From: Marek Lindner <lindner_marek@yahoo.de>
To: The list for a Better Approach To Mobile Ad-hoc Networking
<b.a.t.m.a.n@lists.open-mesh.org>
Subject: Re: [B.A.T.M.A.N.] Mesh with access from wifi and lan. Which is the Only True Way?
Date: Thu, 30 Sep 2010 16:15:40 +0200 [thread overview]
Message-ID: <201009301615.41517.lindner_marek@yahoo.de> (raw)
In-Reply-To: <4CA4799C.6050503@magwas.rulez.org>
On Thursday 30 September 2010 13:50:52 Magosányi Árpád wrote:
> I do announce local wifi net through HNA.
> In the meantime my config started to not work. I saw that the node in
> the middle does REJECT tunnel traffic from packet filter, so added a
> firewall rule to accept everything in the FORWARD chain in all nodes.
> Then as packets started to come out from the system with tunnel source
> IP, I have added a MASQUERADE on the node which is connected to the
> internet gateway.
>
> Now it works, but uses the tunnel in an assymetric way: packets out go
> through the tunnel, packets in go in the plain route.
Batmand offers 2 types of tunnel: the "half tunnel" and the "full tunnel" which
allows you to choose what suits you best.
The full tunnel has the advantage that batmand can automatically detect
whether the gateway has a working internet connection and switch to another
gateway if necessary. As tunneling in user space is painfully CPU intense the
full tunnel comes with a performance penalty with many simultaneous users. If
that is an issue you might want to have a look at the batgat kernel module
which does the tunneling in kernel space.
The half tunnel does not run into the performance issue that easily but can't
detect internet availability. As the user traffic is not natted in the tunnel
this mode is more suitable for SIP and similar protocols.
Half tunnel mode is the default, full tunneling can be activated by natting on
the client's gate0 interface:
iptables -t nat -I POSTROUTING -o gate0 -j MASQUERADE
Regards,
Marek
prev parent reply other threads:[~2010-09-30 14:15 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-28 19:08 [B.A.T.M.A.N.] Mesh with access from wifi and lan. Which is the Only True Way? Magosányi Árpád
2010-09-29 10:28 ` Marek Lindner
2010-09-29 19:41 ` Magosányi Árpád
2010-09-29 20:20 ` Marek Lindner
2010-09-29 20:44 ` Magosányi Árpád
2010-09-29 21:40 ` Marek Lindner
2010-09-30 11:50 ` Magosányi Árpád
2010-09-30 14:15 ` Marek Lindner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201009301615.41517.lindner_marek@yahoo.de \
--to=lindner_marek@yahoo.de \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox