Hello all!
From quite long time I was trying to configure batmand. I am a student and my M.A. thesis is based on MESH. I have chosen a batman_adv and batmand to compare it (performance f.e). Batman_adv is working for me (I used an instruction from another page) and now I would like to configure batmand. Finally I have found this website.
My devices: Now I have Asus WL-500gPremium router with Mini PCI Atheros inside. On both routers there is Backfire 10.03.1-rc4. I have installed a package batmand (Version: r1439-1) and also kmod-tun, libpthread and kmod-batgat too.
Thanks to earlier posts in this archive I could run batmand and do some configuration (based on posts from another users from here and some own initiative and ideas.
Now my settings are:
GATEWAY:
/ETC/CONFIG/WIRELESS:
config 'wifi-device' 'wifi0' option 'type' 'atheros' option 'disabled' '0' option 'channel' '1' option 'txpower' '1' option 'hwmode' '11g'
config 'wifi-iface' option 'device' 'wifi0' option 'encryption' 'none' option 'ssid' 'potato' option 'bssid' '01:CA:FF:EE:BA:BE' option 'swmerge' '1' option 'mode' 'adhoc'
/ETC/CONFIG/NETWORK:
config 'switch' 'eth0' option 'enable' '1'
config 'switch_vlan' 'eth0_0' option 'device' 'eth0' option 'vlan' '0' option 'ports' '1 2 3 4 5'
config 'switch_vlan' 'eth0_1' option 'device' 'eth0' option 'vlan' '1' option 'ports' '0 5'
config 'interface' 'loopback' option 'ifname' 'lo' option 'proto' 'static' option 'ipaddr' '127.0.0.1' option 'netmask' '255.0.0.0'
config 'interface' 'wan' option 'ifname' 'eth0.1' option 'proto' 'dhcp' #option 'proto' 'static' #option 'ipaddr' '10.130.1.1' #option 'netmask' '255.255.255.0'
config 'interface' 'lan' #option 'type' 'bridge' option 'ifname' 'eth0.0' option 'proto' 'static' option 'ipaddr' '192.168.3.1' option 'netmask' '255.255.255.0'
config 'interface' 'ath0' option 'ifname' 'ath0' option 'proto' 'static' option 'ipaddr' '10.130.1.1' option 'netmask' '255.255.255.0'
/ETC/CONFIG/FIREWALL
config defaults option syn_flood 1 option input ACCEPT option output ACCEPT option forward REJECT
config zone option name lan option input ACCEPT option output ACCEPT option forward REJECT
config zone option name wan option input REJECT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1
config forwarding option src lan option dest wan
config forwarding option src wan option dest lan
# We need to accept udp packets on port 68, # see https://dev.openwrt.org/ticket/4108 config rule option src wan option proto udp option dest_port 68 option target ACCEPT
#Allow ping config rule option src wan option proto icmp option icmp_type echo-request option target ACCEPT
# include a file with users custom iptables rules config include option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS # do not allow a specific ip to access wan #config rule # option src lan # option src_ip 192.168.45.2 # option dest wan # option proto tcp # option target REJECT
# block a specific mac on wan #config rule # option dest wan # option src_mac 00:11:22:33:44:66 # option target REJECT
# block incoming ICMP traffic on a zone #config rule # option src lan # option proto ICMP # option target DROP
# port redirect port coming in on wan to lan #config redirect # option src wan # option src_dport 5001 # option dest lan # option dest_ip 192.168.3.1 # option dest_port 5001 # option proto tcp #config redirect # option src wan # option src_dport 5001 # option dest lan # option dest_ip 192.168.3.1 # option dest_port 5001 # option proto udp
### FULL CONFIG SECTIONS #config rule # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 80 # option dest wan # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp # option target REJECT
#config redirect # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 1024 # option src_dport 80 # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp
and one client (at least so far)
CLIENT:
/ETC/CONFIG/WIRELESS:
config 'wifi-device' 'wifi0' option 'type' 'atheros' option 'disabled' '0' option 'channel' '1' option 'txpower' '1' option 'hwmode' '11g'
