sure exactly what to do, but I think that's what you'd need to do.

The one catch is that you now have to configure the external gateway (your neighbor's router) with the static route to 192.168.0.0 network thru the 192.168.1.10 gateway (your laptop's wifi port). Otherwise you packets will get routed out into the internet, but when replies get back your external gateway won't know were to send them too.

Oh, I am so tired right now. My brain is shutting down I am sure I have lots of typos.

 

[Crusty]

Okay, i'll give this a go . Hope it works!!

 

[Crusty]

It doesn't , but I think it's close. From my other computer, I can ping both nics in the laptop/gateway, but I can't ping the router/gateway.

When I tried route add default gw 192.168.1.125 it told me the network was unreachable...