QuickTopic free message boards logo
Skip to Messages

TOPIC:

LazyWeb: One-Armed Airport routing?

^     All messages            4-19 of 19  1-3 >>
19
yhPerson was signed in when posted
12-18-2002
02:14 PM ET (US)
How about, in the starbucks senario mentioned, going through a bluetooth module/USB port? can airport and bluetooth be used simultanuosly, and if so can NAT and Routing work?
18
CheekyGeekPerson was signed in when posted
12-16-2002
12:21 AM ET (US)
This message has nothing to do with this discussion. I just wanted to say that the Anonymous font is ridiculous from a typographic perspective. It mixes serif letters with sans serif letters which looks completely stupid.

Thank you.
17
Glenn FleishmanPerson was signed in when posted
12-14-2002
12:34 PM ET (US)
Technically, there's no reason why a single radio card couldn't handle multiple network connections at the same time on the same channel. The card might have simulate multiple MAC addresses to avoid confusing an access point, but it's mostly about market positioning. There's been no market to have multi-associative Wi-Fi adapters, and I don't know that someone can just hack the firmware, since Wi-Fi firmware has been the toughest nut to crack. A USB adapter is probably the only real way to do what you want to do on an iBook. Or get a Linksys WET11, which is pretty portable, and can proxy over its MAC address using MAC address translation.
16
Cory DoctorowPerson was signed in when posted
12-14-2002
09:19 AM ET (US)
Doing this with 2 radios is trivial -- but impossible with an iBook, which doesn't have a pcmcia cage. This was already coveres upstream.

This ia a discussion of one-armed oruting.
15
Christopher SowadaPerson was signed in when posted
12-14-2002
04:44 AM ET (US)
Who says you only have one radio? Why not take an Airport-equipped PowerBook and add in a Lucent PC Card? There'd still be some software manipulation to do (to include power management; can't imagine the draw with two 802.11b transceivers running simultaneously) however, much of it could tap into the advanced networking in 10.2.

For that matter, USB 802.11b might be a possibility for iBooks, though I'm reluctant to recommend USB as a connection for networking!
14
Cory DoctorowPerson was signed in when posted
12-13-2002
11:22 PM ET (US)
What John Saxton sed: this needs some radio hacking as well as some Ethernet and routing hacking.
13
John SaxtonPerson was signed in when posted
12-13-2002
09:03 PM ET (US)
Using two channels at once when you've only got one radio would be nearly impossible to do acceptably well, IMHO.

Luckily, you wouldn't necessarily have to use two channels at once. It's sub-optimal, but you can put two neighboring APs on the same channel without any dire consequences. Traffic on the two cells would basically be sharing bandwidth, and there'd probably be more collisions, but I doubt anyone would notice the difference.
12
David MercerPerson was signed in when posted
12-13-2002
07:10 PM ET (US)
John hit the nail on the head, it's not a NAT issue you've got going, it's the WiFi gear not being able to be a client of an AP and act as one at the same time that's got you sunk.

I'm not even sure if the Airport card could be hacked to do it, it would take some severe Firmware-fu to get any WiFi gear to talk on 2 channels at once, which is what you're really wanting it to do.
11
John SaxtonPerson was signed in when posted
12-13-2002
06:10 PM ET (US)
I think the bulk of the suggestions so far each miss critical issues. Some address normal (as opposed to "one-armed") NAT, for which all you really need is 10.2.x's "Internet Sharing" feature, but that wasn't what Cory seems to be asking for. Others address one-armed routing and/or NAT, but aren't mindful of issues specific to 802.11's physical and data-link (MAC) layers.

If Cory's iBook is the only Wi-Fi device that can connect to the network, either due to physical-layer antenna/range issues or MAC-layer authentication issues (as some for-pay networks might impose), AND if Cory specifically wants to re-share that unique Wi-Fi connection *via Wi-Fi again*, then setting up one-armed routing or one-armed NAT up at layer 3 (IP) or above isn't a solution. In Cory's scenario, his buddies' machines apparently wouldn't be able to join the pre-existing, restricted Wi-Fi network in the first place, so they wouldn't be able to talk to the NAT gateway on Cory's machine (the connectivity problem is at Layers 1 and 2, not 3).

