[SOLVED] Setting up a netbook as a router; input solicited

jamtat · 2016-03-23 04:25:03

I regularly need to work in a library and require ongoing access to my home computer while I'm working there. Since my home machine runs ssh on a non-standard port and since their wifi network has been configured to block such ports, I've been using a workaround where I route traffic to/from my home network through an ssh tunnel that runs on port 443--one of the few ports they don't block. I guess they may have been examining their logs and noticing unusual traffic on port 443 or something because it looks like they've recently started throttling bandwidth over that port. Traffic over that tunnel has become intolerably slow, so I'm looking into other workarounds.

I've decided another possible workaround would be to, using an old netbook and one of the very few working wired network ports (no port blocking in effect on these) found in this library, set up my own wifi network where no port blocking would be in play. In other words, make the netbook get a wired connection to the internet using one of those jacks, then have it accept wifi connections on its wireless NIC, routing traffic between the wifi and wired NICs. The netbook is an eeepc 1005hab and, since I use mainly Arch these days, that is the target distro for setting all this up. Fortuitously, I've found a write-up that, while a bit dated, covers doing just the sort of thing I'm aiming at on almost this exact same hardware (see http://bugcy013.blogspot.com/2011/07/tu … eless.html).

To begin with, I'd just like to ask a bit of input on how the described solution works. The main thing I'm unclear on is how the hostapd solution outlined there functions in terms of network addressing. What I'm expecting is that the netbook would establish a private subnet and, using a dhcp daemon, would give out an address from within that subnet on request from the laptop I'll be using to connect to its wifi interface. But the solution doesn't seem to work like that since the only mention of dhcp involves the optional step of a dhcp client running on the bridge--that step being apparently only necessary if access to the internet is needed from the netbook itself.

Where, then, does the IP that is given out over the wifi interface come from? I suppose it is assigned by the dhcp server that runs on the wired network to which the wired NIC would be connected? And an address is only given out once a wifi client tries to connect to the wifi interface?

I suppose another option for doing something like I'm envisioning would be to adapt a how-to such as the one at https://wiki.gentoo.org/wiki/Home_Router. That one is geared toward gentoo and covers only wired interfaces, so all the wifi security elements would have to be added at the appropriate point. But this how-to does involve setting up a subnet from which IP's are given out to connecting clients. And I have previously used that one to NAT traffic between a wired and wifi interface in a machine that performed routing functions.

Further input will be appreciated.

Last edited by jamtat (2016-04-07 03:36:32)

ewaller · 2016-03-23 14:22:18

https://wiki.archlinux.org/index.php/Router
https://wiki.archlinux.org/index.php/Internet_sharing

jamtat · 2016-03-23 16:25:13

Thanks for posting those links, ewaller. I'd looked at the internet connection sharing one. Not sure how I previously missed the router one, but it's got some helpful pointers: notably, it uses dnsmasq for dhcp serving, just like the gentoo how-to I posted. As I said, I've implemented that gentoo one previously and dnsmasq for dhcp serving definitely sounds like the way to go. Another one that's relevant to what I'm aiming to accomplish is https://wiki.archlinux.org/index.php/so … cess_point

Anyway, using all these plus the other link I posted in the OP may get me where I need to be. Most of these Arch documents focus on wired ethernet, so figuring out how to implement this on a system where only one of the interfaces is wired and wherein clients connect to the wifi interface of said router remains to be puzzled out: the broadcasting of an SSID along with an encryption scheme and associated credentials has to be fit in somehow. Should I manage to figure out, using these and other documents, how to accomplish what I'm aiming for, I'll post results in this thread.

Still uncertain how the hostapd solution works in terms of assigning IP's, but I think my initial supposition that the IP is handed out by the network dhcp server that runs on the wired interface, is correct.

LATER EDIT: just found this https://nims11.wordpress.com/2013/05/22 … -in-linux/ , which seems to provide most or all of the missing pieces (running dnsmasq alongside hostapd and offering a set of routing tables for NAT'ing between wired and wifi interfaces)

Last edited by jamtat (2016-03-23 16:36:53)

jamtat · 2016-03-29 18:43:27

I believe I have all the ingredients to set this up--other than time. I've ordered a 16gb SD card to act as the hard drive where I'll install Arch: I assume, for this scenario, that I should follow in the main directives for installing Arch to a USB key (https://wiki.archlinux.org/index.php/In … _a_USB_key), correct? In any case, I hope to find time to do this in the next couple of weeks and to post in this thread the (successful) steps I took. At which point I intend to mark this thread solved.

I may wind up having some non-networking-related questions involving setting up the GUI--I plan on installing some minimalist desktop in order to give the outward appearance that the device is a working netbook, although its chief function will just be to act as a router. The main thing I'll need to get operational in connection with the GUI is a password-protected screen saver. I'll probably end up posting to the Applications & Desktop Environments forum in the event I'll need any help with that latter (I've set up many a minimal desktop in my time but have foregone installing and using screensavers for years).

