I have a Raspi in the shack connected via ethernet to my node to host meshchat and the onboard camera.
I know enough to think it should be possible to bridge the WAN vlan of the node to my home router via wifi from the pi. However, all the linux networking configuration tutorials I've found seem to assume I already know what I'm doing (big mistake).
Can anyone walk me though it?
PS I'd like the Pi to have internet access at the same time, either directly or roundabout through the node.
I know enough to think it should be possible to bridge the WAN vlan of the node to my home router via wifi from the pi. However, all the linux networking configuration tutorials I've found seem to assume I already know what I'm doing (big mistake).
Can anyone walk me though it?
PS I'd like the Pi to have internet access at the same time, either directly or roundabout through the node.
If you simply want access to the camera, meshchat and ssh servers on the RPi, then define those services on the serving node's Port Forwarding table on the node's gui.
If you want access to them from outside your home, then you will need to forward ports on your home router in its forwarding table. You will need to translate external ports to internal address and port combinations. Some carriers block ports so you may need to experiment.
73,
Gordon, W2TTT
201.314.6964
Bridge one network to another.
https://wiki.debian.org/BridgeNetworkConnections#Manual_bridge_setup
POS you will bridge your home network to the mesh.
CON you will bridge the AREDN network to your home network. We will see your computers.
I would read up on iptables (Firewall rules)
I use a mikrotik router. I can route and firewall both networks. Cheap 100 bucks amazon or ebay.
David
"CON you will bridge the AREDN network to your home network. We will see your computers."
That's not my intention - I simply want to give the node an internet connection, the same way you would with a managed switch to connect vlan1 to a WAN router.
NOTE: WiFi to Ethernet bridging is a hodgepodge of issues, you will want to research them to understand all limitations this may have however it should provide st least a functional base to work with.
- get a VLAN switch
- plug your node into it
- plug your Pi into it (node's LAN port)
- plug your home network into the switch's WAN VLAN port
- leave the "Mesh Gateway" unchecked.
Your node will have internet. (ie. home network access)Your pi will have internet via the node. (ie. home network access)
You will NOT be "sharing" internet across the mesh
If I keep "Mesh Gateway" checked, the entire mesh have internet access through my home internet connection.
Can you confirm that in addition, anyone on the mesh will be essentially "inside" my home network?
If you get the "Mesh Gateway", you are broadcasting to the entire mesh that if their traffic cannot be routed locally, then, send it out YOUR "WAN" port.
In retrospect it seems obvious but I was not aware of it initially. Perhaps some cautionary note should be added to the docs.
"When a node has internet access from either the WAN or LAN, that access is available to the node itself and to any computer connected to the LAN port. When the Mesh Gateway is enabled this node will gate(route) traffic from the mesh onto this network and the internet. "
If you feel it isn't enough an enhancement ticket in bloodhound (http://bloodhound.aredn.org) wouldn't hurt (bonus points for a suggested wording)
First of all, I realize this is an old thread. But in reading it, I realized that I may have an alternative to the problem you have with the mesh "seeing" your home network. My home router has a "Guest WiFi" capability, as well as the normal WiFi. It gives the devices internet access but isolates them from your home network. Using that, you could connect the R-Pi to the Guest WiFi instead of your normal WiFi. While the Mesh would be able to use your Internet, they wouldn't see your LAN at all.
Just my .02 worth in case someone else is considering this (especially since I'm considering almost the exact same setup as you have).
Have a great day. :)
Patrick.
Can I replace the VLAN switch with a correctly configured linux computer?
If so, does anyone have step-by-step instructions for said configuration they can share?
If not, never mind.
Yes, you will need a NIC that supports tagging, like a server NIC or the higher end Intel NICs.
As I noted above even the Pi can do it with the eth0.1 interface.
The real trick to all of this is being skilled enough at Linux networking to know how to do it. I’m sorry to say however I don’t have the time to sit down and do a step by step howto that goes into all the unique issues that can come up especially around WiFi bridging.
I’ll be honest your post above about the network switch is ultimately the easiest (and honestly more reliable way IMHO) to do it but it’s certainly not as rare a capability as high end server gear.
Mesh node - ethernet - Ubuntu laptop - wifi - home router
edit connections>add>vlan
select eth0 as the parent interface (not "wired connection 1 as eth0")
select vlan id 1
under ipv4 settings tab select "shared to other computers"
on the node:
select: disable default route
Seems to work. if I enable mesh gateway all the nodes get internet.
M0N0wall has vlan support.
Amazon 4 port nic. http://a.co/iY8rXaI
You can use a MikroTik router. http://a.co/3xVVmkg i.e. not all MikroTik routers has 10/100/1000 ports. Also MikroTik does not support AREDN MESH network via WiFi.
I use the MikroTik router. I configured it to have multiple LANs. I can use AREDN as a back up (2 WANs) if needed.
But for fun check out HSMM-Pi. Google it. It worked for me. Play around with it..
David
Sorry Thomas, Your first questions was how to route Raspberry Pi's network port to WiFi.
Check this out. https://www.revsys.com/writings/quicktips/nat.html
You'll still need to read up on iptables.
David
When you have already used eth0 and are needing a second network connection to/from a Raspberry PI, the natural inclination is to use WiFi/wlan0. I solved several issues doing this for a couple PI3s earlier, but then worried about all that extra 2.4G floating around and burning up power to produce heat, not to mention it felt kinda sloppy to use WiFi (I prefer hard-wired).
Then I realized that I could use an inexpensive 2.0 USB-to-Ethernet adapter for my second [wired] connection (eth1) and then turn off WiFi (and BT as well) on the PI3 (in boot/config.txt).
So, whether you're building a bridge or just wanting to stand in two different worlds/networks at the same time, get one and check it out. You can get a pack of two white ones at Amazon for $13 (and even write on them; you do NOT need or even want USB3):
https://smile.amazon.com/gp/product/B017NI9MAU
HTH.
- Don - AA7AU