config 'wifi-iface' option 'device' 'wifi0' option 'encryption' 'none' option 'ssid' 'potato' option 'bssid' '01:CA:FF:EE:BA:BE' option 'swmerge' '1' option 'mode' 'adhoc'
/ETC/CONFIG/NETWORK:
config 'switch' 'eth0' option 'enable' '1'
config 'switch_vlan' 'eth0_0' option 'device' 'eth0' option 'vlan' '0' option 'ports' '1 2 3 4 5'
config 'switch_vlan' 'eth0_1' option 'device' 'eth0' option 'vlan' '1' option 'ports' '0 5'
config 'interface' 'loopback' option 'ifname' 'lo' option 'proto' 'static' option 'ipaddr' '127.0.0.1' option 'netmask' '255.0.0.0'
config 'interface' 'wan' #option 'type' 'bridge' #list 'ifname' 'wifi0' #option 'ifname' 'eth0.1' #option 'dns' '10.130.1.1' #option 'defaultroute' '0' #option 'peerdns' '0' #option 'proto' 'static' #option 'ipaddr' '10.130.1.3' #option 'netmask' '255.255.255.0' #option 'gateway' '10.130.1.1'
config 'interface' 'lan' option 'ifname' 'eth0.0' option 'proto' 'static' option 'netmask' '255.255.255.0' option 'ipaddr' '192.168.4.1'
config 'interface' 'ath0' option 'ifname' 'ath0' option 'proto' 'static' option 'ipaddr' '10.130.1.3' option 'netmask' '255.255.255.0' option 'gateway' '10.130.1.1' option 'dns' '10.130.1.1'
/ETC/CONFIG/FIREWALL
config defaults option syn_flood 1 option input ACCEPT option output ACCEPT option forward REJECT
config zone option name lan option input ACCEPT option output ACCEPT option forward REJECT
config zone option name wan option input REJECT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1
config forwarding option src lan option dest wan
config forwarding option src wan option dest lan
# We need to accept udp packets on port 68, # see https://dev.openwrt.org/ticket/4108 config rule option src wan option proto udp option dest_port 68 option target ACCEPT
#Allow ping config rule option src wan option proto icmp option icmp_type echo-request option target ACCEPT
# include a file with users custom iptables rules config include option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS # do not allow a specific ip to access wan #config rule # option src lan # option src_ip 192.168.45.2 # option dest wan # option proto tcp # option target REJECT
# block a specific mac on wan #config rule # option dest wan # option src_mac 00:11:22:33:44:66 # option target REJECT
# block incoming ICMP traffic on a zone #config rule # option src lan # option proto ICMP # option target DROP
# port redirect port coming in on wan to lan #config redirect # option src wan # option src_dport 5001 # option dest lan # option dest_ip 192.168.2.140 # option dest_port 5001 # option proto tcp #config redirect # option src wan # option src_dport 5001 # option dest lan # option dest_ip 192.168.2.140 # option dest_port 5001 # option proto udp
### FULL CONFIG SECTIONS #config rule # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 80 # option dest wan # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp # option target REJECT
#config redirect # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 1024 # option src_dport 80 # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp
I start batmand with:
On the Gateway: batmand -d 3 -g 11000 -a 192.168.3.0/24 --hop-penalty 5 --purge-timeout 50000 ath0
and on the client batmand -d 3 -r 2 -a 192.168.4.0/24 --disable-client-nat --hop-penalty 5 --purge-timeout 50000 ath0
Then I check all:
batmand -d1 -c On the gateway: Originator (#/255) Nexthop [outgoingIF]: Potential nexthops ... [B.A.T.M.A.N. 0.4-alpha rv1439, MainIF/IP: ath0/10.130.1.1, UT: 0d 0h 1m] 10.130.1.3 (234) 10.130.1.3 [ ath0]: 10.130.1.3 (234)
On the client: Originator (#/255) Nexthop [outgoingIF]: Potential nexthops ... [B.A.T.M.A.N. 0.4-alpha rv1439, MainIF/IP: ath0/10.130.1.3, UT: 0d 0h 3m] 10.130.1.1 (243) 10.130.1.1 [ ath0]: 10.130.1.1 (243)
batmand -d2 -c
On the gateway: Gateway (#/255) Nexthop [outgoingIF], gw_class ... [B.A.T.M.A.N. 0.4-alpha rv1439, MainIF/IP: ath0/10.130.1.1, UT: 0d 0h 2m] No gateways in range ...
