On 04/02/11 15:38, Clemens John wrote:
Am Dienstag 01 Februar 2011, 11:51:16 schrieben
If your non-batman clients don't need
incoming connections, you could
NAT outgoing connections :
You would have to run a DHCP server on the ath1 interface to give those
clients a private IP and tell them to use the private IP on ath1 as
What do I have do insert into iptables to NAT ath1 to br-mesh? I´m a
complete firewall noob.
There might be an easier way using the config files of the distribution
you're using, but from a script it would look something like this:
## Work-around for bad ISPs which drop ICMP Fragmentation Needed
packets: (Needs to be early in list)
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
iptables -t nat -A POSTROUTING -o br-mesh -j MASQUERADE
Thank you that got me a little bit further.
But now the traffic from the wlan client (wlan0) gets into the router (br-mesh)
and tries to reach the internet over the default route of the router, my local
lan port. But I want to Use a special gateway (10.18.0.1) behind the vpn and
in the same network as br-mesh, only for traffic comming from the clients. Traffic
comming from the router itself should use the default gateway furthermore.
What can I do?