To do what he wants, Cory would need two radio cards; one to be the client of the existing Access Point (AP), and one to act as another AP or IBSS peer that the buddies can join. Two radio cards isn't easy to do on an iBook. I suppose someone might make a USB-to-Wi-Fi adapter with Mac OS X drivers, but I'm not currently aware of such a product, and it would be a clunky solution anway. If he's okay with carrying an external Wi-Fi device around for this kind of occasion, he may as well use Internet Sharing to share his Wi-Fi connection with Ethernet, and then plug in an AP to share that Ethernet connection wirelessly. A lot of people already carry APs with them when travelling, for use in non-Wi-Fi-equipped hotel rooms. But at the point that you're resorting using a wired Ethernet link as part of the solution, you may as well just hook all your buddies via wired Ethernet to a hub.

To do what Cory wants without external equipment, he'd need a special radio card that could act as both a normal client-of-an-AP and as either an Access Point or an IBSS (ad-hoc, computer-to-computer network) member at the same time. If he THEN set up one-armed NAT as several others have described, his buddies who join his newly-published network would get to ride along on his special connection to the restricted network.

I'm not aware of any card that can do both client mode and {one of AP or IBSS mode} at the same time. The AirPort card in his iBook certainly can't, although almost any existing Wi-Fi card probably has all the necessary hardware, it's just a matter of card firmware and driver changes.

One last note: Not all for-pay Wi-Fi networks do MAC-layer authentication. Some just block unauthorized traffic at an IP firewall somewhere upstream. If Cory was using one of those WISPs, then he'd probably be able to do his one-armed NAT thing and have it work, because his buddies would probably be able to get onto the pre-existing network and see Cory's computer, and once Cory's computer does the NAT translation, the upstream firewall would see those packets as coming from Cory.

Whew. Sorry for the long message. Hope this helps.
10
Dirk-Willem van GulikPerson was signed in when posted
12-13-2002
04:25 PM ET (US)
Not sure why you need this on macosx - when we have this situation on the boat we usually use the 'Share' panel on the connected machine- and simply share ethernet/wireless and NAT through whatever net connection you have as appropriate. Works for wired, wireless, PPPoE, AOL crap, VPN's (PPTP en IPsec) and of course things like ppp to GPRS.

Note that your internet traffic will go through the existing route; the wire/wireless net is a 10.0.0/24 dhcp-ed.

If you want to; you can do it manually with

 sudo -s
 /sbin/ifconfig en1/0 -> real IP is OLD
 /sbin/ifconfig en0/1 alias 10.0.0.1
 sysctl -w net.inet.ip.forwarding=1
 /usr/sbin/natd -alias_address OLD -use_sockets -same_ports -unregistered_only
 bootpd (assuming you set up the file for 10.0.0/24)

You can also specify the settings on the cmd line if you want for bootpd.

But that is basically what you do when you use the Share option. (Preferences -> "Internet & Network" -> Sharing.

Note that for silly reasons it only works if you already have an internet connection. You can spoof that with a cable if needed.
Edited 12-13-2002 04:27 PM
9
Tom CrossPerson was signed in when posted
12-13-2002
01:30 PM ET (US)
I'll provide outline information here. Someone else can make this pretty for people who aren't comfortable with unix.

First, you want to create a subinterface. For physical ethernet interfaces this is real easy in OSX, as you can just "duplicate" the interface in System Preferences, but for some reason it doesn't allow you to duplicate your wireless card.

Whatever. Open a terminal and sudo to root. ifconfig is a command that shows you your network interfaces.

ifconfig -a

will show you all of the network interfaces on your machine. On my ibook my wireless card shows up as en1, so I can create a subinterface, or alias, by typing:

ifconfig en1 alias 192.168.1.1 255.255.255.0

If you do this, make sure that: 1. Appletalk is turned off. 2. You are using a different IP address range then the one currently configured on the interface.