On the client: I can see my gateway -> 10.130.1.1 Gateway (#/255) Nexthop [outgoingIF], gw_class ... [B.A.T.M.A.N. 0.4-alpha rv1439, MainIF/IP: ath0/10.130.1.3, UT: 0d 0h 4m] => 10.130.1.1 (255) 10.130.1.1 [ ath0], gw_class 184 - 12MBit/1536KBit, gateway failures: 0
Command ifconfig showed: on the gateway:
ath0 Link encap:Ethernet HWaddr 00:0E:8E:18:F7:91 inet addr:10.130.1.1 Bcast:10.130.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:517 errors:0 dropped:0 overruns:0 frame:0 TX packets:3301 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:28892 (28.2 KiB) TX bytes:213735 (208.7 KiB)
eth0 Link encap:Ethernet HWaddr 00:1A:92:7E:27:B7 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3709 errors:0 dropped:0 overruns:0 frame:0 TX packets:4320 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:351741 (343.4 KiB) TX bytes:754122 (736.4 KiB) Interrupt:4
eth0.0 Link encap:Ethernet HWaddr 00:1A:92:7E:27:B7 inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3581 errors:0 dropped:0 overruns:0 frame:0 TX packets:2304 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:274574 (268.1 KiB) TX bytes:602269 (588.1 KiB)
eth0.1 Link encap:Ethernet HWaddr 00:1A:92:7E:27:B7 inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:111 errors:0 dropped:0 overruns:0 frame:0 TX packets:2017 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:9083 (8.8 KiB) TX bytes:105082 (102.6 KiB)
gate0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet addr:169.254.0.0 P-t-P:169.254.0.0 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1471 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:214 errors:0 dropped:0 overruns:0 frame:0 TX packets:214 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:18654 (18.2 KiB) TX bytes:18654 (18.2 KiB)
wifi0 Link encap:UNSPEC HWaddr 00-0E-8E-18-F7-91-00-00-00-00-00-00-00-00-00-00 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6600 errors:0 dropped:0 overruns:0 frame:696 TX packets:3933 errors:271 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:195 RX bytes:856392 (836.3 KiB) TX bytes:344114 (336.0 KiB) Interrupt:6
and on the client:
ath0 Link encap:Ethernet HWaddr 00:0E:8E:18:F7:AE inet addr:10.130.1.3 Bcast:10.130.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3805 errors:0 dropped:7 overruns:0 frame:0 TX packets:1236 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:192820 (188.3 KiB) TX bytes:83458 (81.5 KiB)
eth0 Link encap:Ethernet HWaddr 00:1A:92:7E:27:71 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4205 errors:0 dropped:0 overruns:0 frame:0 TX packets:3622 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:337594 (329.6 KiB) TX bytes:360497 (352.0 KiB) Interrupt:4
eth0.0 Link encap:Ethernet HWaddr 00:1A:92:7E:27:71 inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4200 errors:0 dropped:0 overruns:0 frame:0 TX packets:3620 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:261741 (255.6 KiB) TX bytes:335861 (327.9 KiB)
gate0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:169.254.0.1 P-t-P:169.254.0.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1471 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:15 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:0 (0.0 B) TX bytes:1260 (1.2 KiB)
gate1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:169.254.0.1 P-t-P:169.254.0.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1471 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:34 errors:0 dropped:0 overruns:0 frame:0 TX packets:34 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2164 (2.1 KiB) TX bytes:2164 (2.1 KiB)
wifi0 Link encap:UNSPEC HWaddr 00-0E-8E-18-F7-AE-00-00-00-00-00-00-00-00-00-00 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:43355 errors:0 dropped:0 overruns:0 frame:801 TX packets:1938 errors:333 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:195 RX bytes:4590804 (4.3 MiB) TX bytes:175638 (171.5 KiB) Interrupt:6
And route -n showed:
on the gateway:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.130.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ath0 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 gate0 0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0.1
and on the client:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.0 10.130.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ath0 0.0.0.0 10.130.1.1 0.0.0.0 UG 0 0 0 ath0
I added also a registration to iptable (on the gateway and on the client the same) iptables -t nat -I POSTROUTING -o gate0 -j MASQUERADE
So, nodes can see each other, and the gateway is broadcasting (client can see it). I can ping from gateway to client by tunnel -> ping 169.254.0.0 but I can`t ping from client to gateway -> ping 169.254.0.0 , what`s wrong? Unfortunately, I can`t get internet too.
Can somebody help me? I suppose there is a small mistake, as always but I have recently started my adventures with Open Wrt so I don`t understand everything and it can be my mistake. Thanks in Advance, Krzysiek (student).
------------------------------------------------- Ustaw Interie jako strone startowa! Zobacz jak to zrobic >> http://linkint.pl/f297e
I think you shouldn't use 169.254.0.0 as ip... try using 169.254.0.1 instead
2011/4/25 Krzysiek Gołębiewski gollab@interia.pl:
Hello all!
