The Where-Fi data has been uploaded, and a pre-alpha, version is available at http://www.remoteroot.net/wifi.

You’ve been warned, its buggy.

More updates soon.

We’ve been gathering more data for the Where-fi service, in under three hours of driving around a sub-section of Reading we have 2000 plus access points.

This broke the architecture we had for displaying them, so it’s currently down.

A Linksys WRT54G provides a cheap and easy Linux platform in a small physical package. I use the DD-WRT firmware available from www.dd-wrt.com.

Dynamic Network Address Translation maps several internal addresses to a single external address. All connections appear to come from that address. It is desirable sometimes to have static NAT where several external addresses that are forwarded to internal hosts.

For example:

195.167.182.123 -> 10.0.0.1
195.167.182.124 -> 10.0.0.2
195.167.182.125 -> 10.0.0.x

It may be useful to have a “catch all” address that other addresses can be translated to, this is shown in the last line of the example above.

Firstly add the external aliases to the external interface of the WRT54G, which is vlan1.

ifconfig vlan1:1 195.167.182.124 netmask 255.255.255.248 broadcast 195.167.182.127
ifconfig vlan1:2 195.167.182.125 netmask 255.255.255.248 broadcast 195.167.182.127

The catch all address is already specified as the routers external address.

The following IPTables commands will add NAT for these addresses, and ensure all other traffic is translated to the main address.

# Default accept all.
iptables -P OUTPUT ACCEPT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT

# Clear all chains.
cat /proc/net/ip_tables_names | while read table; do
iptables -t $table -L -n | while read c chain rest; do
if test "X$c" = "XChain" ; then
iptables -t $table -F $chain
fi
done
iptables -t $table -X
done

# Reset counters.
iptables -Z

# Allow new connections, to and from the router.
iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
iptables -A OUTPUT -o lo -m state --state NEW -j ACCEPT
# Allow established and related connections.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Nat mapping for 195.167.182.123 -> 10.0.0.1
iptables -t nat -I PREROUTING -i vlan1 -d 195.167.182.123 -j DNAT --to-destination 10.0.0.1
iptables -t nat -I POSTROUTING -o vlan1 -s 10.0.0.1 -j SNAT --to-source 195.167.182.123

# Nat mapping for 195.167.182.124 -> 10.0.0.2
iptables -t nat -I PREROUTING -i vlan1 -d 195.167.182.1241 -j DNAT --to-destination 10.0.0.2
iptables -t nat -I POSTROUTING -o vlan1 -s 10.0.0.2 -j SNAT --to-source 195.167.182.124

# NAT all other connections.
iptables -t nat -A POSTROUTING -o vlan1 -s 10.0.0.0/24 -j MASQUERADE

# Fix mss.
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1421:65535 -j TCPMSS --clamp-ms