This post is about the CTWUG setup. I bought all the needed hardware from Scoop and followed the instructions on the CTWUG wiki to get everything working. I then spent a while on their IRC server to find the correct person to connect to, and get an IP range allocated. They allocated 172.18.28.80/29 to me (172.18.28.80-172.18.28.86), with .80 allocated to the wireless radio card and .86 to the MikroTik router. At first I forced IP's and a gateway on each PC on my network, but I wanted a more elegant solution.
The way I decided to go was to put the CTWUG connections on a separate VLAN and to do source and destination NATing.
I connected the MikroTik to port 5 of the TP-LINK router and set that port on a separate VLAN.
Then had to create a separate interface for it with only the VLAN that was just created.
And to get the whole thing working a static route is needed which routes all ctwug traffic (172.18.0.0/16) through the MikroTik.
At this stage I could ping the CTWUG network, but had a problem with the hostname lookups. So under the advanced DHCP options, I entered option 6, which advertises custom DNS servers. And advertised the ctwug DNS server and Telkom DNS server with it. The full command is "6,172.18.1.1,196.43.45.190".
I am now able to access everything on the CTWUG network, but all my devices are behind a masquerade NAT, so I would not be able to access my individual devices from the CTWUG network. I need this if I decide to host a website or any other service on the WUG.
The first part (and I am still looking for a better solution) is to create a few IP aliases so the router responds to ARP requests for those IP's.
And the final part is for the router to actually forward request for those IP's to the correct PC on the local network. For this you need SNAT for outgoing packages and DNAT for incoming packages. I want this to be 1 to 1 NATing, so instead of adding a DNAT and SNAT for each IP, I used the NETMAP iptables option. I first needed to install the iptables-mod-nat-extra package.
I then added two firewall rules to do the NATing. For the destination NAT
iptables -v -t nat -A PREROUTING -i eth0.3 -s 172.18.0.0/16 -d 172.18.28.80/29 -j NETMAP --to 192.168.0.0/29
for the source NAT
iptables -v -t nat -A POSTROUTING -o eth0.3 -s 192.168.0.0/29 -d 172.18.0.0/16 -j NETMAP --to 172.18.28.80/29
This would mean that 192.168.0.1 would be seen as 172.18.28.81 to other people on CTWUG, and similarly up to 192.168.0.6. I also made sure masquerading was enabled (for any IP's not in this range).
That is it! You now have this part of the network:
Torrenting Tip
One problem I still had was that torrents that I wanted to download from CTWUG sometimes used my Internet. The client I use is Transmission and it can use block lists. So I blocked all IP's that are not on the CTWUG network on the Transmission client of the PC I use for my CTWUG torrents.
I did this by adding the lines
other:1.0.0.0-172.17.255.255 other2:172.19.0.0-254.255.255.255
to
~/.config/transmission/blocklists/list.txt
and made sure blocklists were enabled in
~/.config/transmission/settings.json
with the line
"blocklist-enabled": true,
Set up the CTWUG network connection with 1 to 1 NATing and gave a handy torrenting tip.