From quite long time I was trying to configure batmand. I am a student and my M.A. thesis is based on MESH. I have chosen a batman_adv and batmand to compare it (performance f.e). Batman_adv is working for me (I used an instruction from another page) and now I would like to configure batmand. Finally I have found this website.
My devices: Now I have Asus WL-500gPremium router with Mini PCI Atheros inside. On both routers there is Backfire 10.03.1-rc4. I have installed a package batmand (Version: r1439-1) and also kmod-tun, libpthread and kmod-batgat too.
Thanks to earlier posts in this archive I could run batmand and do some configuration (based on posts from another users from here and some own initiative and ideas.
Now my settings are:
GATEWAY:
/ETC/CONFIG/WIRELESS:
config 'wifi-device' 'wifi0' option 'type' 'atheros' option 'disabled' '0' option 'channel' '1' option 'txpower' '1' option 'hwmode' '11g'
config 'wifi-iface' option 'device' 'wifi0' option 'encryption' 'none' option 'ssid' 'potato' option 'bssid' '01:CA:FF:EE:BA:BE' option 'swmerge' '1' option 'mode' 'adhoc'
/ETC/CONFIG/NETWORK:
config 'switch' 'eth0' option 'enable' '1'
config 'switch_vlan' 'eth0_0' option 'device' 'eth0' option 'vlan' '0' option 'ports' '1 2 3 4 5'
config 'switch_vlan' 'eth0_1' option 'device' 'eth0' option 'vlan' '1' option 'ports' '0 5'
config 'interface' 'loopback' option 'ifname' 'lo' option 'proto' 'static' option 'ipaddr' '127.0.0.1' option 'netmask' '255.0.0.0'
config 'interface' 'wan' option 'ifname' 'eth0.1' option 'proto' 'dhcp' #option 'proto' 'static' #option 'ipaddr' '10.130.1.1' #option 'netmask' '255.255.255.0'
config 'interface' 'lan' #option 'type' 'bridge' option 'ifname' 'eth0.0' option 'proto' 'static' option 'ipaddr' '192.168.3.1' option 'netmask' '255.255.255.0'
config 'interface' 'ath0' option 'ifname' 'ath0' option 'proto' 'static' option 'ipaddr' '10.130.1.1' option 'netmask' '255.255.255.0'
/ETC/CONFIG/FIREWALL
config defaults option syn_flood 1 option input ACCEPT option output ACCEPT option forward REJECT
config zone option name lan option input ACCEPT option output ACCEPT option forward REJECT
config zone option name wan option input REJECT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1
config forwarding option src lan option dest wan
config forwarding option src wan option dest lan
# We need to accept udp packets on port 68, # see https://dev.openwrt.org/ticket/4108 config rule option src wan option proto udp option dest_port 68 option target ACCEPT
#Allow ping config rule option src wan option proto icmp option icmp_type echo-request option target ACCEPT
# include a file with users custom iptables rules config include option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS # do not allow a specific ip to access wan #config rule # option src lan # option src_ip 192.168.45.2 # option dest wan # option proto tcp # option target REJECT
# block a specific mac on wan #config rule # option dest wan # option src_mac 00:11:22:33:44:66 # option target REJECT
# block incoming ICMP traffic on a zone #config rule # option src lan # option proto ICMP # option target DROP
# port redirect port coming in on wan to lan #config redirect # option src wan # option src_dport 5001 # option dest lan # option dest_ip 192.168.3.1 # option dest_port 5001 # option proto tcp #config redirect # option src wan # option src_dport 5001 # option dest lan # option dest_ip 192.168.3.1 # option dest_port 5001 # option proto udp
### FULL CONFIG SECTIONS #config rule # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 80 # option dest wan # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp # option target REJECT
#config redirect # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 1024 # option src_dport 80 # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp
and one client (at least so far)
CLIENT:
/ETC/CONFIG/WIRELESS:
config 'wifi-device' 'wifi0' option 'type' 'atheros' option 'disabled' '0' option 'channel' '1' option 'txpower' '1' option 'hwmode' '11g'
