Serve your slaves
-----------------

Changelog:
21.11.02  initial release by Ironmonkey


This mini howto describes how to setup routing with NAT on a computer
with two network interfaces.
 

Content
1. Intro
2. Software installation
3. Configuration
4. Activation
5. Deactivation


1. Intro
Sometimes, it would be nice to provide access to the wired network to
someone other, lets call this person Theo, through your wireless interface.
Such a situation happens typically when Theo forgets his patch cable but 
would like to get access to the wired network. Unfortunately, no Access
Point is in range. The solution to this problem is to open your computer
as a gateway for Theo.
You will need:
 - patch cable for the wired interface -> wired network
 - wireless network card
 - linux 
 - kismet (not really but is fun ;-) oops... shouldn't have said that.)


2. Software installation
Make sure that your kernel is compiled with netfilter and NAT support.
Next, install the required packages:
  dhcp
  iptables

Note, do not start dhcp and iptables as a daemon as you only need them
occasionally.


3. Configuration
You will have to configure the dhcp daemon to listen only on the wireless
interface and to provide a appropriate ip range to the wireless client(s).
  vi /etc/default/dhcp    ->  INTERFACES="eth1"

Next, an example /etc/dhcpd.conf file:

  subnet 192.168.0.0 netmask 255.255.255.0 {
    range 192.168.0.10 192.168.0.254;
    option domain-name-servers 152.96.20.10;
    option domain-name "notebook.hsr.ch";
    option routers 192.168.0.1;
    option subnet-mask 255.255.255.0;
    option broadcast-address 192.168.0.255;
    default-lease-time 600;
    max-lease-time 7200;
  }


4. Activation
A sample script to active your gateway. Not fully tested!

------- startup sample script : begin -------
#!/bin/bash
WIRELESS="eth1"
WIRED="eth0"

# set up the wireless interface
ifconfig $WIRELESS up
ifconfig $WIRELESS 192.168.0.1 netmask 255.255.255.0
iwconfig $WIRELESS essid slaves mode ad-hoc

# activate ip forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward

# start dhcp daemon
/etc/init.d/dhcp start

# flush old iptable rules
iptables --flush
iptables --table nat --flush
iptables --delete-chain

# start masquerading
iptables --table nat --append POSTROUTING --out-interface $WIRED -j MASQUERADE
iptables --append FORWARD --in-interface $WIRELESS -j ACCEPT 

# finished
echo "gateway set up. wireless essid for client is: slaves"
------- startup sample script : end -------

Theo is now able to access the wired network. He may has to configure
his wireless network card. Here some settings to check. 
  Wireless essid: slaves
  Wireless IP: DHCP   (default gateway 192.168.0.1) 


5. Deactivation
As above a sample script to stop your gateway and get back to normal operation. 

------- shut down sample script : begin -------
#!/bin/bash
WIRELESS="eth1"

# stop masquerading
iptables --flush
iptables --table nat --flush

echo "0" > /proc/sys/net/ipv4/ip_forward

# stop dhcp server
/etc/init.d/dhcp stop

iwconfig $WIRELESS essid any mode managed
 
# finished
echo "gateway is down." 
------- shut down sample script : begin -------