Greetings,
I’ve been wrestling with this for two days straight…
I have a Routerboard running a hotspot on 2.9rc7.
The network is 192.168.1.0/24, gateway is .1, and the hotspot’s public IP (eth0) is .25
It’s running the hotspot on a bridged interface of wlan1 and ether1 (if I tried to bridge everything, it stops passing 192.167.1.0/24 traffic the moment I turn the hotspot on).
We have a number of AP’s on ether1 and wlan1 that need to be monitored (some ip’s are 50 and 51).
The hotspot network uses 10.2.7.1. Once we turn the hotspot on, all users can get out without a problem. However, we can’t ping (or monitor) the devices 50 and 51 (which are bridges themselves), since I can’t put eth0 on the bridge.
Devices at 50 and 51 are using .1 as their gateway, but cannot see it, nor can they see the hotspot (25). I can mac-telnet around to my heart’s content.
What can I do? If I bridge everything, all traffic in and out immediately stops when i turn on the hotspot (including users… i’ve tried cancelling out every single dynamic firewall entry to no avail). I’ve tried taking eth0 off of the bridge and adding a .24 address to ther ether1 interface to keep it on the same subnet, but that didn’t help. it lets the users out when eth0 isn’t on the bridge, but nothing past the hotspot interfaces can be pinged or monitored).
What type of configuration do I need to have both the hotspot on, and all devices further inside the network still be accessible from the outside (and vice-versa)? I’ve added ip-bindings, walled garden hosts and ip, and nothing works.
I assume it has something to do with one-to-one nat, but i can’t have it cancel out everything on the 192.168.1.0/24 network.
I can’t seem to come up with a configuration that both lets the users surf, and lets us monitor all devices inside the network. Any ideas will be helpful.
-Craig