config 'wifi-iface' option 'device' 'wifi0' option 'encryption' 'none' option 'ssid' 'potato' option 'bssid' '01:CA:FF:EE:BA:BE' option 'swmerge' '1' option 'mode' 'adhoc'
/ETC/CONFIG/NETWORK:
config 'switch' 'eth0' option 'enable' '1'
config 'switch_vlan' 'eth0_0' option 'device' 'eth0' option 'vlan' '0' option 'ports' '1 2 3 4 5'
config 'switch_vlan' 'eth0_1' option 'device' 'eth0' option 'vlan' '1' option 'ports' '0 5'
config 'interface' 'loopback' option 'ifname' 'lo' option 'proto' 'static' option 'ipaddr' '127.0.0.1' option 'netmask' '255.0.0.0'
config 'interface' 'wan' #option 'type' 'bridge' #list 'ifname' 'wifi0' #option 'ifname' 'eth0.1' #option 'dns' '10.130.1.1' #option 'defaultroute' '0' #option 'peerdns' '0' #option 'proto' 'static' #option 'ipaddr' '10.130.1.3' #option 'netmask' '255.255.255.0' #option 'gateway' '10.130.1.1'
config 'interface' 'lan' option 'ifname' 'eth0.0' option 'proto' 'static' option 'netmask' '255.255.255.0' option 'ipaddr' '192.168.4.1'
config 'interface' 'ath0' option 'ifname' 'ath0' option 'proto' 'static' option 'ipaddr' '10.130.1.3' option 'netmask' '255.255.255.0' option 'gateway' '10.130.1.1' option 'dns' '10.130.1.1'
/ETC/CONFIG/FIREWALL
config defaults option syn_flood 1 option input ACCEPT option output ACCEPT option forward REJECT
config zone option name lan option input ACCEPT option output ACCEPT option forward REJECT
config zone option name wan option input REJECT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1
config forwarding option src lan option dest wan
config forwarding option src wan option dest lan
# We need to accept udp packets on port 68, # see https://dev.openwrt.org/ticket/4108 config rule option src wan option proto udp option dest_port 68 option target ACCEPT
#Allow ping config rule option src wan option proto icmp option icmp_type echo-request option target ACCEPT
# include a file with users custom iptables rules config include option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS # do not allow a specific ip to access wan #config rule # option src lan # option src_ip 192.168.45.2 # option dest wan # option proto tcp # option target REJECT
# block a specific mac on wan #config rule # option dest wan # option src_mac 00:11:22:33:44:66 # option target REJECT
# block incoming ICMP traffic on a zone #config rule # option src lan # option proto ICMP # option target DROP
# port redirect port coming in on wan to lan #config redirect # option src wan # option src_dport 5001 # option dest lan # option dest_ip 192.168.2.140 # option dest_port 5001 # option proto tcp #config redirect # option src wan # option src_dport 5001 # option dest lan # option dest_ip 192.168.2.140 # option dest_port 5001 # option proto udp
### FULL CONFIG SECTIONS #config rule # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 80 # option dest wan # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp # option target REJECT
#config redirect # option src lan # option src_ip 192.168.45.2 # option src_mac 00:11:22:33:44:55 # option src_port 1024 # option src_dport 80 # option dest_ip 194.25.2.129 # option dest_port 120 # option proto tcp
I start batmand with:
On the Gateway: batmand -d 3 -g 11000 -a 192.168.3.0/24 --hop-penalty 5 --purge-timeout 50000 ath0
and on the client batmand -d 3 -r 2 -a 192.168.4.0/24 --disable-client-nat --hop-penalty 5 --purge-timeout 50000 ath0
Then I check all:
batmand -d1 -c On the gateway: Originator (#/255) Nexthop [outgoingIF]: Potential nexthops ... [B.A.T.M.A.N. 0.4-alpha rv1439, MainIF/IP: ath0/10.130.1.1, UT: 0d 0h 1m] 10.130.1.3 (234) 10.130.1.3 [ ath0]: 10.130.1.3 (234)
On the client: Originator (#/255) Nexthop [outgoingIF]: Potential nexthops ... [B.A.T.M.A.N. 0.4-alpha rv1439, MainIF/IP: ath0/10.130.1.3, UT: 0d 0h 3m] 10.130.1.1 (243) 10.130.1.1 [ ath0]: 10.130.1.1 (243)
batmand -d2 -c
On the gateway: Gateway (#/255) Nexthop [outgoingIF], gw_class ... [B.A.T.M.A.N. 0.4-alpha rv1439, MainIF/IP: ath0/10.130.1.1, UT: 0d 0h 2m] No gateways in range ...
