[Dnsmasq-discuss] Not even sure what to entitle this

Simon Kelley simon at thekelleys.org.uk
Sat Nov 26 17:25:52 GMT 2011 

On 24/11/11 01:30, Ron Terren wrote:
> I apologize if this is not the correct forum, but here goes....
> 
> I use a version of Open-wrt in a wireless router to offer a captive
> portal hotspot on a private vlan.  The unit also has:
> eth0 -wired interface, which seeks a DHCP address in order to uplink
> to the ISP's modem
> eth1 -wired interface, serves DHCP on another private vlan.  Traffic
> is shaped using dnsmasq and iptables
> 
> The ISP only offers one static IP address and their cable modem has
> only one port.  In order to use that port your device must either
> hardcode the same Static IP address (Bridge Mode?), or your device
> will receive that address from the modems built in DHCP server (which
> they control), and which only offers that one address.
> 
> In virtually all locations another device already exists which is Hard
> Coded with the Cable Modem's IP address, and it's Gateway.  In almost
> all cases I cannot get access to the device to reconfigure it, because
> another vendor supports it.
> 
> So it goes:
> 
> Internet> Static Ip of Modem > Modem > Same Static IP but placed on on
> premises equipment
> 
> or it goes:
> 
> Internet> Static Ip of Modem > Modem > DHCP assignment of modem's IP
> but placed on on premises equipment
> 
> What I want to do is
> 
> Internet> Static Ip of Modem > Modem > DHCP assignment of modem's IP
> to my routers eth0 AND the other device will be plugged into  my eth1
> (with that same Static IP already configured (because I cant change
> it))
> 
> I want to craft an iptables rule that will FORWARD (or is it MANGLE)
> all packets coming from a specific range of public internet sites (or
> perhaps a few specified tcp ports 22, 3000) and immediately forward
> those packets directly to eth1.
> 
> I realize eth1 is hosting a private DHCP server, which is providing
> 10.0.0.x addresses and I have placed a non DHCP "rougue" device on it
> which also has the same public  ip of the modem AND my router.
> 
> On my home network I tried the following to get the traffic to my eth1 port
> 
> iptables -t filter -I FORWARD -s 192.168.1.2/32 -o eth1
> 
> ---where 192.168.1.2 is my desktop which I initiated a ping -t to the routers IP
> 
> And to get the return traffic from eth1 to route out I tried
> 
> iptables -t filter -I FORWARD -d 192.168.1.1/32 -o eth0
> ----where 192.168.1.1 is my gateway
> 
> My thought was that since this device is contained within that private
> vlan that maybe this would be possible, then again I might be smoking
> crack.  Can anyone think of a way to accomodate this mess, without
> introducing any new hardware?
> 
> Thanks very much
> 


A full answer of really off-topic here, but the keyword you need to
search further is NAT, Network Address Translation. That makes all the
hosts behind that router share one public address, but allows them each
to have a private address.

HTH

Simon.

More information about the Dnsmasq-discuss mailing list