[Sussex] Sharing Wifi Access - Help Please

Steve Dobson steve at dobbo.org
Sun Apr 25 21:55:52 UTC 2010 

Fay et al

Fay Zee wrote:
> One member tries to create a bridge and can see another laptop via a
> cat5 cable, yet that laptop has only patchy success in connecting.
> 
> My wifi card only gives me individual access.

In order to get one WiFi connected laptop to act as a bridge requires 
five things.

1). Configure the WiFi LAN (WLAN) and room LAN (RLAN) networks to be on 
different subnets. The WLAN network will be fixed by Holbrook, you'll 
have no choice there.  I recommend that you configure the RLAN to be 
something very different, it's easier that way.  Assuming the WLAN is on 
part (or all) of the 192.168/16 network I would configure the RLAN to 
use part (or all if you like) of the 10/8 network.

Given the small number of machines you don't really need to run a DHCP 
server on the WiFi bridge, one could just hand out "fixed" addresses on 
an ahoc basis.

2). The WiFi bridging laptop's kernel needs to be configured to do IP 
forwarding so the laptop will bridge between the room LAN and the WLAN.

3). The packets that are being relayed by the wired laptop need to have 
there packets modified (by the WiFi laptop's kernel) so that they appear 
to be coming from the WiFi bridging laptop itself.  That way upstream 
systems (like the Holbrook's WiFi router) will know where to send any 
reply packets.

4). The wired laptops, as well has having IP addresses on the RLAN) need 
to have a default route configured to send all packets to unknown 
network addresses to the WiFi bridging laptop.

5). And finally, the wired laptops will need to be told where the DNS 
servers are.  Holbrooks WiFi will assign them on the WiFi bridge and the 
settings can just be copied to the RLAN's laptops (assuming you're doing 
the RLAN's configuration by hand).

The easiest way to configure the WiFi bridging laptop is probably with a 
firewalling program such as shorewall.  Assuming that you trust both the 
laptops on the wired network and the WiFi network of Holbrooks then you 
could just set both network up as trusted and then you shouldn't need to 
worry about opening up ports for each protocol the wired laptops wish to 
use.  This of course does not mean the Holbrooks firewalling policies 
won't be a problem for some protocols.

Also don't forget to mark the RLAN network for masquerading or the RLAN 
packets will transmitted by the WiFi bridge laptop with out modifying 
the addresses and the upstream systems won't know how to route any replies.

The wired laptops configuration can be done by hand.

Hope this helps.

Steve

More information about the Sussex mailing list