On the client: I can see my gateway -> 10.130.1.1 Gateway (#/255) Nexthop [outgoingIF], gw_class ... [B.A.T.M.A.N. 0.4-alpha rv1439, MainIF/IP: ath0/10.130.1.3, UT: 0d 0h 4m] => 10.130.1.1 (255) 10.130.1.1 [ ath0], gw_class 184 - 12MBit/1536KBit, gateway failures: 0
Command ifconfig showed: on the gateway:
ath0 Link encap:Ethernet HWaddr 00:0E:8E:18:F7:91 inet addr:10.130.1.1 Bcast:10.130.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:517 errors:0 dropped:0 overruns:0 frame:0 TX packets:3301 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:28892 (28.2 KiB) TX bytes:213735 (208.7 KiB)
eth0 Link encap:Ethernet HWaddr 00:1A:92:7E:27:B7 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3709 errors:0 dropped:0 overruns:0 frame:0 TX packets:4320 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:351741 (343.4 KiB) TX bytes:754122 (736.4 KiB) Interrupt:4
eth0.0 Link encap:Ethernet HWaddr 00:1A:92:7E:27:B7 inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3581 errors:0 dropped:0 overruns:0 frame:0 TX packets:2304 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:274574 (268.1 KiB) TX bytes:602269 (588.1 KiB)
eth0.1 Link encap:Ethernet HWaddr 00:1A:92:7E:27:B7 inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:111 errors:0 dropped:0 overruns:0 frame:0 TX packets:2017 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:9083 (8.8 KiB) TX bytes:105082 (102.6 KiB)
gate0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet addr:169.254.0.0 P-t-P:169.254.0.0 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1471 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:214 errors:0 dropped:0 overruns:0 frame:0 TX packets:214 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:18654 (18.2 KiB) TX bytes:18654 (18.2 KiB)
wifi0 Link encap:UNSPEC HWaddr 00-0E-8E-18-F7-91-00-00-00-00-00-00-00-00-00-00 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6600 errors:0 dropped:0 overruns:0 frame:696 TX packets:3933 errors:271 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:195 RX bytes:856392 (836.3 KiB) TX bytes:344114 (336.0 KiB) Interrupt:6
and on the client:
ath0 Link encap:Ethernet HWaddr 00:0E:8E:18:F7:AE inet addr:10.130.1.3 Bcast:10.130.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3805 errors:0 dropped:7 overruns:0 frame:0 TX packets:1236 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:192820 (188.3 KiB) TX bytes:83458 (81.5 KiB)
eth0 Link encap:Ethernet HWaddr 00:1A:92:7E:27:71 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4205 errors:0 dropped:0 overruns:0 frame:0 TX packets:3622 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:337594 (329.6 KiB) TX bytes:360497 (352.0 KiB) Interrupt:4
eth0.0 Link encap:Ethernet HWaddr 00:1A:92:7E:27:71 inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4200 errors:0 dropped:0 overruns:0 frame:0 TX packets:3620 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:261741 (255.6 KiB) TX bytes:335861 (327.9 KiB)
gate0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:169.254.0.1 P-t-P:169.254.0.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1471 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:15 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:0 (0.0 B) TX bytes:1260 (1.2 KiB)
gate1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:169.254.0.1 P-t-P:169.254.0.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1471 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:34 errors:0 dropped:0 overruns:0 frame:0 TX packets:34 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2164 (2.1 KiB) TX bytes:2164 (2.1 KiB)
wifi0 Link encap:UNSPEC HWaddr 00-0E-8E-18-F7-AE-00-00-00-00-00-00-00-00-00-00 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:43355 errors:0 dropped:0 overruns:0 frame:801 TX packets:1938 errors:333 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:195 RX bytes:4590804 (4.3 MiB) TX bytes:175638 (171.5 KiB) Interrupt:6
And route -n showed:
on the gateway:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.130.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ath0 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 gate0 0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0.1
and on the client:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.0 10.130.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ath0 0.0.0.0 10.130.1.1 0.0.0.0 UG 0 0 0 ath0
I added also a registration to iptable (on the gateway and on the client the same) iptables -t nat -I POSTROUTING -o gate0 -j MASQUERADE
So, nodes can see each other, and the gateway is broadcasting (client can see it). I can ping from gateway to client by tunnel -> ping 169.254.0.0 but I can`t ping from client to gateway -> ping 169.254.0.0 , what`s wrong? Unfortunately, I can`t get internet too.
Can somebody help me? I suppose there is a small mistake, as always but I have recently started my adventures with Open Wrt so I don`t understand everything and it can be my mistake. Thanks in Advance, Krzysiek (student).
Ustaw Interie jako strone startowa! Zobacz jak to zrobic >> http://linkint.pl/f297e
Hello Krzysiek -
from your long post I can see that batmand is actually working. Both nodes see each other and the gateway is announced from the gateway side and selected from the client side. You are using the --disable-client-nat option and you announce individual subnets with batmand's HNA option. All good.
