joyk
Posts: 2
Joined: Tue May 28, 2019 9:36 am

use lowered metric NIC while routing wireless access point

Fri Jun 21, 2019 5:01 am

I have connected three wifi adapters to a raspberry zero W.

Which means I have 4 wifi NICs.

I have named them thusly:

Code: Select all

wlan0
tp150
tp300
tpAP
Tp stands for tp-link ; 150,300 stands for 150 Mbps and 300 Mbps ; and tpAP is another Tp-link 300 Mbp that will be used for creating a hostapd Wireless Access Point.

Wlan0 is raspberry zero W's default wifi NIC.

default ip route

Code: Select all

default via 10.10.10.254 dev tp150 src 10.10.10.81 metric 300
default via 10.10.10.254 dev tp300 src 10.10.10.100 metric 400
default via 10.10.10.254 dev wlan0 src 10.10.10.13 metric 600
/etc/dhcpcd.conf

Code: Select all


interface tpAP
        static ip_address=192.168.4.1/24
        nohook wpa_supplicant

interface wlan0
        metric 600

interface tp300
        metric 400

interface tp150
        metric 300
As you can see I have hard coded metric to figure out how to route hostapd traffic in tpAP through a NIC with lower metric. in this case tp300, instead of tp150.

It turns out it is not as simple as I expected.

I have enabled ipv4 forwarding ....

Code: Select all

cat /proc/sys/net/ipv4/ip_forward
1
I have enabled MASQUERADE for tp300.

Code: Select all

sudo iptables -t nat -A POSTROUTING -o tp300 -j MASQUERADE
If instead of tp300, I MASQUERADE on tp150. Everything works as expected BUT I am not interested in passing traffic through tp150.

I am only interested in passing traffic through tp300.

I have been stuck on this problem for 2 weeks.

epoch1970
Posts: 3027
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: use lowered metric NIC while routing wireless access point

Fri Jun 21, 2019 12:16 pm

I'm not sure I see the problem. Why not give tp300 the highest route priority instead of tp150?

Generally speaking route selection in linux does not care about the source. NICs have route prefixes+metrics, the kernel looks at the destination and selects the best matching route hence the NIC to use.
If you want to start the routing process by looking at the NIC, then the route it provides, then send or fail via this interface only, you need source-based routing. Not the easiest path.

A more modern and usable scheme, IMHO, would be to segregate interfaces in a network namespace (the "ip netns" command). Each netns has its own loopback interface, virtual or physical interfaces you add to it, and its own routing table/iptables rules. You could move tp300 and tpAP to a namespace and isolate them. Linux will have no other choice but route tpAP's outgoing traffic via tp300. Complicated but possibly better than source-based routing.
Note that to move a wifi interface to a namespace you need to move its entire phy, eg. phy0 not wlan0, this is done with iw or iwconfig. Every command pertaining to an established ns needs to be prepended with "ip netns foo exec ...", or you can export a shell (ip netns foo exec bash) and work from there.

Of course the easiest by far is to work with networks (add an internal network to pivot from?) and route prefixes.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

joyk
Posts: 2
Joined: Tue May 28, 2019 9:36 am

Re: use lowered metric NIC while routing wireless access point

Tue Jun 25, 2019 9:46 am

Hi epoch1970 !

sorry for the late reply.

Thank you for helping me out.
Complicated but possibly better than source-based routing
Doesn't DHCP create a new routing table whenever you use wpa_supplicant to change between wifi ?

I did it manually using ip rule add , is that what you mean by source-based routing ?
work with networks (add an internal network to pivot from?) and route prefixes.
I am not sure what route prefixes are, or how to work with internal network pivots.

I do not face any pressing problem that requires me to do it, just the fact that i didn't think it would be this difficult to figure out how to route all traffic through a specific NIC. Initially I though it would be one extra option in iptables.

I learnt a lot in how traffic is routed in Linux.

One problem with manual policy making is you need to redo it is you change the static IP of your AP.

I think assigning static IP address is a bad idea since there might be private IP conflict. This is why It makes more sense to assign dynamic static IP to your AP since you cannot know ahead of time what your roaming subnet is.

But this also means dynamic routing table :| ( its turtles all the way down ).

Cheers !

Return to “Networking and servers”