Once you've done this, you can tell your computer to route by typing this:

sysctl -w net.inet.ip.forwarding=1

If you want this stuff to survive a reboot, you'll have to create a startup script for it. There is some information about that here:

http://www.afp548.com/Articles/Jaguar/startupitems.html

If you need to do NAT then you should look at these articles:

http://www.afp548.com/Articles/system/natserver.html
http://www.afp548.com/Articles/Jaguar/nat-ipfw.html

Some of this stuff is OSX server specific, like serving DHCP. There IS a way to serve DHCP on any OSX machine, probably involving a fink package, but I don't have time to research it right now.

If you are not serving DHCP, the obviously your friends who are connecting through you will have to configure their network interfaces with IPs in the range you've setup and with you as their default gateway.

I haven't fully tested this. Its a little odd that the control panel doesn't let you dupe the wireless card, but I can't think of a good reason why this wouldn't work. You can certainly create aliases on the command line.

Hope this is useful...
8
Rob McNair-HuffPerson was signed in when posted
12-13-2002
01:28 PM ET (US)
If there is a shell script to get this kind of relaying of a wireless connection working, then the simple way to finish the task is to create an AppleScript to run the shell script on your command to enable or disable the relaying...

Just thinking out loud.
7
Michael SlavitchPerson was signed in when posted
12-13-2002
01:19 PM ET (US)
has anyone just tried doing "route add -net <networkname> ifname" at the shell level? Unless they block at the kernel this would do the trick.


In /etc/hostconfig do this first:

ROUTER=-YES-
Edited 12-13-2002 01:23 PM
6
Rob McNair-HuffPerson was signed in when posted
12-13-2002
10:40 AM ET (US)
If you can come up with the right command line incantation to make this work I will sure be interested in seeing it. It sounds like it would be really useful, although if it became something in widespread use than I am sure the folks at T-Mobile and other commercial Wi-Fi networks will be less than pleased...

BTW, I did a little test on my own to confirm that Apple's built in Software Base Station capabilities in OS X 10.2.2 won't let me relay a connection to another Wi-Fi connected laptop here in my home office. When I tried to do this I connected one PowerBook to another using my Pismo as the relay, the two computers would connect but in the process it cut off my Pismo's connection to the wireless network here at home, defeating the whole purpose of the exercise...
5
Cory DoctorowPerson was signed in when posted
12-13-2002
10:25 AM ET (US)
Hrm. IPNetShare appears not to be the right tool. The free version does not come with support, and, as soon as I launched it, it told me that my trial period had expired and then quit So fuggetit, I think. Life's too short. Not to mention, woo, what a crappy clickthrough license.

I think I really want to accomplish this from the command line. If nothing else, turning this into a command-line recipe would allow people to google up the formula over, say, a cellphone's WAP browser and rekey it into a laptop -- IOW, I don't want people to have to have Internet access in order to GET Internet access.
4
Cory DoctorowPerson was signed in when posted
12-13-2002
10:16 AM ET (US)
Rob, that's great info (though I suspect that we don't need Sustworks to do this; but rather the proverbial "very small shell-script"). I'm reminded of a $89 piece of Sustworks software that I used to use to reduce my Ethernet's MTU to 1484 that I was able to replace under OS X with the command-line, "ifconfig en1 MTU 1484."

The use-case with T-Mobile at a Starbucks is a good one, though you might prefer to think of me with my iBook (and its industry-leading antenna) being within range of a WiFi net that you can't receive on your TiBook, and so I republish it for your benefit.

I thought about doing this with two radios -- it's a tricky bit to do with an iBook given the lack of a PCMCIA cage, but you could, for example, plug a Linksys WET-11 into the the Ethernet interface, but that's a lot less sexy than real one-armed routing with its universality.

I'll try out the Sustworks app -- thanks for the tip!
^     All messages            4-19 of 19  1-3 >>

Print | RSS Views: 1718 (Unique: 1125 ) / Subscribers: 1 | What's this?