Private Wifi with NAT & DHCP

[mweinelt]

Is it possible to provide NAT Gateway functionality with DHCP instead of WAN Bridging for the private Wifi? Users in our university housing locations only get one IP and one lan port, so the current functionality does not work for them.

[tcatm]

Yes, OpenWrt is capable of providing that. It could get a little tricky when the node is also supposed to be a Freifunknode at the same time due to the complex routing setup.

However, using Freifunk should get you the desired functionality already and you can even roam.

[neocturne]

Assigning myself as I'd like to use this feature myself when it's done :D

[Waldteufel]

Quick and dirty setup, tested with freifunk-darmstadt's image:

• split 'client' bridge into 'client' (only bat0) und 'lan' (only eth0.1, static ip 192.168.0.1/24)
• uci add_list dhcp.@dnsmasq[0].interface=lan
• set up private wifi with luci, then change network to 'lan' in /etc/config/wireless
• allow forwarding for 'lan' in /etc/config/firewall

(hope I didn't forget anything, I'll try to do a diff against the default config…)

[neocturne]

@Waldteufel, DNS for "private clients" will be resolved over the mesh, not directly over WAN, which probably isn't what you want. You need an iptables rule which redirects the requests to the secondary DNS server on port 54.

[Waldteufel]

Allowing a connection to a service listening on the loopback interface seems to be insanely difficult with iptables, changing the gluon-wan-dnsmasq package to listen on more interfaces might actually be easier. Making the wan-dnsmasq (instead of the one configured by UCI) itself responsible for DHCP on the lan bridge might also help. But I really don't understand enough of gluon's architecture to make a guess which option makes the most sense…