headers
Lorenz Schori | 27 Jul 13:12
Picon
Picon

Re: Freifunk 1.6.29, dhcp-splash, and natting

On Sat, 26 Jul 2008 14:06:40 +0200
"Jan Groenewald" <jan@...> wrote:

> Hi
> 
> Maybe I need a btter description of this problem:
> 
> How do I prevent dhcpsplash cronjobs from NATTing interfaces
> which I don't want NATTed? While still allowing those cronjobs
> to run and do their thing for dhcpsplash.
> 
> regards,
> Jan

Hi Jan

dhcpslash uses REDIRECT in favour of DNAT. If i grep through my source
tree i get the following results.

grep -r /usr/local/src/lo/freifunk/ff-devel/freifunk-dhcpsplash -e MASQ
=> no results
grep -r /usr/local/src/lo/freifunk/ff-devel/freifunk-dhcpsplash -e NAT
=> ## as of version 1.6.26 we capture http with REDIRECT instead of DNAT

It would help if you could post an excerpt of the iptables from a router
suffering this problem. like this it would be easier to track down the
origin of the superflous NAT rules.

iptables -t nat -vnL
(Continue reading)

Permalink | Reply |
headers
Jan Groenewald | 27 Jul 13:35
Picon

Re: Freifunk 1.6.29, dhcp-splash, and natting

Hi

2008/7/27 Lorenz Schori <lorenz.schori@...>:
> It would help if you could post an excerpt of the iptables from a router
> suffering this problem. like this it would be easier to track down the
> origin of the superflous NAT rules.
> iptables -t nat -vnL

Thanks. I am not an iptables expert, so I may have it all wrong. Please
do check that what I say makes sense.

root <at> jan-south:~# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 11741 packets, 1093K bytes)
 pkts bytes target     prot opt in     out     source
destination
11732 1092K splash_prerouting_all  all  --  *      *       0.0.0.0/0
         0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 71 packets, 11828 bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 MASQUERADE  all  --  *      vlan1   0.0.0.0/0
0.0.0.0/0
 9343  853K MASQUERADE  all  --  *      *       172.18.172.24/29
0.0.0.0/0
    0     0 MASQUERADE  all  --  *      vlan1   0.0.0.0/0
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 67 packets, 11617 bytes)
 pkts bytes target     prot opt in     out     source
(Continue reading)

Permalink | Reply |
headers
Jan Groenewald | 27 Jul 14:51
Picon

Re: Freifunk 1.6.29, dhcp-splash, and natting

Hi

2008/7/27 Jan Groenewald <jan@...>:
> Hmm, uh, now that OLSR-DHCP nat is gone.
> It doesn't seem to be the cron job either

So, it is not what I thought. I waited a bit to make sure it is not that
or another cronjob. But the NAT did not come b ack on that router.

But I want to trace why this NATs in 1.6.29 when it did not
in 1.6.28 -- if I reboot that NAT is back on the OLSR-DHCP.

root <at> jan-south:/etc/init.d# reboot
root <at> jan-south:/etc/init.d# Connection to jan-south closed by remote host.
Connection to jan-south closed.
jan <at> osprey:~$ ssh root <at> jan-south

BusyBox v1.01 (2007.11.04-07:56+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 (       ).-----.-----.-----.)  )  )  ).----.)  )
 (   -   ))  _  )  -__)     ))  )  )  ))   _))   _)
 (_______))   __)_____)__)__))________))__)  )____)
          )__) F R E I F U N K  F I R M W A R E

root <at> jan-south:~# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 2731 packets, 302K bytes)
 pkts bytes target     prot opt in     out     source
destination
(Continue reading)

Permalink | Reply |

Gmane