Am Sonntag 06 Februar 2011, 23:18:25 schrieben Sie: > On 04/02/11 15:38, Clemens John wrote: > > Am Dienstag 01 Februar 2011, 11:51:16 schrieben Sie: > >> If your non-batman clients don't need incoming connections, you could > >> > >> NAT outgoing connections : > >> [client]-->[adhoc ath1]-->NAT-->[br-mesh] > >> > >> You would have to run a DHCP server on the ath1 interface to give those > >> clients a private IP and tell them to use the private IP on ath1 as > >> their router. > > > > What do I have do insert into iptables to NAT ath1 to br-mesh? I´m a > > complete firewall noob. > > There might be an easier way using the config files of the distribution > you're using, but from a script it would look something like this: > > #! /bin/sh > modprobe iptable_nat > ## Work-around for bad ISPs which drop ICMP Fragmentation Needed > packets: (Needs to be early in list) > iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS > --clamp-mss-to-pmtu > iptables -t nat -A POSTROUTING -o br-mesh -j MASQUERADE > > -Kevin
Thank you that got me a little bit further. But now the traffic from the wlan client (wlan0) gets into the router (br-mesh) and tries to reach the internet over the default route of the router, my local lan port. But I want to Use a special gateway (10.18.0.1) behind the vpn and in the same network as br-mesh, only for traffic comming from the clients. Traffic comming from the router itself should use the default gateway furthermore. What can I do? Regards Clemens
signature.asc
Description: This is a digitally signed message part.
