[Dnsmasq-discuss] Not even sure what to entitle this

Ron Terren rterren at gmail.com
Thu Nov 24 01:30:43 GMT 2011 

I apologize if this is not the correct forum, but here goes....

I use a version of Open-wrt in a wireless router to offer a captive
portal hotspot on a private vlan.  The unit also has:
eth0 -wired interface, which seeks a DHCP address in order to uplink
to the ISP's modem
eth1 -wired interface, serves DHCP on another private vlan.  Traffic
is shaped using dnsmasq and iptables

The ISP only offers one static IP address and their cable modem has
only one port.  In order to use that port your device must either
hardcode the same Static IP address (Bridge Mode?), or your device
will receive that address from the modems built in DHCP server (which
they control), and which only offers that one address.

In virtually all locations another device already exists which is Hard
Coded with the Cable Modem's IP address, and it's Gateway.  In almost
all cases I cannot get access to the device to reconfigure it, because
another vendor supports it.

So it goes:

Internet> Static Ip of Modem > Modem > Same Static IP but placed on on
premises equipment

or it goes:

Internet> Static Ip of Modem > Modem > DHCP assignment of modem's IP
but placed on on premises equipment

What I want to do is

Internet> Static Ip of Modem > Modem > DHCP assignment of modem's IP
to my routers eth0 AND the other device will be plugged into  my eth1
(with that same Static IP already configured (because I cant change
it))

I want to craft an iptables rule that will FORWARD (or is it MANGLE)
all packets coming from a specific range of public internet sites (or
perhaps a few specified tcp ports 22, 3000) and immediately forward
those packets directly to eth1.

I realize eth1 is hosting a private DHCP server, which is providing
10.0.0.x addresses and I have placed a non DHCP "rougue" device on it
which also has the same public  ip of the modem AND my router.

On my home network I tried the following to get the traffic to my eth1 port

iptables -t filter -I FORWARD -s 192.168.1.2/32 -o eth1

---where 192.168.1.2 is my desktop which I initiated a ping -t to the routers IP

And to get the return traffic from eth1 to route out I tried

iptables -t filter -I FORWARD -d 192.168.1.1/32 -o eth0
----where 192.168.1.1 is my gateway

My thought was that since this device is contained within that private
vlan that maybe this would be possible, then again I might be smoking
crack.  Can anyone think of a way to accomodate this mess, without
introducing any new hardware?

Thanks very much


Ron
--
Ron Terren
rterren at gmail.com

More information about the Dnsmasq-discuss mailing list