Hej Trev, hej all,
thanks for answering! And thank you for solving this issue!! It could all be so easy if one would do it right.... It might be a good idea to add this hint to the howto!? Regards Boris Trev Peterson schrieb: > Hey Boris, > > Are you NATing the wlan segment? I see you're using private IP > addressing. FYI: might want to make sure the interface/subnet is > in /etc/shorewall/masq. Hope this helps, > > On Wed, 2011-02-02 at 16:23 +0100, Boris wrote: >> Hej there list-members, >> >> >> I need some help with the following setup: >> >> My leaf-box works properly as DSL-router, giving the LAN behind the box >> secure access to the internet. I followed the howto >> http://leaf.sourceforge.net/doc/bucu-ap.html to build an access point, >> which works up to the point that I want to access the internet via wifi: >> The client gets an IP-adress, the wpa-auth works and the client can >> ping the leaf-box and hosts in the LAN (and vice versa). There is name >> service for internet hosts availabel in the wlan segment but no host is >> reachable. I do not get any drops from shorewall since wlan is all open >> from entries in policy: >> wlan net ACCEPT >> net wlan ACCEPT >> >> There is a good default route entry on the client (otherwise I couldn't >> ping the LAN). Tracerouting an internet host only brings the router. >> >> tcpdumping ath0 while ping heise.de brings >> >> 15:09:58.022447 IP 192.168.25.191.41476 > router.domain: 36315+ A? >> heise.de. (26) >> 15:09:58.022661 IP router.domain > 192.168.25.191.41476: 36315 1/0/0 A >> redirector.heise.de (42) >> 15:09:58.023349 IP 192.168.25.191 > redirector.heise.de: ICMP echo >> request, id 2473, seq 1, length 64 >> 15:09:58.929510 [|llc]00:22:43:14:ca:9a (oui Unknown) > >> 00:80:48:54:85:81 (oui Unknown), 802.3, length 14: >> 15:09:59.031165 IP 192.168.25.191 > redirector.heise.de: ICMP echo >> request, id 2473, seq 2, length 64 >> 15:10:00.038999 IP 192.168.25.191 > redirector.heise.de: ICMP echo >> request, id 2473, seq 3, length 64 >> 15:10:01.046833 IP 192.168.25.191 > redirector.heise.de: ICMP echo >> request, id 2473, seq 4, length 64 >> 15:10:02.054688 IP 192.168.25.191 > redirector.heise.de: ICMP echo >> request, id 2473, seq 5, length 64 >> 15:10:03.019519 arp who-has 192.168.25.191 tell router >> 15:10:03.020651 arp reply 192.168.25.191 is-at 00:22:43:14:ca:9a (oui >> Unknown) >> , but I'm not good in interpreting that.... >> >> Don't know what to try next... any ideas? >> >> Thanks in advance, >> >> >> Boris >> >> ------------------------------------------------------------------------------ >> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> Finally, a world-class log management solution at an even better price-free! >> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> February 28th, so secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsight-sfd2d >> ------------------------------------------------------------------------ >> leaf-user mailing list: leaf-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/leaf-user >> Support Request -- http://leaf-project.org/ > ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