On the client side, in /etc/config/network:
config 'interface' 'ath0' option 'ifname' 'ath0' option 'proto' 'static' option 'ipaddr' '10.130.1.3' option 'netmask' '255.255.255.0' option 'gateway' '10.130.1.1' option 'dns' '10.130.1.1'
1/ Get rid of the gateway setting. Setting up the gateway is the job of batmand. I suppose you copied the settings of the Mesh-Potato, right? The Mesh-Potato uses a fake gateway entry to make the Asterisk PBX happy. It didn't actually create harm, since batmand performs policy routing. But it may have added to confusion on your side.
The command
route -n
is not helpful when working with batmand. The route command is a outdated legacy from Linux 2.2 and older. Use the ip command instead, to see the policy routing tables.
ip r ls table all
will list all tables.
2/ Are you really running a DNS server / DNS forwarder on 10.130.1.1? When testing Internet access, I prefer to ping a IP first, to rule out DNS issues. Something easy to remember like 8.8.8.8. That IP is also a reliable public DNS server. If you don't need to resolve local IPs, a public DNS server setting like 141.1.1.1 or 8.8.8.8 will work reliably.
3/ With regards to the firewall - you don't need it. At least not for testing. My recommendation is to stop the firewall until you get the system running as expected and then enable the firewall again. If the system breaks after enabling the firewall, you know where to look at.
So, a simple
iptables -F
on the client side will save you additional headaches. That change is not permanent, so only stops the firewall manually until you reboot. You can do this in all the clients.
On the gateway side you need just one simple firewall setting:
iptables -F iptables -t nat -A POSTROUTING -o eth0.1 -j MASQUERADE
(I am assuming that you have the uplink connected to the WAN port of the Asus)
The advanced way to set up the batmand gateway is to set up routing in the subnet gateway (thats where the WAN port of the batmand gateway gets its DHCP lease from) and eliminate NAT here. This way you can eliminate the need to apply several layers of NAT everywhere. But this is causing additional challenges so I won't cover it for now.
I added also a registration to iptable (on the gateway and on the client the same) iptables -t nat -I POSTROUTING -o gate0 -j MASQUERADE
Don't.
So, nodes can see each other, and the gateway is broadcasting (client can see it). I can ping from gateway to client by tunnel -> ping 169.254.0.0 but I can`t ping from client to gateway -> ping 169.254.0.0 , what`s wrong?
ping 10.130.1.X or 192.168.X.X instead.
Unfortunately, I can`t get internet too.
You will be there in no time ;)
Cheers, Elektra
I tried to change my settings as you have wroten, elektra.
So I:
1. Changed the settings on client and now I have:
config 'interface' 'ath0' option 'ifname' 'ath0' option 'proto' 'static' option 'ipaddr' '10.130.1.3' option 'netmask' '255.255.255.0' option 'dns' '8.8.8.8'
There is no gateway now and there is new dns server.
2. Rebooted router (client) and then typed:
iptable -F .
3. I started batmand with command below:
batmand -d 3 -r 2 -a 192.168.4.0/24 --disable-client-nat ath0
4. On the gateway I also used
iptables -F
and then I typed:
iptables -t nat -A POSTROUTING -o eth0.1 -j MASQUERADE
and after it I started batmand, command below:
batmand -d 3 -g 1000 -a 192.168.3.0/24 ath0
I changed also speed of gateway connection. Here, at home I have only 1Mbit.
(I am assuming that you have the uplink connected to the WAN port of the Asus)
Yes, you`re right. Port eth0.1 (wan) is my port to the next router (my home router with normal access to Internet and Asus is connected to it`s one of lan ports). It`s got an address (192.168.2.2) from DHCP.
Now situation is:
On the client router - connected by ssh - putty: I can ping f.e. www.google.com and I have a reply (ping works). I can ping 192.168.2.1 (gateway at home router). I can ping 10.130.1.1 (address of interface ath0 on gateway). I can`t ping 192.168.2.2 (port wan on Asus, why?). -> results 100% loss. I can`t ping 169.254.0.0 (end of tunnel gate0 on the gateway). -> results 100% loss.
On the gateway: I can ping Internet address (www.google.com). I can ping 10.130.1.3. I can ping 169.254.0.1. I can ping 192.168.2.2. I can ping 192.168.2.1.
On the gateway all look correctly.
On PC connected to Router Client (by LAN eth0.0) I can ping almost nothing... ping 192.168.4.1 (gateway PC-Router client) working. ping 10.130.1.3 working. ping 10.130.1.1 not working -> Request time out. Any other address doesn`t reply.
