* [#introduction Introduction] * [#configuring_ip_forwarding Configuring IP forwarding] ** [#linux Linux] ** [#bsd_variants__including_mac_osx_ BSD variants (including MAC OSX)] ** [#windows_ Windows ] * [#looking_at_the_routing_table Looking at the routing table] * [#default_route Default route] * [#links Links] ! Introduction So, you have this radio network thing and after playing with it for a while you come to realize that you don't really want to bridge your home network to the rest of the Melbourne Wireless community. You need to set up a router. The router will do two things for you, it gives you the control to expose the right amount of your network and it allows you to establish a firewall between yourself and the general Melbourne Wireless network. This is exactly the same as you would have for your Internet connection. The router may be an embedded device, a combination device (router/wireless access point), a dedicated Linux machine (old PC) or an existing machine you make dual homed by adding an additional NIC. Regardless of the device you are using it needs to have more than one network interface, should be able to forward packets between the interfaces and should allow you to run firewall software and a routing daemon or two. It's probably a good idea to have a dedicated machine between you own stuff and the rest of the world, usual disclaimer here. ! Configuring IP forwarding Most PC based operating systems support ip forwarding but it is usually not turned on. When you have a PC that has more than one network interface and you want to enable routing, you may need to make some simple configuration changes to get the machine forwarding packets between interfaces. Often you have the funny situation where the machine you want to act as a router can see other machines on both subnets but machines on one subnet cannot see machines on the other - you need to enable IP forwarding. !! Linux Most standard distributions support IP forwarding. you turn IP forwarding on by setting a flag in ''/proc''. This can be done using the '''sysctl''' command or by simply echoing 1 to the file. echo "1" > /proc/net/ipv4/ip_forward Alternatively use '''sysctl''' /sbin/sysctl -a will display all configured settings /sbin/sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0 /sbin/sysctl -w net.ipv4.ip_forward="1" !! BSD variants (including MAC OSX) Similar to Linux, use sysctl to set the ip forwarding flag. In this case the flag is ''net.inet.ip.forwarding''. /sbin/sysctl -w net.inet.ip.forwarding="1" !! Windows In windows routing is possible through a change to a registry parameter. Open regedit and go to the entry: HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Find the entry ''IPEnableRouter'' and set to 1 (default is 0). Reboot and you should be forwarding packets. ! Looking at the routing table The routing table can be inspected using the '''route''' command. [dna@koen dna]$ /sbin/route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.3 * 255.255.255.255 UH 0 0 0 eth0 wailea * 255.255.255.255 UH 0 0 0 eth0 192.168.2.0 192.168.1.3 255.255.255.0 UG 0 0 0 eth0 192.168.2.0 wailea 255.255.255.0 UG 0 0 0 eth0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default bgenki2 0.0.0.0 UG 0 0 0 eth0 You can see different types of routing entries. Some are for machines and others are for subnets. The machine entries are fully qualified addresses or a machine name (192.168.1.3 or wailea) while the subnets (in this case) are those that end in zero (192.168.2.0). Routes to subnets include the IP Address of the gateway that is used to send packets to the subnet. Typically you need to add a route to the gateway first, then add the route to the subnet using the previously defined gateway. There are exceptions to this, MAC OS X will add the gateway automatically and has a different command syntax. Alternative commands can access the same information but most likely formatted differently. The raw routing data is maintained by the kernel and is accessed by these commands from ''/proc/net/route''. /sbin/ip route (or /sbin/ip r) /bin/netstat -r ! Default route The default route is the route used for all packets that do not match an explicitly defined route. Each device can have only one default route. Each OS will have a slightly different command syntax for creating a route. The same command usually allows you to look at the routing table as well as set routes. This needs to be done as root or a user with the appropriate permissions. || Linux || route add -net default 192.168.1.1 netmask 255.255.255.0 || || BSD || route add -net default 192.168.1.1 255.255.255.0 || ! Links Good description of (http://home.pacific.net.au/~djames.hub/mesh/routing_faq.html routing concepts ) by Damian James at (http://www.itee.uq.edu.au/~mesh/index.html Brismesh )