Re: [B.A.T.M.A.N.] Nat Question

[Sven Eckelmann <sven.eckelmann@gmx.de>]

[-- Attachment #1: Type: Text/Plain, Size: 2808 bytes --]

On Friday 20 August 2010 11:58:32 David Beaumont wrote:
> So large pings appear to be going over the batman interface.

So, first you say that all packets go over the bat interface and that this 
part works fine. Now you say that large packets will also work... which is no 
gain of information for the batman-adv related parts.

> However still not getting any web traffic through
> 
> root@Generic:~# echo "HEAD / HTTP/1.1\nHost: git.open-mesh.net\n\n"|nc
> git.open-mesh.net 80
> 
> root@Generic:~# wget http://www.google.com
> Connecting to www.google.com (74.125.39.104:80)
> 
> What else can i provide to help track down the problem here :-(

Create a real minimal setup. Minimal as possible. Get that working and then at 
parts to it (iptables, bridges, ...) until it doesn't work anymore. Check if 
that is real the part which makes the problem by reducing the complexity of 
other parts you already added.

You already told us that it is not related to batman-adv and that the bridge 
makes problems.

Actually nobody understands here what you are currently try to archive with 
your setup and why all the iptables or maybe ebtables stuff/bridges/... is 
needed to find a problem.

And why have both mesh and net (for whatever they are used) a masquerade rule 
in postrouting?


Simplest setup would be:
 * net is a nat router; everything in iptables to accept:
    iptables -F
    iptables -t nat -F
    iptables -t mangle -F
    iptables -X
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
   masquerade enabled
    iptables -t nat -A POSTROUTING -o "${OUTIF}" -j MASQUERADE
 * configure outif (the thing which has globally routable address)
 * enable wired connection between net and mesh by adding them to the same 
   subnet (eth0 on net 192.168.1.1, eth0 on mesh 192.168.1.2)
 * Try to ping each other
 * test if connection between net and internet works flawless
 * test if connection between mesh and indirectly to the internet over net
   works flawless
 * set mtu of eth0 on both sides to 1530
 * check if `ping -M do -s 1500` works between both net and mesh
 * remove ip addresses of eth0 on both ends (but keep devices up)
 * add eth0 on both sides using `batctl if add` to bat0
 * set mtu of bat0 to 1500 on both hosts
 * give bat0 the same ips which were used before by eth0
 * set bat0 up
 * check if both hosts finds each other using `batctl o`
 * try to ping other host
 * try if internet works flawless indirectly from mesh over net
 * remove ip from bat0 devices
 * add bat0 to a bridge on both ends
 * set ips which were used by bat0 to the bridge devices
 * set mtu of bridge to 1500
 * try to.... I think you can guess the next 1000 steps by yourself

Regards,
	Sven

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]