On PC connected to Router Gateway (by LAN eth0.0): ping www.google.com not working ping 10.130.1.1 working ping 10.130.1.3 working ping 192.168.2.2 working ping 192.168.2.1 not working.
And... messenger works properly... despite it I can`t ping gateway.
Maybe it depends on routing table, but here is another problem.
The command
route -n
is not helpful when working with batmand. The route command is a outdated legacy from Linux 2.2 and older. Use the ip command instead, to see the policy routing tables.
ip r ls table all
will list all tables.
Yes... I am associating this command but some minuts ago I would like to check my routing table and these commands: ip route and ip rule are not recognized for my router.
root@Asus4:~# ip r ls table all -ash: ip: not found
I thought I didn`t install it but in list of packages available for my Backfire I couldn`t find something suitable. From where can I download it?
Any more suggestions? Thanks, Krzysiek.
--------------------------------------------- Ksiegowa radzi: Jak załozyc firme w 15 minut? http://linkint.pl/f2968
Hi Krzysiek -
as promised you can now use the Internet from the batmand gateway client and you can access the gateway machine behind the batmand gateway.
If you have more machines in the 192.168.2.0/24 subnet, you will be able to access them as well. However they are now behind a NAT instance.
You can not ping the 192.168.2.2 interface address since you didn't announce the 192.168.2.0/24 subnet via HNA. You can ping everything that is behind 192.168.2.2, because of the NAT postrouting rule. I don't think talking to the 192.168.2.2 IP is necessary since you can access the device with the 10.130.1.X IP. If you insist on it, you can add a HNA network announcement ( -a ).
The package you are missing is iproute2.
With regards to the PC connected to the batman gateway client - did you set up a default route in the PC? Without a route you can only ping those IPs that are link local. Don't forget to add a DNS server, too.
Don't bother about pinging the tunnel endpoint IP. The tunnel is merely required as a means of transport which allows batman gateway-clients to select a batmand gateway when sending traffic *to* the gateway. And it is a half-way (one-way!) tunnel.
Cheers, Elektra
Hello again,
I can say that it`s propably work now!
With regards to the PC connected to the batman gateway client - did
you set up
a default route in the PC? Without a route you can only ping those IPs that are link local. Don't forget
to add a
DNS server, too.
I have had a default route on my PC computer so far. (I checked it with route print command).
I have noticed that when I stop my firewall I will have Internet on computer PC (on the gateway) and batmand is not working properly. After my firewall was started, batmand works properly but I can`t use the Intenet then. I have solved it by changing rule forward from REJECT to ACCEPT (on router gateway and on the router client) in firewall settings. My firewall is working at the moment and I can start batmand and it works properly. I can browse websites in my internet browser and ping hosts. Ping from the PC connected to router client works too.
The package you are missing is iproute2.
Ok, finally I found it. I was looking for a iproute package but it was named simply "ip" - this package contains ip route, ip rule, ip link and others.
Don't bother about pinging the tunnel endpoint IP. The tunnel is merely required as a means of transport which allows batman gateway-clients to select a batmand gateway when sending traffic *to* the gateway. And it is a half-way (one-way!) tunnel.
Of course you are right one more time. It is precisly visible thanks to ifconfig in statistics. Tx in gate0 is growing all the time and Rx not.
Thanks again Elektra, Cheers, Krzysiek.
------------------------------------------------- Lubisz Interie? Ustaw jako strone startowa! >> http://linkint.pl/f297f
I have to correct my previous email, unfortunately I made a mistake.
I have noticed that when I stop my firewall I will have Internet on
computer PC (on the gateway) and batmand is not working properly. After my firewall was > started, batmand works properly but I can`t use the Intenet then. I have solved it by changing rule forward from REJECT to ACCEPT (on router gateway and on > the router client) in firewall settings. My firewall is working at the moment and I can start batmand and it works properly. I can browse websites in my
internet browser and ping hosts. Ping from the PC connected to router
client works too.
Of course situation is opposite. When I start firewall batmand won`t work properly and I have access to Internet. When I stop firewall batmand will work properly but I can`t access to Internet (I think about PC connected to routers). I think there are rules to forward packets between LAN and WAN.
Is there any possibility to change posts in archive?
Cheers, Krzysiek.
--------------------------------------------- Ksiegowa radzi: Jak załozyc firme w 15 minut? http://linkint.pl/f2968
b.a.t.m.a.n@lists.open-mesh.org
-
elektra -
Gioacchino Mazzurco -
Krzysiek Gołębiewski