This is my setup - I sincerely hope ascii-art holds up as it took some time to create! :-)
gateway Internet ---- 123.456.789.100 router1 10.0.0.1 --- 10.0.0.10 router2 router3 (ath0) 188.8.131.52 --batman-- 184.108.40.206 --batman-- 220.127.116.11 (eth0) 10.0.1.0 10.0.2.0 10.0.3.0 (bat0) 169.254.0.0 --PtP-- 169.254.2.79 (bat0) 169.254.0.0 --------------PtP----------- 169.254.2.80
I have read the bmx pdf and it is excellent. Everything works as it should on batman-exp rv792. But I have a problem. The guide assumes that your gateway to the public internet is my 'router1' and it also assumes that you have a firewall running on all those routers.
It also ends up with double-nat (well, actually triple-nat in my case). I have gotten rid of one level of nat (on router1). But I'm still left with a double nat.
Nat happens when default route traffic from batman nodes is sent down bat0 tunnel and then once again when my gateway passes it onto the public ip space.
I have succeeded in creating a setup where no nat is done when client nodes connect to 10.0.0.0/24 network (10.0.0.0/24 hna on router1) but if I want to go out onto the internet I simply have to do
iptables -t nat -A POSTROUTING -o bat0 -j MASQUERADE
on each batman node, otherwise nodes themselves can get out but their eth0 clients cannot (i.e. from 10.0.2.0/24 or 10.0.3.0/24 - 10.0.1.0/24 doesn't have this problem as it has a default route entry in the output of 'route' - other batman nodes don't)
Can someone with a bit more experience in these matters give me a hand. I will probably end up having to use batman on gateway node as well but I'd rather have this possibility of a gw node not runnig batman.