Last edited by jamtat (2016-03-29 18:44:41)

smpolymen · 2016-04-01 02:40:38

Just so you know, you might not want to do this: https://wiki.archlinux.org/index.php/so … idge_Setup or this: http://bugcy013.blogspot.com/2011/07/tu … eless.html as these create bridges and not a router. Instead, do this https://wiki.archlinux.org/index.php/so … #NAT_Setup

(From that page:
bridge: create a network bridge on your computer (wireless clients will appear to access the same network interface and the same subnet that's used by your computer)
NAT: with IP forwarding/masquerading and DHCP service (wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted -- similar to a normal Wi-Fi router that's connected to your DSL or cable modem)
)

The issue with a bridge is that if your library network folks are as observant and strict as you indicate, they might get suspicious when they see more than 1 MAC addresses or IPs on a port. In fact they might have their switches configured to automatically shutdown the port if they see more than one MAC on it (common feature in corporate environments.) Using NAT, they will only see the one MAC of your netbook and the wifi devices will be hidden behind it.

jamtat · 2016-04-03 13:54:22

Thanks for the input, smpolymen. I'll look into this further. One of the URL's you posted is one I referenced in my OP, btw--but that's not the one I've been following. Rather, I finally succeeded just yesterday in implementing the directives at the nims11 link, and have been testing it at home. But being more stealthy about this by using a bridge scheme might, as you suggest, be warranted.

As to the the library's vigilance in monitoring the state of the network, this certainly applies to the wifi network, as I've learned from experience. I'm not sure to what extent it applies to the wired network, though. In fact, the IP I get when I connect to one of those jacks is not on a private subnet: it's a real IP on the internet, from within the range their corporation owns (I don't understand the technical end of this real well, but I think it's a class B address). As I said, I'm not sure how carefully they monitor this network; but I do intend to take whatever steps will be required to not attract undue attention.

jamtat · 2016-04-05 04:56:49

I got this set up and working at home and on another LAN in my apartment building. But it's not working in the library. By "working" I mean that at home and on the other LAN where I tested it the wired interface gets an IP and I can, using a laptop, get an IP on the wifi network that runs on the netbook's wifi interface and can ping domains and access web pages by domain name in a browser running on that machine. By "not working" I mean that using the laptop I can get an IP on the wifi network that runs on the netbook's wifi interface but that I can't ping any domain name or access any web page by domain name using a browser (forgot to try pinging by numerical address, which could have been revealing). I can, incidentally, ping by domain name (e.g., ping http://www.google.com) from the netbook itself. I may be facing some sort of DNS issue here. Perhaps I'll be able to do further testing tomorrow or the next day.

NOTE: The description above applies to the NAT'ing router option, which I ended up using for this device, rather than the bridge option mentioned by one of the respondents.

Last edited by jamtat (2016-04-06 20:51:42)

jamtat · 2016-04-06 21:04:32

So I tried another test pinging, from a connected client, a numerical internet address. And the ping succeeded. So I was obviously dealing with a DNS issue. I don't claim to understand very well the workings of DNS, especially so when a device NAT'ing to a local LAN is involved. So I had to resort to puzzling out what sorts of resolutions I might try. One suspect part of the directives seemed worth investigating; the following DNS-related lines were, according to directives, to be appended to dnsmasq.conf:

# disables dnsmasq reading any other files like /etc/resolv.conf for nameservers
no-resolv
# Interface to bind to
interface=wlan0
# Specify starting_range,end_range,lease_time
dhcp-range=10.0.0.3,10.0.0.20,12h
# dns addresses to send to the clients
server=8.8.8.8
server=8.8.4.4

Entering those DNS server lines in the connected machine's resolve.conf (whereas previously the IP of the routing netbook had been present there) did not help matters, while entering the IP of the wired network's DNS servers did. So I decided to try commenting out the no-resolv and server=8.8.8.8 server=8.8.4.4 lines. On rebooting, the issues with accessing the internet from a laptop connected to the wifi network running on the netbook's wifi interface were gone: I could access domains freely without resorting to numerical addresses. So the configuration option that worked for me involved appending the lines

# disables dnsmasq reading any other files like /etc/resolv.conf for nameservers
#no-resolv
# Interface to bind to
interface=wlan0
# Specify starting_range,end_range,lease_time
dhcp-range=10.0.0.3,10.0.0.20,12h
# dns addresses to send to the clients
#server=8.8.8.8
#server=8.8.4.4

to end of the dnsmasq.conf file.

Arch Linux

#1 2016-03-23 04:25:03

[SOLVED] Setting up a netbook as a router; input solicited

#2 2016-03-23 14:22:18

Re: [SOLVED] Setting up a netbook as a router; input solicited

#3 2016-03-23 16:25:13

Re: [SOLVED] Setting up a netbook as a router; input solicited

#4 2016-03-29 18:43:27

Re: [SOLVED] Setting up a netbook as a router; input solicited

#5 2016-04-01 02:40:38

Re: [SOLVED] Setting up a netbook as a router; input solicited

#6 2016-04-03 13:54:22

Re: [SOLVED] Setting up a netbook as a router; input solicited

#7 2016-04-05 04:56:49

Re: [SOLVED] Setting up a netbook as a router; input solicited

#8 2016-04-06 21:04:32

Re: [SOLVED] Setting up a netbook as a router; input solicited

Board footer